Shibarium
Badges
About
Shibarium is an EVM-compatible, proof of stake sidechain for Ethereum. It is built by developers behind the Shiba Inu token ecosystem. The main bridge to Ethereum is currently validated by Shibarium validators and allows for asset as well as data movement... between Shibarium and Ethereum.
Badges
About
Shibarium is an EVM-compatible, proof of stake sidechain for Ethereum. It is built by developers behind the Shiba Inu token ecosystem. The main bridge to Ethereum is currently validated by Shibarium validators and allows for asset as well as data movement... between Shibarium and Ethereum.
Why is the project listed in others?
Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.
Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.
Learn more about the recategorisation here.
2024 Apr 18 — 2025 Apr 18
Funds can be stolen if
- validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum,
- validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds,
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
- the source code of unverified contracts contains malicious code (CRITICAL).
Users can be censored if
Users can submit transactions to an L1 queue, but can’t force them. The sequencers cannot selectively skip transactions but can stop processing the queue entirely. In other words, if the sequencers censor or are down, they are so for everyone.
Currently the system permits invalid state roots. More details in project overview.
Proof construction and state derivation rely fully on data that is NOT published onchain.
There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
No state validation
As a fork of Polygon PoS, state updates are supposed to be settled if signed by at least 2/3+1 of the Shibarium validators stake, without checking whether the state transition is valid. Since some contracts are not verified, it is not possible to verify the exact mechanism.
Users can be censored if validators on Shibarium decide to not mint tokens after observing an event on Ethereum.
Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum.
Funds can be stolen if validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds.
Ethereum
Actors:
- Is allowed to interact with DepositManager - can update the root chain it references.
- Is allowed to interact with SlashingManager - can update how much of the slashed funds go to the proposer and reporter.
- Is allowed to interact with RootChain - can delete arbitrary checkpoints.
- Can upgrade the implementation of ERC1155Predicate, MintableERC721Predicate, RootChainManager, StakeManager, ERC20Predicate, ERC721Predicate, EtherPredicate.
Ethereum
Main configuration contract to manage tokens, token types, escrows (predicates) for given token types. It also serves as an entry point for deposits and withdrawals effectively acting as a token router.
Smart contract allowing whitelisted addresses to send messages to contracts on the child chain.
Contains logging and getter functions about staking.
The source code of this contract is not verified on Etherscan.
The source code of this contract is not verified on Etherscan.
This contract can store any token.
NFTs used to represent a withdrawal in the withdrawal PriorityQueue (Only used for tokens initially deposited via DepositManager).
Contract to deposit and escrow ETH, ERC20 or ERC721 tokens. This contract can store any token.
Contract that allows the consensus supermajority to slash validators.
The source code of this contract is not verified on Etherscan.
This contract stores the following tokens: ETH.
Simple contract that allows the owner to call an update function on arbitrary contracts.
Contract storing chain checkpoints. Note that validity of these checkpoints is not verified, it is assumed to be valid if signed by 2/3 of the validators.
The source code of this contract is not verified on Etherscan.
The source code of this contract is not verified on Etherscan.
Maintains the addresses of the contracts used in the system.
Value Secured is calculated based on these smart contracts and tokens:
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).