Bridge Assessment answers by Router Protocol
1. List 3 succinct reasons why you believe your bridge/solution would best serve Uniswap governance.
- PoS-based security: Router Chain is economically secured by validators.
- Strong BSC presence: Router has seen a strong presence on the BSC chain since its launch. Almost 27% of our transactions had BSC as either the source or destination chain.
- Strong focus on Research: We are exploring various composable security modules including Optimistic Rollups and ZKP to enhance the security of Router Protocol.
2. How long has the system been running on mainnet?
Router Protocol’s latest version Router V2 is on the devnet. However, it should be noted that Router Protocol’s V1 has been on the mainnet since January 2022.
Router V2 is — Router chain, a layer 1 blockchain that leverages tendermint’s Byzantine Fault Tolerant (BFT) consensus engine. As a Proof of Stake (PoS) blockchain, the Router chain is primarily run by a network of validators with economic incentives to act honestly. The Router chain is built using the Cosmos SDK and encapsulates all the features of Cosmos, including fast block times, robust security mechanisms, and, most importantly, CosmWasm - a security-first smart contract platform.
By leveraging the CosmWasm toolkit, developers can start building secure blockchain applications on the Router chain from scratch or port their existing applications to the Router chain with minimal overhead.
The documentation is available here: https://devnet-docs.routerprotocol.com/ and the white paper is available here: Whitepaper
3. How much value has the system secured? (Current TVL, total transaction volume)
Router protocol’s V1 has had over 100k+ transactions since its launch with a transaction volume of over $630M. The current TVL in the ecosystem is around $526k.
Source: DeFiLlama
4. Provide a background on your team.
The Router Protocol team comprises many industry veterans. The team is led by MIT alumnus Ramani Ramachandran.
Ramani Ramachandran (Co-founder & CEO)
Ramani Ramachandran (Ram) is the Founder and CEO of Router Labs, which runs Router Protocol. Ram has been in crypto since 2014. Prior to Crypto, Ram was in the financial services industry and spent time across various functions including product management, research, fundraising, and investments across the US, Europe, and Asia.
Shubham Singh (Co-founder & CTO)
Full-stack Developer and Technical Architect building in crypto and blockchain since 2016; Built a crypto-index (108token) as well as Fordex - the world’s first stablecoin DEX.
Chandan Choudhary (Co-Founder)
Head of Strategy at Bitpolo, a leading Indian crypto exchange; Veteran trader and advisor across asset classes spanning over 15 years. Energy trader at Futures first; Managed crypto fund, generating 4x returns; Head of Ops & Market Research at Tradelab
Priyeshu Garg ( Co-Founder )
Priyeshu leads the research and developer-relations wing at Router. Past stints include software engineering at Ola, crypto journalism at Cryptoslate and product at Qredo.
Mankena Venkatesh (Blockchain Engineer)
He is a core engineer at Router Protocol currently building Routerchain. He previously worked as a Blockchain engineer at Matic (now Polygon) and Injective protocol.
Prof. Ashutosh Sahoo (Chief of Strategy & Marketing)
Prof. Ashutosh Sahoo is a blockchain ecosystem growth specialist. Since 2021 he has been involved in building a trade finance protocol on blockchain, Polytrade, and Reef - a substrate-based Layer 1 as the Chief Growth Officer. Prior to his foray into blockchain and academia, Prof. Sahoo has held leadership roles for over 15 years in strategy , operations, sales and marketing functions in FMCG, IT, manufacturing and real estate industries with brands of global renown like Hewlett-Packard, Johnson & Johnson, Lodha Group, Trump Organization and Sobha Realty.
5. Please link your developer documentation.
The documentation is available here: https://devnet-docs.routerprotocol.com/ and the white paper is available here: Whitepaper
6. Does the bridge support arbitrary message passing?
Yes, we support arbitrary message passing. The best way to send arbitrary messages between different blockchains is Router CrossTalk.
Router crosstalk is the framework that can be used to pass messages across chains. In simple terms, this library leverages Router’s infrastructure to allow contracts on one chain to pass instructions to contracts deployed on another chain without needing to deploy any contracts on the Router chain. The library is structured in a way that it can be integrated seamlessly into your development environment to allow for cross-chain message passing without disturbing other parts of your product.
7. Has the currently deployed bridge code been audited? By a third party? What attack vectors and vulnerabilities were identified, if any? Have the identified vulnerabilities been remedied?
The V1 bridge was audited by multiple auditors - Halborn Security, Hacken, and Oak Security.
All the vulnerabilities in the V1 architecture were fixed as part of the audit process.
The current v2 architecture which we are proposing to use for this integration is still in devnet phase with testnet planned around April and Mainnet around July. We will be getting Router V2 audited by veteran auditors like Informal Systems, Oak security, Zokyo etc.
8. Is there a bug bounty program?
We run a security bug bounty on ImmuneFi for Router v1 and the same will continue once we open up Router v2 for audit and security process. We have rewards upto $200,000 available for the Immunefi bug bounty program.
9. List ANY portion of the functional bridge that is upgradeable and explain how the upgrade process works.
As of now, the contract is upgradeable in the devnet phase. But on mainnet, it will be upgradeable with the ⅔ voting consensus on the router chain.
Hence, effectively a governance vote will be required to upgrade contracts in the mainnet.
10. Do any contracts have an owner or owner-like entity? If so, what can the owner do?
We do have an owner-like entity. It can only modify the base bridge fee that dApps need to pay for a cross-chain transaction on the source chain and do emergency pause. Pause is majorly added so that we can stop the bridge in case a chain is hacked for that particular chain.
11. What is the security model of the bridge? Please describe the security model for the current implementation of the bridge. What trust assumptions are you making?
In Router v2, the Router chain acts as the bridge. Router chain is built using the cosmos SDK. Hence, it leverages tendermint’s Byzantine Fault Tolerant (BFT) consensus engine. As a Proof of Stake (PoS) blockchain, the Router chain is primarily run by a network of validators with economic incentives to act honestly. The trust assumption is that there will be ⅔+1 validators who will act honestly.
However, we will be providing customizability to dApps to add their own security layer on top of the PoS-based mechanism inherited by default from the Router chain. DApps can add optimistic layers as well to make their system more secure.
12. How can an adversary pass a fraudulent message from Ethereum to the destination chain? Please give specific and concrete examples.
For an adversary to pass a fraudulent message — they will have to control ⅔+1 stake of the Router consensus. The security is based on the PoS scheme.
13. How can an adversary withhold a valid governance message from Ethereum to the destination chain? Please give specific and concrete examples.
There are 2 ways to block the governance from Ethereum.
The first way is by attacking the network of the orchestrators and making them paralyzed. This would mean that the request would never get created on the Router chain for further execution and hence, block the message from Ethereum to the destination chain.
The second way is to gain control of ⅓ orchestrators / validators. If ⅓ or more validators are blocked from voting or vote incorrectly we will not be able to achieve consensus and hence. the message will not get executed on the destination chain.
14. What are the ramifications of fraud to the malicious actor(s)? If it is legal ramification, please share the suite of legal action you can provide. If it is slashing, please point us to the codebase of the slashing behavior and describe in words how slashing works in your system.
Validators have to stake $ROUTE tokens on the Router chain. Any validator having excessive downtime or engaging in any kind of malicious activity is penalized by having a portion of their staked ROUTE slashed.
For attack vectors like double signing, validators liveness, we use cosmos sdk slashing module which is described here x/slashing | Cosmos SDK
While for attack vectors like cross chain message tampering, message withholding etc we will be implementing our custom slashing mechanism which will be available in testnet phase in April.
15. Provide any additional information you would like here.
Router is backed by some of the leading investors including Coinbase Ventures, Wintermute, QCP Capital, Polygon, and Woodstock Fund.