L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!


...


Tokens:

Knowledge Nuggets

Description

This project includes unverified contracts (CRITICAL).

StarGate is built on top of LayerZero protocol and is a liquidity network for cross-chain transfer for assets. It leverages an oracle and relayer for cross-chain security for the protocol.

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary

Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.

Technology

Principle of operation

StarGate is a Liquidity Network. It relies on liquidity providers to supply tokens to liquidity pools on each chain. Users can swap tokens between chains by transferring their tokens to a pool and receive token from the pool on the destination chain.

Oracles and relayers

Note: This section requires more research and might not present accurate information.

StarGate is built on top of LayerZero protocol. LayerZero relies on oracles to periodically submit source chain block hashes to the destination chain. Once block hash is submitted, relayers can provide the merkle proof for the transfers / swaps.

  • Users can be censored if oracles or relayers fail to facilitate the transfer (CRITICAL).

  • Funds can be stolen if oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer (CRITICAL).

Permissions

The system uses the following set of permissioned addresses:

StarGate Multisig 0x65bb…9705

Bridge owner, can create new pools, chainpaths, set fees. This is a Gnosis Safe with 3 / 6 threshold.

Those are the participants of the StarGate Multisig.

LayerZero Multisig 0xCDa8…4C92

The owner of Endpoint, UltraLightNode and Treasury contracts. Can switch to a new UltraLightNode for an Endpoint. Can switch proof library for an UltraLightNode and change Treasury. This is a Gnosis Safe with 2 / 5 threshold.

Those are the participants of the LayerZero Multisig.

LayerZero Relayer 0x902F…089E

Contract authorized to relay messages and - as a result - withdraw funds from the bridge.

LayerZero Relayer Admin owner 0x76F6…d6e5

Can upgrade LayerZero relayer contract with no delay.

LayerZero Oracle Admin owner 0x7B80…e6c8

Can upgrade LayerZero oracle contract with no delay.

Smart Contracts

Note: This section requires more research and might not present accurate information.

The system consists of the following smart contracts:

Entry point for the user interaction with StarGate Bridge, handles the logic of swaps and adding liquidity, send messages to the bridge.

Main bridge contract, receives messages from LayerZero Endpoint, stores bridge configuration.

Endpoint 0x66A7…d675

LayerZero Ethereum Endpoint.

UltraLightNode 0x5B19…8C1C

LayerZero UltraLight Node. Used by oracles to checkpoint source chain block hashes.

UltraLightNodeV2 0x4D73…78E2

LayerZero UltraLight Node.

USDC Pool 0xdf07…FF56

USDC Pool. This contract stores the following tokens: USDC.

USDT Pool 0x38EA…D783

USDT Pool. This contract stores the following tokens: USDT.

StargateEthVault 0x72E2…eD9c

ETH Pool. This contract stores the following tokens: ETH.

The current deployment carries some associated risks:

  • the source code of unverified contracts contains malicious code (CRITICAL).