Search

Search for projects by name

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our Discord to suggest improvements!

LightLink logoLightLink

About

LightLink is a sidechain that lets dApps and enterprises offer users instant, gasless transactions. It aims at becoming an Ethereum Layer 2.


  • Total value locked
  • Destination
    LightLink
  • Validated by
    Third Party
  • Type
    Token Bridge

  • About

    LightLink is a sidechain that lets dApps and enterprises offer users instant, gasless transactions. It aims at becoming an Ethereum Layer 2.


    Value Locked
    Risk summary
    Technology

    Principle of Operation

    LightLink chain state roots are periodically posted to Ethereum through a CanonicalStateChain contract on L1. After the challenge window of 3d, the published state root is assumed to be correct. During the challenge window, anyone can challenge a block header against some basic validity checks. The challenge fee required is 1.5 ETH. Once challenged, the permissioned defender can respond within 2d to the challenge, by providing the L2 header and the previous L2 header. If the defender does not respond, the block header is considered invalid, the canonical state chain is rolled back to the previous state root, and the challenger can claim back the challenge fee. If the defender successfully responds, the challenger loses the challenge fee to the defender. Since only the block header can be challenged and not the state transition, the system is vulnerable to invalid state roots. Moreover, state roots are not used for L1 bridge withdrawals. Users can deposit tokens on the LightLink chain by sending them to the L1BridgeRegistry contract on Ethereum L1. On the LightLink chain, token minting is then authorized by a permissioned set of signers providing signatures as input to the syncDeposit() function on the L2ERC20Predicate contract. Users can withdraw their funds by submitting a withdraw() transaction to the L2ERC20Predicate contract, which will burn the tokens on the LightLink chain. To then unlock tokens from the bridge on L1, a validator multisig needs to validate the withdrawal based on off-chain validity checks. Users can exit the network once enough validators have signed off on the withdrawal. Currently, a minimum of 2 validators is required to sign off on a withdrawal.

    Validation By Signers

    For deposits, messages are verified by a permissioned set of signers on the LightLink network, which monitors emitted DepositToken events on L1 and provides signatures to authorize syncDeposit() transactions execution on LightLink. In the same way for withdrawals, the set of signers provides signatures to authorize the withdrawal transactions releasing tokens from the bridge.

    • Users can be censored if validators decide to not mint tokens after observing an event on Ethereum.

    • Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum.

    • Funds can be stolen if validators relay a withdraw request that wasn't originated on the source chain.

    1. LightLink L2 syncDeposit() - L2ERC20Predicate.sol
    2. LightLink L1 syncWithdraw()- L1ERC20Predicate.sol

    Destination tokens are upgradable

    Tokens on the destination end up as wrapped ERC20 proxies that are upgradable by the LightLinkMultisig, using EIP-1967.

    • Funds can be stolen if destination token contract is maliciously upgraded.

    1. Token Implementation - requireMultisig()
    Permissions

    The system uses the following set of permissioned addresses:

    Permissioned set of actors that can validate withdrawals from the bridge. Each validators has a voting power assigned that determines the weight of their vote. Currently, the threshold is set to 50.00% of the total voting power.

    Proposer 0x514F…E7EC

    The proposer (“publisher”) is responsible for pushing new state roots to the CanonicalStateChain contract on L1.

    LightLinkMultisig 0x3345…c0c8

    This address is the admin of the L1BridgeRegistry. It can pause the bridge and upgrade the bridge implementation. It also determines the validators of the bridge and their voting power. It is not a Gnosis Safe multisig, but a custom multisig implementation.

    LightLinkAdmin 0xcc90…12BF

    This address is the owner of all the CanonicalStateChain and Challenge contracts. Can replace the proposer and core system parameters.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    The Canonical State Chain (CSC) contract is the main contract of the LightLink network. It stores the state roots of the LightLink chain on Ethereum L1.

    Can be upgraded by:

    Upgrade delay: No delay

    The Challenge contract is used to challenge block headers on the LightLink chain. Currently, data availability challenges and execution challenges are not enabled.

    Can be upgraded by:

    Upgrade delay: No delay

    The L1BridgeRegistry contract is used to store the address of the LightLink multisig and the address and voting power of the validators managing the bridge.

    If the DAOracle is set, this contract enables any user to directly upload valid Layer 2 blocks from the data availability layer to the L1.

    Can be upgraded by:

    Upgrade delay: No delay

    DaOracle 0x0000…0000

    The DABridge contract used to verify shares inclusion in the ChainOracle provideShares() function. If not set, data shares cannot be verified and stored in the ChainOracle contract.

    Value Locked is calculated based on these smart contracts and tokens: