Search

Search for projects by name

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our Discord to suggest improvements!

Hyphen logoHyphen

About

Hyphen Bridge is a part of the Biconomy chain and ecosystem. It's a cross-chain bridge that uses liquidity pools to perform token swaps.


  • Total value secured
  • Destination
    Various
  • Validated by
    Third Party
  • Type
    Liquidity Network

  • About

    Hyphen Bridge is a part of the Biconomy chain and ecosystem. It's a cross-chain bridge that uses liquidity pools to perform token swaps.

    Value Secured
    Risk summary
    Technology

    Principle of Operation

    Hyphen Bridge has LiquidityPool contracts deployed on supported chains and allows anyone to become liquidity provider within predefined limits. Cross-chain token transfer starts by a user depositing tokens to a LiquidityPool contract on the source chain with information of the requested destination chain. Funds (minus fees) are released to the user from a LiquidityPool on the destination chain via a call by an Executor, currently one of four EOAs. Separate off-chain entities called Watch Towers are responsible for watching for user deposits and notifying Executors.

    Validation Method

    Note: This section requires more research and might not present accurate information.

    Funds can be released from LiquidityPool to any user by any Executor (currently 1 of 4 EOAs on Ethereum). User needs to trust that Executor performs this action only after validating deposit on the source chain. There are token- and blockchain-dependent limits on maximal single withdrawals.

    • Users can be censored if the Watch Towers ignore deposits from selected users.

    • Users can be censored if the Executors don't act on deposits from selected users.

    • Funds can be stolen if an Executor asks LiquidityPool to release funds to a user that hasn't made any corresponding deposit on other chain.

    • Funds can be frozen if there's insufficient liquidity of requested token in the destination LiquidityPool.

    • Funds can be frozen if one of the contracts is paused by it's owner.

    Permissions

    The system uses the following set of permissioned addresses:

    ProxyAdmin owner 0x1294…aCC7

    Can upgrade implementation of LiquidityPool, TokenManager and LiquidityProviders.

    Owner of LiquidityPool, TokenManager, LiquidityProviders and ExecutorManager 0xD76b…D5E6

    Can pause contracts, change configuration and change proxy admin or update Executor list.

    Executor is able to release funds from LiquidityPool.

    Smart contracts

    The system consists of the following smart contracts on the host chain (Ethereum):

    This contract stores the following tokens: ETH, USDC, USDT, MATIC, BICO.

    Configures limits and other aspects of supported assets.

    ExecutorManager 0xbd76…1399

    Manages a list of addresses with Executor role.

    Liquidity pool logic (not escrow - funds are sent to LiquidityPool).

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Knowledge Nuggets