L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!
Synapse
...
Choose token
Wrapped Ether (WETH)
Governance OHM (gOHM)
Tether USD (USDT)
USD Coin (USDC)
Dai Stablecoin (DAI)
Ether (ETH)
Frax (FRAX)
Wrapped BTC (WBTC)Funds can be stolen if
- nodes decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
- nodes decide to withdraw all the funds from the Ethereum Contract (CRITICAL),
- destination token contract is maliciously upgraded or not securely implemented (CRITICAL),
- a contract receives a malicious code upgrade. There is a 3 minutes delay on code upgrades.
Users can be censored if
Principle of operation
Synapse leverages cross-chain messaging to transfer tokens from Ethereum to other chains and vice-versa. The external actor is observing events on supported chains and manages funds accordingly. The tokens are swapped using a typical lock-mint bridge with a wrapped asset on the other chain, or are provided via liquidity pools, where the user funds are converted to a stable on one end and on the other end synthetic stablecoin nUSD is minted and immediately swapped to a given token.
Transfers are externally verified
External actor observe events on Ethereum and transfer funds to other bridges. The same happens when bridging back to Ethereum, external actor instructs EOA to perform withdraw on users account.
Users can be censored if nodes decide not to transfer tokens after observing an event on Ethereum (CRITICAL).
Funds can be stolen if nodes decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if nodes decide to withdraw all the funds from the Ethereum Contract (CRITICAL).
Destination tokens
Type of the token received on the destination chain depends on the token, if it is native to this chain user will receive canonical token. If the bridged token is not native to the destination chain then user will end up with wrapped version, the contract is called BridgeToken and is upgradable.
Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).
The system uses the following set of permissioned addresses:
Manages the bridge parameters and can upgrade its implementation, in case of malicious upgrade user’s funds can be lost. Additionally it manages Liquidity Pool with the permissions to mint new tokens. This is a Gnosis Safe with 2 / 3 threshold.
Those are the participants of the Bridge Multisig.
Is an executor who can call regular bridging functions like withdrawing funds and minting SynERC20 Wrapped tokens.
Can set bridging fees, pause and unpause the SynapseBridge contract.
Can call setWethAddress() on the SynapseBridge contract.
The system consists of the following smart contracts:
Entry point for deposits. Acts as a relayer between user and escrow, enabling token swap feature.
Main escrow contract where all the funds are being held, the address with certain privileges can perform withdraw on user’s behalf. This contract stores the following tokens: ETH, WETH, FRAX, USDT, USDC, WBTC, DAI, gOHM.
Contract utilized as Liquidity Pool, allowing users to bridge their tokens to canonical versions on Ethereum. This contract stores the following tokens: USDT, DAI, USDC.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is a 3 minutes delay on code upgrades.
