Hi Everyone,
We’ve been doing a bit of research on the testnet deployment. Below is a list of the immediately relevant contracts:
- BSC Testnet Uniswap V3 Factory contract: link
- BSC Testnet Message Receiver Adapter: link
- BSC Testnet Message Bus: link
- Goerli Message Bus: link
Test use of the Celer Messaging system:
At a high level, we can see the Uniswap v3 protocol has been deployed on testnet and that Celer successfully passed a message from an EOA on Goerli, which implemented an additional fee tier on the BSC testnet deployment.
Overall, we’re pleased with the work that Ilia and his team have performed.
However, in reading through Celer’s deployed contracts and documentation, we have a few concerns and questions we would like addressed.
The Message Bus contracts on Ethereum and BSC mainnet have an owner role. The owner controls access to the following functions: setFeePerByte, setFeeBase, setLiquidityBridge, setPegBridge, setPegVault, setPegBridgeV2, setPegVaultV2, and transfer ownership. In addition to this access, since the contract is upgradable, the owner is able to upgrade the implementation of the contract, which means anything is possible. The owner on the Message Bus contracts is the “SimpleGovernance” contract. However, the governance contract functions akin to a multisig since it has five voters with equal voting power. We were unable to find information regarding the five EOAs on the contract, however they appear to be active.
- 0x1b9dFC56e38b0F92448659C114e2347Bd803911c
- 0x34dFa1226F8b3E36FE597B34eEa809a2B5c0bBf9
- 0xDfE4F07D1F36B8d559b25082460a4f6A72531de2
- 0x9F6B03Cb6d8AB8239cF1045Ab28B9Df43dfCC823
- 0x2FB8783C14A71C08bFC1dE8Fc3D715Dd93039BF2
After reading through the contracts, we tried to find more information on how their “Optimistic-rollup-style” security model works. We were able to find this blog post & doc page, but it only had the same information from the forum post. We did find this reference to a “DelayedTransfer”, but it is unclear how this is “optimistic-like” rather than a simple delay.
We were also unable to find documentation or implementation instructions for running an app guardian. If the Celer team could please share the technical documentation and implementation of their proposed security model, we would appreciate it.
While the messaging contract appears to have been audited, their audits are from PeckShield & Slow Mist which do not inspire a high degree of confidence. Both audits were conducted in February 2022, before the addition of the delay mechanism.
We continue to be supportive of a Uniswap v3 deployment on BSC; however, the Celer team controlling ownership of the Message Bus and limited information on the security model makes it hard for us to support the proposal.
Additional Resources: