Brink

Announcing the Open Intents Framework ✨ Ecosystem-wide interop, accelerated by 30+ teams from all corners of Ethereum. A modular, open framework to make it seamless for any chain to get intents into the hands of users & improve cross-chain UX. ➡️ openintents.xyz

❓How has the Chain Abstraction evolved? ❓What drives demand? ❓Are there liquidity challenges? @MikeCalvanese and @andrew311, co-founders of Nomial, have a conversation with @ethanfr, Head of Developer Relations at @ParticleNtwrk, on these questions and more. Check out the full conversation on the evolution and impact of Chain Abstraction on Youtube: youtube.com/watch?v=RLQ3w0… #Web3 #ChainAbstraction

🌐Web3 Interop: The Power of Abstraction We'll be chatting with @SocketProtocol and @nomial_io tomorrow for the second installment of our Chain Abstraction chats, where we discuss the future of an interoperable Web3 experience. Link below to join 👇 🗓️ Wednesday, 11/6/2024 ⏰ 10:00 AM PST x.com/i/spaces/1ypJd…

🌐Web3 Interop: The Power of Abstraction We'll be chatting with @SocketProtocol and @nomial_io tomorrow for the second installment of our Chain Abstraction chats, where we discuss the future of an interoperable Web3 experience. Link below to join 👇 🗓️ Wednesday, 11/6/2024 ⏰ 10:00 AM PST x.com/i/spaces/1ypJd…

1/4 We're excited to announce our partnership with @nomial_io , the first open liquidity network built for the modular DeFi ecosystem. Mach intends to support liquidity providers (fillers) within our intent network by providing them access to Nomial's extensive liquidity pools across multiple blockchain networks.

Why is Everyone Quiet about the Cross-Chain Honey Pots? $10B+ at risk? This post will cover: 1. DVNs on @LayerZero_Fndn 2. ISMs on @hyperlane 3. OFTs & Warp Assets 4. Non-dormant addresses on @ether_fi and @renzoai multisigs "Decentralised Verifier Network" aka DVNs by LayerZero LayerZero Labs DVN: 2/3 multisig Nethermind DVN: 1/1 multisig Stargate DVN: 1/1 Google Cloud DVN: 2/3 Horizen DVN: 2/2 Source: You gotta go to Etherscan and call the signerSize and quorum functions. Here are the contracts: Link [1] (in the reply) Note: There is no guarantee that these multisigs are actually distributed and not maintained by a single person like in the case of Multichain. The name "DVN" itself is misleading. It certainly mislead me into trusting them more. A DVN is a modular validator entity inside LayerZero. That means, if you choose a single DVN set-up, your cross chain messages will be solely validated by this DVN. You can choose multiple DVNs or m out n DVNs to secure your setup. Most protocols (clients using LZ) have 2 DVN setups at max. I had to create this Dune dashboard myself to look into what's happening on-chain. For instance, Stargate has 2 DVNs. Stargate DVN and Nethermind DVN. Both are 1/1 multisigs. Securing, checks notes, $442.84m. Dune is doing a terrible job here, here's how the distribution of various configurations looks like. Look at the numbers that start tapering off as we go down the list. Dashboard link [2]. So, most protocols (clients using LZ) simply trust this one entity, LayerZero Labs, a 2/3 multisig. It's baffling to me that we're all fine with this and nobody is talking about it. We gotta push these teams towards more secure systems, rather push protocols that are using LayerZero to demand for more security. Let's look at Hyperlane, LayerZero's biggest competitor at the moment. First of all, thank God they call their default setup "Multisig ISM", ISM = "Interchain Security Module". They are at least honest about it. It is a multisig. Period. Hyperlane has setup their default ISM to be a distributed set of validators with different quorums for different chains. Each of these validators in this multisig setups are different entities, like various DVNs on LayerZero. Here's how their default setup looks like: Arbitrum: 3/5 multisig Base: 2/5 Blast: 2/3 BNB: 2/4 Ethereum: 3/7 Optimism: 2/5 (source: Link [3], note: they said this post prompted them to up their numbers, so this may have been updated) It is not very far off from the LayerZero DVN setups. But atleast you can be sure that 3-7 of these entites are actively validating in the system. It also seems better than using a single LayerZero Labs DVN setup. By the way, in a m/n multisig setup, if n is >> m, you are compromised if ANY of the m keys are compromised. In their BNB setup, 2/4, if any of the 2 validators out of 4 are compromised, you are compromised. If you compare these with Wormhole's default 13/19 setup, Wormhole looks a lot better. But I've heard it is upgradable. Do they need 13/19 signers to upgrade? I don't know. There are two main arguments by the GMPs (General Messaging Protocols, LZ & HL in this case) defending the lack of security of individual setups at the moment. 1. You can make it as secure as you want by adding as many DVNs/ISMs as possible. This is a marketplace and the market isn't choosing their security right. 2. You can upgrade to a more secure setup when they are available. Choosing your own security In fact, I'm writing about this after I had to choose my own setup for my protocol built on LayerZero. I had no idea what to choose. LayerZero does not provide any information on the current usage distribution of DVNs, nor do they advice you on a secure setup as they want to be agnostic. Layerzeroscan only provides data on the distribution of messages by different protocols using LZ. But that is not useful to me at all. They don't even tell us what DVNs these protocols are using. That's why I built my own Dune dashboard. Here are the most used DVNs across major EVM chains: Outside of the top 6 DVNs I mentioned at the top of this post, none of the DVNs are getting any volume. Why would a protocol choose to even trust DVNs other than the active ones? What guarantee is there that they are active and will be active in the future? What if you brick your system by choosing a dying DVN? If a DVN is not getting any volume, they would rather turn off their nodes as it costs to run a DVN. It's the same with complex DVNs or ISMs. If there is an ISM that is not being used, that means, it is not battle tested. If it is not securing any value, why would you trust it to secure your protocol? So the argument that these GMPs are agnostic marketplaces does not hold true at all. Someone has to help the crypto protocols choose the right setups. It is as if Amazon offered a default product for all of your searches and gave you a list of other options without product availability, reviews or even a description. In my experience, Hyperlane is more eager to engage their clients with education than LayerZero. It should be easier for more DVNs to start competing in the GMP marketplaces. In reality, there is no way for them to market themselves to the protocols using Hyperlane/LayerZero outside of shouting into the void on Twitter. Apparently the teams(LZ said so) are currently working on dashboards to showcase more data about individual DVNs/ISMs. Maybe this post pushed them to do so. The second main argument is that, protocols should use this trusted setup now, so that they can upgrade to a ZK bridge or a restaked security setup later down the line. The Upgradability of Your Setup First of all, I want to highlight that this is so far from the crypto ethos that got me into this space. Mutability, smh. Let's compare an ERC20 with an omnichain token. An ERC20 1. Has a fixed supply that nobody can change (most of em) 2. Exists on a blockchain where nobody, including the team itself, can mint extra ERC20s An OFT or A Warp Asset 1. Has a fixed supply in theory, but an unlimited number of tokens can be minted if the interop setup is compromised, unless there is a rate limit. 2. Has its interop setup managed by a multisig controlled by the token issuer (protocol). This multisig can change the rate limit as well (lol?). 3. Exists on multiple blockchains where if one of the chains is malicious, they might be able to mint as many tokens as possible, unless there is a rate limit, which can be changed. Let's look at team multisigs for a second. At least they are dormant addresses locked up in a basement, right? Right? @ether_fi is a protocol with $5.5B+ in TVL. Here is the multisig (Link[4]) securing their weETH OFT. 5 out of these 6 wallets have been active in the last 2 months. That means a higher likelihood of getting their private keys stolen.. For context, Ronin ($600m) and Harmony Bridge ($100m) hacks were due to comprises of multisigs. @renzoai is a protocol with $1.5B in TVL. And their ezETH is an xERC20. It is also secured by a 3/5 (multisig Link [5]). All 5 of these addresses have been active recently. And they all seem to be kinda interlinked. But I am not an expert on-chain sleuth to comment on that though. Will Ethena's USDe ever depeg? Perhaps not due to their stablecoin design, but rather because of their interop setup (LayerZero Labs DVN + Horizen DVN, basically a 4/5). At least 7 of their 9 multisig addresses are dormant. So, can we say a total of around $10B+ is at risk here? I am not blaming these GMPs. They are simply selling a setup. I am pushing the community to demand enough security from the protocols that are using these setups. Did we all forget that the bridge hacks have accounted for >50% of all funds we have lost? Now we are offering billions more on a platter to the hackers around the world. Kim Jong-Un is probably rubbing his hands right now. Native Bridges, Ignored, And Left for Dead It is easy to point out problems than to offer solutions. What is the best security for cross-chain messaging/tokens right now then? I would suggest studying wstETH by Lido. It uses native bridges to bridge and also to control the upgradable token setups on L2s. The upgradability is controlled by the Lido DAO on L1. Except the upgradability aspect of this, I have no issues with this setup. There is no way an unlimited amount of wstETH can be minted in this case. There will be solutions based on restaking in the future, hopefully they will offer a much better security than what we have today. Closing Thoughts I used to think very highly of LayerZero as a protocol. A protocol that is marketed x.com/mark_murdock3/… as a peer next to Bitcoin and Ethereum. Bitcoin, Ethereum, LayerZero. But I do not feel strongly about it anymore. I don't think it's even close. Bitcoiners chose the smaller blocks chain, Ethereans still care about the solo stakers, but the protocols using LayerZero are fine with one or two DVN setups. This is not a post targeted towards any of the GMPs/protocols mentioned here. I wanted to voice out my concern because I hold a lot more ETH than I hold ZRO (I do hold some ZRO, sandmanarc.eth). I have also integrated LayerZero into the protocol I am currently building. Although I am having second thoughts about it now. Let's demand better standards from our industry. - A humble community member, Sand

1/4 We're excited to announce our partnership with @nomial_io , the first open liquidity network built for the modular DeFi ecosystem. Mach intends to support liquidity providers (fillers) within our intent network by providing them access to Nomial's extensive liquidity pools across multiple blockchain networks.