L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Synapse logoSynapse


...


Tokens:

Description

Synapse is a token bridge leveraging a validator between chains and liquidity pools to perform cross-chain and same chain swaps.

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary

Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.

Technology

Principle of operation

Synapse leverages cross-chain messaging to transfer tokens from Ethereum to other chains and vice-versa. The external actor is observing events on supported chains and manages funds accordingly. The tokens are swapped using a typical lock-mint bridge with a wrapped asset on the other chain, or are provided via liquidity pools, where the user funds are converted to a stable on one end and on the other end synthetic stablecoin nUSD is minted and immediately swapped to a given token.

Transfers are externally verified

External actor observe events on Ethereum and transfer funds to other bridges. The same happens when bridging back to Ethereum, external actor instructs EOA to perform withdraw on users account.

  • Users can be censored if nodes decide not to transfer tokens after observing an event on Ethereum (CRITICAL).

  • Funds can be stolen if nodes decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

  • Funds can be stolen if nodes decide to withdraw all the funds from the Ethereum Contract (CRITICAL).

Destination tokens

Type of the token received on the destination chain depends on the token, if it is native to this chain user will receive canonical token. If the bridged token is not native to the destination chain then user will end up with wrapped version, the contract is called BridgeToken and is upgradable.

  • Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).

Permissioned Addresses

The system uses the following set of permissioned addresses:

Bridge Governance 2/3 MultiSig 0x67F6…1A55

Manages the bridge parameters and can upgrade its implementation, in case of malicious upgrade user's funds can be lost. Additionally it manages Liquidity Pool with the permissions to mint new tokens.

Participants in Bridge Governance 2/3 MultiSig 0xb3DA…4e150x4298…36730x0d74…D5BC

Can sign the transaction which will be executed by the Multisig contract.

Can withdraw funds and mint SynERC20 Wrapped tokens.

Smart Contracts

The system consists of the following smart contracts:

L1BridgeZap 0x6571…D85F

Entry point for deposits. Acts as a relayer between user and escrow, enabling token swap feature.

Main escrow contract where all the funds are being held, the address with certain privileges can perform withdraw on user's behalf. This contract stores the following tokens: ETH, WETH, FRAX, USDT, USDC, WBTC, DAI, gOHM.

Liquidity Pool 0x1116…f2d8

Contract utilized as Liquidity Pool, allowing users to bridge their tokens to canonical versions on Ethereum. This contract stores the following tokens: USDT, DAI, USDC.

The current deployment carries some associated risks:

  • Funds can be stolen if a contract receives a malicious code upgrade. There is a 3 minutes delay on code upgrades.