L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Synapse logoSynapse

Synapse is a token bridge leveraging a validator between chains and liquidity pools to perform cross-chain and same chain swaps.
  • Total value locked
    $25.07 M6.02%
  • Destination
    Various
  • Validated by
    Third Party
  • Type
    Hybrid
  • ...

    Risk summary
    Technology

    Principle of operation

    Synapse leverages cross-chain messaging to transfer tokens from Ethereum to other chains and vice-versa. The external actor is observing events on supported chains and manages funds accordingly. The tokens are swapped using a typical lock-mint bridge with a wrapped asset on the other chain, or are provided via liquidity pools, where the user funds are converted to a stable on one end and on the other end synthetic stablecoin nUSD is minted and immediately swapped to a given token.

    Transfers are externally verified

    External actor observe events on Ethereum and transfer funds to other bridges. The same happens when bridging back to Ethereum, external actor instructs EOA to perform withdraw on users account.

    • Users can be censored if nodes decide not to transfer tokens after observing an event on Ethereum (CRITICAL).

    • Funds can be stolen if nodes decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

    • Funds can be stolen if nodes decide to withdraw all the funds from the Ethereum Contract (CRITICAL).

    Destination tokens

    Type of the token received on the destination chain depends on the token, if it is native to this chain user will receive canonical token. If the bridged token is not native to the destination chain then user will end up with wrapped version, the contract is called BridgeToken and is upgradable.

    • Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).

    Permissions

    The system uses the following set of permissioned addresses:

    Bridge Multisig 0x67F6…1A55

    Manages the bridge parameters and can upgrade its implementation, in case of malicious upgrade user’s funds can be lost. Additionally it manages Liquidity Pool with the permissions to mint new tokens. This is a Gnosis Safe with 2 / 3 threshold.

    Bridge Multisig participants 0xb3DA…4e150x9Ce9…38f30x0d74…D5BC

    Those are the participants of the Bridge Multisig.

    Nodes (NODEGROUP_ROLE) 0x230A…f21b

    Is an executor who can call regular bridging functions like withdrawing funds and minting SynERC20 Wrapped tokens.

    Governors (GOVERNANCE_ROLE) 0x67F6…1A550xa31C…958D

    Can set bridging fees, pause and unpause the SynapseBridge contract.

    Admin (DEFAULT_ADMIN_ROLE) 0x67F6…1A55

    Can call setWethAddress() on the SynapseBridge contract.

    Smart contracts

    The system consists of the following smart contracts:

    L1BridgeZap 0x6571…D85F

    Entry point for deposits. Acts as a relayer between user and escrow, enabling token swap feature.

    Main escrow contract where all the funds are being held, the address with certain privileges can perform withdraw on user’s behalf. This contract stores the following tokens: ETH, WETH, FRAX, USDT, USDC, WBTC, DAI, gOHM.

    Liquidity Pool 0x1116…f2d8

    Contract utilized as Liquidity Pool, allowing users to bridge their tokens to canonical versions on Ethereum. This contract stores the following tokens: USDT, DAI, USDC.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is a 3 minutes delay on code upgrades.

    If you find something wrong on this page you can submit an issue or edit the information