Search

Search for projects by name

Value SecuredActivityData postedRisk summaryRisk analysisData availabilityState validationPermissionsSmart contracts

Eclipse logo
Eclipse

Badges

About

Eclipse is a sidechain powered by the Solana Virtual Machine (SVM).

  • Total Value SecuredTVS
    $11.04 M5.09%
  • Past day UOPSDaily UOPS
    11.3110.3%
  • Type
    Other
  • Purpose
    Universal

    • Tokens breakdown

    Value secured breakdown

    View TVS breakdown
    Sequencer failureState validationData availabilityExit windowProposer failure
    Explore more in Discovery UI

    Badges

    About

    Eclipse is a sidechain powered by the Solana Virtual Machine (SVM).

    Why is the project listed in others?

    The proof system isn't fully functional

    Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.

    There is no data availability bridge

    Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

    Learn more about the recategorisation here.

    Value SecuredView TVS breakdown
    Total
    Canonically BridgedCanonically Bridged ValueCanonical
    Natively MintedNatively Minted TokensNative
    Externally BridgedExternally Bridged ValueExternal
    ETH & derivatives
    Stablecoins
    BTC & derivatives
    Other
    View TVS breakdown
    Activity

    2024 Nov 26 — 2025 Nov 26

    Past Day UOPS
    11.30
    Past Day Ops count
    976.82 K
    Max. UOPS
    3.46 K
    2025 Mar 30
    Past day UOPS/TPS Ratio
    1.00
    Data posted

    This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data toCelestiaCelestia.

    2024 Nov 26 — 2025 Nov 26

    Data posted
    2476.64 GiB
    Avg size per day
    6.75 GiB
    Avg size per L2 UOP
    119.58 B
    Risk summary

    Funds can be stolen if

    1. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
    2. the Treasury owner decides to transfer the funds locked on L1.

    Funds can be frozen if

    1. celestia becomes unavailable and transaction data cannot be retrieved.

    Users can be censored if

    1. the bridge operators decide not to mint tokens after observing a deposit.
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    No mechanism

    There is no mechanism to have transactions be included if the sequencer is down or censoring.

    State validation
    None

    Currently the system permits invalid state roots. More details in project overview.

    Data availability
    External

    Proof construction and state derivation fully rely on data that is posted on Celestia. Sequencer tx roots are not checked against the Blobstream bridge data roots onchain, but L2 nodes can verify data availability by running a Celestia light client.

    Exit window
    None

    There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

    Proposer failure
    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

    Data availability

    Data is posted to Celestia

    Eclipse uses Celestia for data availability.

    There is no automatic fallback mechanism to Ethereum for data availability. If Celestia becomes unavailable, the chain relies entirely on Celestia for transaction data recovery.

    • Funds can be frozen if celestia becomes unavailable and transaction data cannot be retrieved.

    1. Eclipse Celestia Integration
    Learn more about the DA layer here: Celestia logoCelestia
    State validation
    No state validation

    Eclipse implements a custom permissioned bridge. Withdrawals need to be actively authorized by a Multisig. Moreover, there is no mechanism to send arbitrary messages from Eclipse back to Ethereum. There is a 7d delay for withdrawals.

    • Users can be censored if the bridge operators decide not to mint tokens after observing a deposit.

    • Funds can be stolen if the Treasury owner decides to transfer the funds locked on L1.

    1. CanonicalBridge.sol - Etherscan source code, authorizeWithdraw() function
    2. Mailbox.sol - Etherscan source code, receiveMessage() function calls CanonicalBridge
    3. Treasury.sol - Etherscan source code, emergencyWithdraw() function
    Permissions
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco

    Ethereum

    Actors:

    Eclipse Multisig 0x4720…64E0

    A Multisig with 3/4 threshold.

    • Can interact with CanonicalBridgeV3
      • authorize withdrawals to any address
      • grant / revoke all access control roles and thus access all permissioned functions in the contract
      • pause the contract for deposits and withdrawals
    • Can interact with Upgrader0to1
      • start an upgrade of the core contracts
    • Can interact with Treasury
      • grant / revoke all access control roles and thus access all permissioned functions in the contract

    Participants (4):

    0xBb53…D5470x9508…B2a50x7572…BFc20xF48C…46FA
    Eclipse Multisig 2 0x7B2c…0efC

    A Multisig with 3/5 threshold.

    • Can upgrade with no delay
      • Treasury
    • Can interact with Treasury
      • grant / revoke all access control roles and thus access all permissioned functions in the contract
      • withdraw ETH from the contract, even when it is paused
      • withdraw ETH from the contract

    Participants (5):

    0xd061…cDb5GnosisSafe0xDecF…96860xEe05…82D90x3392…C080
    EOA 1 0x1a84…C4fE
    • Can interact with CanonicalBridgeV3
      • authorize withdrawals to any address
    Smart contracts
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    CanonicalBridgeV3 0x5043…b30a

    Entry point to deposit and withdraw ETH. There is no canonical messaging system. Deposited funds are sent to a Treasury contract and withdrawals must be authorized by a permissioned actor.

    • Roles:
      • defaultAdmin: Eclipse Multisig
      • pauser: Eclipse Multisig
      • withdrawAuthority: EOA 1, Eclipse Multisig
    Treasury 0xD7E4…E644Implementation (Upgradable)Admin

    Permissioned escrow for assets bridged to Eclipse. There is no canonical messaging and users need to trust the bridge operators to process deposits and authorize withdrawals.

    • Roles:
      • defaultAdmin: Eclipse Multisig, Eclipse Multisig 2
      • emergency: Eclipse Multisig 2, Upgrader0to1
      • upgrader: Eclipse Multisig 2, Upgrader0to1
      • withdrawer: CanonicalBridgeV3, Eclipse Multisig 2
    • This contract stores the following tokens: ETH.
    Can be upgraded by:
    Eclipse Multisig 2 with no delay
    Upgrader0to1 0xD02f…71E3

    This contract was used for an upgrade an still retains its permissions and permissioned actors.

    • Roles:
      • upgrader: Eclipse Multisig

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).