Ronin V3
About
Ronin Bridge V3 is the official bridge for the Axie Infinity chain (Ronin chain). It uses external validators to confirm deposits for a typical Token Bridge swap.
About
Ronin Bridge V3 is the official bridge for the Axie Infinity chain (Ronin chain). It uses external validators to confirm deposits for a typical Token Bridge swap.
2024 Apr 22 — 2025 Apr 22
Funds can be stolen if
- validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum,
- malicious validators generate signature of a fake withdrawal request,
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Funds can be frozen if
Transfers are externally verified
A Ronin Bridge service watches for events on Ethereum and transmits those events to a contract on Ronin chain (Axie Infinity chain). Designated group of weighted validators vote on the validity of those events, and when acknowledged, a “representation token” is minted on the Ronin chain. To withdraw tokens, user needs to deposit them to a contract on the Ronin chain, which will generate an event to be picked by the validators. When validators acknowledge the event, they generate signature, which can be submitted to the Ethereum bridge contract to finalize the withdrawal. Ronin V2 introduced multi-tier withdrawal limits dependent on the overall value of the transaction and the token used. The higher value of transaction, the more validators need to vote to approve withdrawal request. There is a separate group of actors called “governors” who are able to change thresholds, add/remove validators and update contracts. Each validator has a corresponding weighted governor account. There is also a daily withdrawal limit. If it’s crossed, an address from a list of “Withdrawal unlockers” needs to participate in the transaction.
Users can be censored if validators decide to not approve a token mint after observing an event on Ethereum.
Users can be censored if validators decide not to sign withdrawal requests.
Funds can be stolen if validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum.
Funds can be stolen if malicious validators generate signature of a fake withdrawal request.
Funds can be frozen if withdrawal limits are misconfigured.
Destination tokens
Tokens transferred end up as wrapped ERC20/ERC721.
Ethereum
Actors:
List of operators that can validate incoming messages. Transfer needs to be signed by 70% out of 22 Operators.
List of governors that can update their corresponding operators, upgrade and change bridge parameters.
A Multisig with 2/3 threshold. Admin of the Ronin Bridge, can change Sentry Account and accounts able to unlock withdrawals. This is a non-standard MultiSig with 2 / 3 threshold.
A Multisig with 3/5 threshold. Can upgrade the bridge and the MainchainBridgeManager instantly by being Admin of the latter. Can add and remove sentries (un-/pausers).
An address that can pause the bridge in case of emergency (can be another contract).
These accounts can pause and unpause the bridge through the PauseEnforcer.
These accounts can add and remove sentries (bridge pause-/unpausers) in the PauseEnforcer.
Addresses that can unlock withdrawals.
Ethereum
Bridge contract handling deposits and withdrawals. Currently being deprecated. An address with the Migrator role can move all funds to the new escrows. This contract stores the following tokens: ETH, AXS, WETH, USDC, SLP, USDT, MATIC, LINK.
Contract storing all operators, governors and their associated weights. It is used to manage all administrative actions of the bridge.
Contract owning the emergencyPauser role in the MainchainGateway and managing its access control.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).