[RFC - Update] Deploy Uniswap v3 (1 / 0.3 / 0.05 / 0.01) on BNB Chain (Binance)

I like the new governance flow, but it is difficult to find the snapshot post/link in this thread. Have to keep scrolling up to find this post, when checking on the vote status.

A suggestion if possible: have a “snapshot is live” button under the thread scroller on the right side where the “reply to thread” and “notifications” buttons are.

1 Like

Throwing in some comments here. We’ll preface by saying that considering how “unexpected” this discussion arose, we appreciate the UF team for their quick thinking and on the feet decisions.

When looking at the main debate surrounding L0 and Wormhole, we’re still internally conflicted on which is ultimately the best, and think each has benefits of their own. Ultimately, we don’t think this proposed structure of finding a bridge partner is ideal and sets a bad precedence. We propose:

  • A working group that gets set up will “whitelists” all bridges looking to be a bridging solution. This can be confirmed with a governance vote if deemed necessary.
  • Once a bridge passes this step, they will enter an “approved” pool
  • When “x-chain” wants to deploy, they can work out individual relations with any “approved” bridge as their partner
  • As @Kydo mentioned with us, the partner bridge for “x-chain” can be multiple bridges that cross check each other and can decrease further the chance of malicious actors.

Overall, this reasoning stems from: 1) we believe there are multiple valid bridges/solutions to this question. 2) Combining L0 & Wormhole & maybe other bridges with a majority rules outcome will present the best security 3) Puts incentives with bridges and “x-chain” better in our opinion to market compete in each situation.

3 Likes

Just to be completely objective when we are choosing a bridge for Uniswap v3, I ask all community members also to read the report published today by James Prestwich, regarding the potential vulnerabilities in LayerZero contracts.

@GFXlabs @pennblockchain @AbdullahUmar @Kydo @Porter

:exclamation:Full article: ZeroValidation - by James Prestwich - Proof of James

We are very much looking forward to the comments from the LayerZero team @raz , as our snapshot bridge poll is coming to an end tomorrow.

3 Likes

I would say that’s one of the least objective posts of all time. I responded to it here albeit in not a very formal tone and I’d like to state clearly that it’s both wrong, misleading, and has absolutely 0 impact on the proposed Uniswap architecture because as discussed in the proposal Uniswap would not be using the defaults and would be selecting their own oracle, relayer, and VL.

7 Likes

Did anyone consider Axelar?

With Osmosis opting for it over Wormhole in their search for a canonical Ethereum bridge, which some might argue was more thorough, I think it’s worth considering.

1 Like

Thanks for the clarification, Bryan!

Yup 100%! Just want to make sure there is clarity

I believe it’s too early to pick any solution. Because all these solutions are early, Uniswap is way too important for this ecosystem’s health, and we still haven’t fully understood each provider’s implications and loopholes.

Would love to provide some insightful links, but don’t have the permissions.

1 Like

We know we’re late to the party, but we wanted to throw our hat in the ring as well. We understand it’s too late to be formally considered in the temp check vote, but we’d love to have Hyperlane (fka Abacus) considered in future votes. We were previously involved in the RFP process, and chosen by several well known delegates alongside Axelar, which is also conspicuously missing from this vote! You can read more about that here: RFC: Uniswap Universal Governance Module - #21 by blockchaincolumbia

We’ll be submitting our case formally through the Cross Chain Bridge Assessment process, in that thread, using the template provided.

1 Like

Hey all, we’ve (a16z) reviewed the various bridge proposals, evaluated each, and strongly support LayerZero. We’re unable to vote in the current Snapshot due to infrastructure limitations with the custodian on short notice, but we will be participating in the on-chain vote when it goes live, in addition to any new Snapshot votes that may come up. We just wanted to put this out before the vote ends tomorrow morning for clarity on the process from our end.

On Running Infrastructure and Bridges

There’s been a lot of back and forth in the thread around immutability, decentralization, trusted entities, and degrees of control by cross-chain messaging protocols. We wanted to clarify these discussion points by calling out the two ways Uniswap would integrate a messaging layer and comparing the guarantees of both Wormhole and LayerZero under each scenario.

Simply put, the two scenarios are:

  1. Uniswap runs infrastructure
  2. Uniswap doesn’t run infrastructure

Uniswap runs infrastructure

LayerZero

LayerZero suggests that integrators can either use their “default” configuration, a low-security option or run infrastructure via a “custom” configuration.

The latter model is proposed as the method by which the application developer (in this case Uniswap) can avoid collusion risk between the default Oracle and Relayer infrastructure operators within LayerZero. Additionally, in this model, Uniswap or its delegates would need to run infrastructure such as a “gasless Oracle” (which has not been released yet), which the LayerZero Relayer would pick up and deliver to the destination. Relayers in LayerZero are always permissioned and are required for liveness and security, thus Uniswap would also have to run Relayer infrastructure. The Relayer source code is currently not open-source, so Uniswap would need to implement a bespoke untested solution or run LayerZero’s proprietary implementation.

However, this may still be problematic. Due to the Proof Library requiring ongoing mitigation with each chain, a non-default config is **insufficient until the issue above is addressed. The LayerZero team can add a new default chain config, register a default proof handler, and exploit an application in a single atomic transaction. The application cannot mitigate this using configuration. Applications can only mitigate via a custom relayer and potentially an “approved chains” list in the application itself. The flagship application on LayerZero, Stargate, itself is semi-immutable and will have a difficult time mitigating this issue, and would need to make a custom Proof Library to implement the approved chains list.

TL;DR — if Uniswap does not want to trust LayerZero’s current default configuration, it needs to run its own infrastructure. Even when doing so, there are underlying issues that necessitate further action from LayerZero’s team to truly make any custom infrastructure setup truly trustless.

Wormhole

We want to clarify that if Uniswap wants to run its own infrastructure with Wormhole, it can achieve the same level of customization that LayerZero touts, as no protocol has a monopoly on deploying bespoke infra. If desired, Uniswap can configure a deployment of Wormhole, which improves upon the security guarantees of LayerZero’s default while also ensuring sovereign security relative to the canonical Wormhole deployment.
Wormhole’s contracts are designed so that the Guardian set is customizable on initial deployment (see here: Setup.sol) and can further be rotated via an in-protocol governance mechanism whereby the current guardian set can vote on the next guardian set. Should Uniswap delegates decide to run their own infrastructure, they may run their own oracle nodes by following instructions at Operations.md. In this model, Uniswap oracles produce signed observations (VAAs) which can be submitted permissionlessly on the target chain (BNB), so no relayer infra is needed, and therefore no need to manage gas funds. However, relayers can very easily be made permissioned if desired, which would allow Uniswap to run a permissioned relayer like the one discussed in the LayerZero model.

From a security and operational load perspective, however, we could offer Uniswap to layer their signers on top of Wormhole i.e. extend the already robust Guardian set with their additional validators. This option surpasses the level of flexibility and security of LayerZero’s oracle (in this case Wormhole) and Relayer (chosen by Uniswap) mode in which Uniswap benefits from Wormhole’s significantly more robust signer set but is safe as long as the signer set does not collude with the Uniswap chosen signers. We start from the far stronger base of 19 signers and can arbitrarily increase security beyond that with additional Uniswap-affiliated validators. The easiest way to produce these additional signatures is for the Uniswap DAO signers to download and run the existing, open-source, and in-production Wormhole oracle software. After verifying the Wormhole signatures, the Uniswap governance contract can verify these additional signatures from the selected Uniswap DAO signers. Additionally, relayers can very quickly be permissioned, allowing Uniswap to run a permissioned relayer like the one discussed in the LayerZero model.

While the proxy contract can point to different implementations, the Wormhole implementation contract is immutable. Thus it is trivial to verify governance messages against a specified implementation. While there are multiple ways to accomplish this, the most straightforward is just including the pinned implementation as an external library in your deployment.

This deployment can be done in a fully permissionless manner without having to trust (or ever interact) with the 19 Guardians that operate the default Wormhole deployment.

Uniswap doesn’t run infrastructure

LayerZero

The security assumption of LayerZero’s default configuration is that the default Oracle and Relayer are independent. Uniswap would have to trust a 2/2 multisig of these two components. The relayer is unverified, but LayerZero claims that this is not an issue:

“It is common practice to not open source or verify Oracle and Relayer smart contracts. *These smart contracts are only responsible for on-chain quoting in gas. All validation logic resides immutably in the messaging library.
[…]
*****These smart contracts can only quote pricing and do not affect security in any way, therefore being verified is irrelevant to its purpose.”

This statement contradicts with the LayerZero whitepaper, which claims the following:

“Given two entities that do not collude, if (1) one entity can produce a block header for the block containing tA on chain A, (2) the other entity can independently produce the proof for tA on that block (transaction proof), and (3) the header and transaction proof in fact agree, then the communication protocol can deliver m to the client on chain B with the guarantee that tA is stably committed on chain A.”

The Oracle is responsible for producing the block headers, and the Relayer is responsible for the inclusion proofs — these responsibilities are far beyond on-chain gas quoting.

“LayerZero leverages direct MPT validation construction of the source transaction and verifies the merkle inclusion proof directly on the destination chain via the protocol’s novel Ultra Light Node (ULN).”

At this point, it’s unclear if there are other Oracle/Relayer options available to choose from outside of the default. In any case, if the Oracle and Relayer collude, they can forge messages.

Contract upgradeability is a critical discussion point. It’s true that bugs can be introduced in upgrades, but upgrades can (and do) fix existing bugs. Presenting only one side of this coin is misleading at best.
If any bugs are discovered in LayerZero’s contracts, patching them would be a significant task. Such a scenario would involve the proof validation code being implemented with a patch, and then all affected user applications would have to change their configurations to the patched implementation.

Wormhole

The 19 Guardians that operate Wormhole’s default deployment are the largest PoS validator companies. The safety assumption is that of an honest superminority (at least 7 of them are honest) or, conversely, that there are no 13 colluding entities. The equivalent assumption under LayerZero’s setup is that the 2 entities do not collude. The contracts are upgradeable via a governance mechanism that requires the approval of 2/3+ of the Guardians. Importantly, the Wormhole cross-chain governance solution has already been tested (see above) and implemented on testnet and is ready for production.

Happy to answer any additional questions.

1 Like

Hey all, cross-posting a few thoughts from Twitter.

1/ great to see the snapshot driving attention/clarity on bridging’s role in cross-chain protocol deployments

2/ I’m abstaining from the vote as I don’t think the list of options on offer is comprehensive or deeply researched

3/ zooming out, my view is that its suboptimal for communities to be voting on singular bridge choices, effectively king-making solutions.

protocol design needs to adapt for a multi-chain world, to reap the benefits of competition through standardization, not voting.

4/ closing thought: glad the convo is moving forward , and hope this proposal will kick off more efforts to dig deeper into bridge research and protocol design to enable multiple choices.

3 Likes

Blockchain@Columbia’s Uniswap governance team has considered this temperature check with great importance. We appreciated @jkol 's reference to our post the RFC: Uniswap Universal Governance Module - #21 by blockchaincolumbia shared by @jason_of_cs. For anyone who hasn’t, we encourage you to read the post where we proposed a “synergy between Axelar and Hyperlane[previously Abacus] inheriting the PoS validator-set model of Axelar (AXL tokens, which could potentially in an application-specific setting be just the UNI tokens) with the application-customizability of Abacus as having the ideal model for Uniswap’s current purposes, with UNI token holders freely participating in the system (this can be implemented in a variety of ways).” We took extensive time to consider various bridging providers including LayerZero, Wormhole, Nomad, Axelar, and Hyperlane (Abacus), which wouldn’t have been possible without @jason_of_cs a prominent researcher in the AMM space.

As we know, Axelar and Hyperlane weren’t considered for this temperature check, and it raises questions on the hast at which the community is coming to a decision. @pennblockchain, as well as other university organizations, have provided sound commentary on this debate, and we agree with @devinwalsh from the UF team that “assessments of bridge security are time intensive and require significant technical expertise and context.” As of the time of writing this post, it’s clear that LayerZero and Wormhole are the two competing players to win this temperature check, and we’re fortunate to have discussions with both LayerZero and Wormhole

In light of the commentary published by James Prestwich, reading forum responses, and our belief that there are many strong contenders in the bringing space not mentioned in this vote. We find it difficult to choose between, LayerZero and Wormhole, and if an abstain/wait option existed, we’d prefer to vote that way. However, as this is a temperature check, with a deadline of tomorrow, we will be voting for Wormhole.

With more time to assess the technicalities of each bridging option, perhaps we will revise our decision and vote differently for LayerZero or other providers.

1 Like

This will be our (Stanford Blockchain) final post here in this thread. More posts revolving around this issue can be found at Cross-Chain Bridge Assessment Process.

To save time and be succinct, we will focus this thread mainly on the top two contenders, LayerZero (LZ) and Wormhole (WH).

We would love to discuss further around other protocols in the thread above.

First at foremost, we enjoyed chatting with different bridge providers and their advocates. We believe as contentious as this vote is, this will not be the end for the cross-chain (x-chain for shorthand) governance discussion but the beginning.

TLDR

We believe regardless of who will win the vote, this result should be temporary and should be immediately changed/updated when the Cross-Chain Bridge Assessment Process concludes. Our vote only convenes that we support the following protocol for a period of fewer than three months. In long term we believe Multi-Message-Aggregation (MMA) is the solution.

We have voted for LZ as the current preferred bridge provider. However, our vote is contingent on a few criteria. If LZ cannot fulfill these criteria, we wish to withdraw our support.

  • Uniswap governance message passing will use Uniswap-community-run oracle and NOT the default oracle by ChainLink.
  • The Uniswap-community-run oracle is mainnet functional no less than 3 days after the passing of the snapshot vote.
  • The Uniswap-community-run oracle have no less than 5 independent signers.
  • LZ will provide sufficient technical support for all oracle signers.

If LZ fails to deliver on ANY of the criteria above, Stanford Blockchain Club will NOT support LZ being the bridge provider for Uniswap governance.

Quick word:

We want to say that although the current snapshot will only have one “winner,” it does not mean the work other bridge providers did is wasted. In the next three weeks (laid out in the Cross-Chain Bridge Assessment Process), we would love to continue these conversations and find a long-term and more sustainable solution for x-chain governance.

As we have briefly mentioned in our previous posts (1,2), none of these solutions fits all our requirement and all of them poses serious governance risk to Uniswap; therefore we should not just decide once and move on from this issue. Instead, we should take UF’s proposal seriously and contribute more if not less time and energy to it.

Some key risks: Both WH and LZ’s oracle/relayer networks lack a slashing mechanism for malicious oracles. WH’s contract can be upgraded (can be patched with workarounds). LZ’s relayer is currently just LZ’s core team.

On bridging:

At Stanford Blockchain Club, we understand the difficulties of building bridges and more importantly, the current security gap between any bridge and the Ethereum network. We also recognize how early bridging technologies are and the security assumptions for these bridges might be drastically different from traditional blockchains.

We are not making statements about future designs of these bridges or what they could be; we are stating what we are seeing right now.

LZ and WH on a high level are both multisig bridges.
WH is a 1/1 multisig, with the 1 being 19 validators forming a 13/19 multisig.
LZ is a 2/2 multisig, with 1 being 5 Uniswap members, and the other 1 being LayerZero Lab.

If Ethereum’s current security level is 100, what would you assign to LZ and WH?

Therefore, we would not choose either of them to be the sole message-relaying solution for Uniswap long term. However given we have to make a decision now, we believe the LZ solution is the marginally better one.

Use all of them:

We believe the correct near-term solution is message aggregation from multiple bridges.

From our conversation with bridge providers and other delegates, we believe this is the most logical next step for x-chain governance in Uniswap.

We have proposed an in-depth design on the other thread, but this graph captures it well.

The governance flow is as follows:

  1. Uni Gov passed on Ethereum.
  2. Payload to different bridge contracts sent from Timelock.
  3. Different bridges relay to dst, BSC in this case.
  4. Bridges send governance payload to Message Selection Contract.
  5. A 11/15 multisig decides which message payload to execute.

Security analysis and design trade-offs are discussed more in the post.

2 Likes

To be totally unambiguous, we at a16z would have voted 15m tokens toward LayerZero if we were technically able to. And we will be able in future Snapshot votes. So, for the purposes of a “temperature check”, please count us this way.

2 Likes

The only question I have as a contract deployer is who will run Infra for Uniswap and custom LayerZero, and how we will manage it.

We’re excited to see the support behind deploying Uniswap v3 to Binance Smart Chain prior to the expiry of the Business Source License. At Spartan Group, we believe LayerZero’s bridge will be the most secure and decentralized solution for Uniswap, and will be voting to support their solution. We reviewed the different proposals, and believe LayerZero’s approach is the most thoughtful, and appreciate their willingness to engage with the community. Disclosure: we are investors in LayerZero (for the above reasons) and we are also significant holders of UNI tokens.

1 Like

This will be our (FranklinDAO/Penn) last post here seeing the impending 3 hour deadline for votes. Since we last posted here a few hours ago where we expressed our opinions regarding how we believe future bridging solutions should go, we are currently abstaining from a vote.

For some background, this has certainly been the #1 most lobbied vote on Uniswap that we have ever partaken in. Our opinions expressed above should be coupled with this thought: no matter the outcome, this should be a short term victory for either party. In the very near future, we would like to once again enforce that we think a multiple bridge multisig should be used to give us the best of both worlds.

At the end of the day, taking away our opinions regarding the jurisdiction of this vote, if we were forced to choose on this proposal, our team is genuinely split right down the center with our decision. In short, we believe Wormhole’s council of 19 at face value is more appealing to us, however, custom solutions that L0 have promised @Kydo bring them back up to pretty much par in our eyes if not slightly the edge, given proper execution, which is a whole another story.

Ultimately, this has definitely been a pretty “stressful” day as we’ve been trying to digest information in real time (while trying to grind for the Starknet Hackathon lol). Truly, to everyone who reached out to us, thanks for your time and please understand that this “fence-sitting” by us is not one of inactivity and irresponsibility, but one of careful thought, debate, ultimate stalemate. We’d also like to note that as an organization, we’ll look to continuously improve our internal governance decisions and poise ourselves to better tackle similar situations like this in the future.

Finally, we’d once again like to thank the UF team for their constant communication these past few weeks, the BD teams of both LayerZero and Wormhole who we’re sure have both lost many hours of sleep, and other participants who have either reached out to us or been very responsive with help (@GFXlabs, @Kydo & other schools, VCs, and other interested projects and protocols). We truly are impressed with the activity around this and hope to see it stay around.

PS: Seeing that there’s a good chance this vote might come down to a16z’s verbal communication on the forums, but no vote on Snapshot (custody hurdles?), we’re interested in how this situation will be handled, is there a precedent set here yet?

4 Likes

A Multi-bridge Implementation for Uniswap Governance is Now Available

It is now quite clear that the initial concern raised by the community about Celer’s upgradability contract, which we addressed here and plan to deprecation soon, is absolutely not bigger concerns comparing to many of the issues revealed and discussed in the forum.

While we have a lot to say about the ongoing debates in the forum and CT, we refrain from doing so and instead now deliver a multi-bridge Uniswap governance solution that is vendor-lock-in-free for Uniswap community to consider.

For Uniswap community who has not casted votes yet, please vote for Celer to express your support for this kind of multi-bridge solution.

This solution is strictly better than choosing a single bridge in terms of security and availability. In addition, it also retains the strongest bargaining power in the hands of Uniswap community to always receive the best services. See this for more context.

The implementation combines both Celer and Wormhole and is open-sourced here

All other bridges/cross-chain solutions such as LayerZero can be added easily via adapters.

We are setting up a testnet transaction to demonstrate this end-to-end. @Wormhole team we hope that you can help to set up a relayer for this because otherwise the only easy way would be deploying on Avalanche and BSC testnet where Wormhole generic relayers are available to our knowledge. Feel free to DM!

Now let’s get to the solution specification.

Send Cross-Chain Messages through Multiple Bridges

This is a solution for cross-chain message passing without vendor lock-in and with enhanced security beyond any single bridge. A message with multiple copies are sent through different bridges to the destination chains, and will only be executed at the destination chain when the same message has been delivered by a quorum of different bridges.

The current solution are designed for messages being sent from one source chain to multiple destination chains. It also requires that there is only one permitted sender on the source chain. This would be the use case for Uniswap governance contract on Ethereum
calling remote functions of contracts on other EVM chains.

Workflow

Send message on source chain

To send a message to execute a remote call on the destintion chain, sender on the source chain should call remoteCall() of MultiBridgeSender, which invokes sendMessage() of every bridge sender apdater to send messages via different message bridges.

┌─────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Source chain                                                                                            │
│                                                                                                         │
│                                                             ┌─────────────────┐   ┌───────────────────┐ │
│                                                         ┌──►│ Bridge1 Adapter ├──►│ Bridge1 Contracts │ │
│                                                         │   └─────────────────┘   └───────────────────┘ │
│                                                         │                                               │
│ ┌────────┐remoteCall()┌───────────────────┐sendMessage()│   ┌─────────────────┐   ┌───────────────────┐ │
│ │ Caller ├───────────►│ MultiBridgeSender ├─────────────┼──►│ Bridge2 Adapter ├──►│ Bridge2 Contracts │ │
│ └────────┘            └───────────────────┘             │   └─────────────────┘   └───────────────────┘ │
│                                                         │                                               │
│                                                         │   ┌─────────────────┐   ┌───────────────────┐ │
│                                                         └──►│ Bridge3 Adapter ├──►│ Bridge3 Contracts │ │
│                                                             └─────────────────┘   └───────────────────┘ │
│                                                                                                         │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Receive message on destination chain

On the destination chain, MultiBridgeReceiver receives messages from every bridge receiver adapter. Each receiver adapter gets encoded message data from its bridge contracts, and then decode the message and call receiveMessage() of MultiBrideReceiver.

MultiBridgeReceiver maintains a map from bridge adapter address to its power. Only adapter with non-zero power has access to receiveMessage() function. If the accumulated power of a message has reached the a threshold, which means enough number of different bridges have delivered a same message, the message will be executed by the MultiBrideReceiver contract.

The message execution will invoke a function call according to the message content, which will either call functions of other contracts, or call the param adjustment functions of the MultiBridgeReceiver itself. Note that the only legit message sender is the trusted dApp contract on the source chain, which means only that single dApp contract has the ability to execute functions calls through the MultiBridgeReceiver contracts on different other chains.

┌────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Destination chain                                                                                          │
│                                                                                                            │
│ ┌───────────────────┐   ┌─────────────────┐                                                                │
│ │ Bridge1 Contracts ├──►│ Bridge1 Adapter ├──┐                                                             │
│ └───────────────────┘   └─────────────────┘  │                                                             │
│                                              │                                                             │
│ ┌───────────────────┐   ┌─────────────────┐  │receiveMessage()┌─────────────────────┐ call()  ┌──────────┐ │
│ │ Bridge1 Contracts ├──►│ Bridge2 Adapter ├──┼───────────────►│ MultiBridgeReceiver ├────────►│ Receiver │ │
│ └───────────────────┘   └─────────────────┘  │                └─────────────────────┘         └──────────┘ │
│                                              │                                                             │
│ ┌───────────────────┐   ┌─────────────────┐  │                                                             │
│ │ Bridge2 Contracts ├──►│ Bridge3 Adapter ├──┘                                                             │
│ └───────────────────┘   └─────────────────┘                                                                │
│                                                                                                            │
└────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Add new bridge and update threshold

Below are steps to add a new bridge (e.g. Bridge4) by the dApp community.

  1. Bridge4 provider should implement and deploy Bridge4 adapters on source chain and all destination chains. The adapter contracts should meet the following requirements.
    • On the source chain, the sender adapter should only accept sendMessage() call from MultiBridgeSender.
    • On the destination chain, the receiver adapter should only accept messages sent from the Bridge4 sender adapter on the source chain, and then call receiveMessage() of MultiBridgeReceiver for each valid message.
    • Renounce any ownership or special roles of the adapter contracts after inital parameter setup.
  2. Bridge4 provider deploy and open source the adapter contracts. dApp community should review the code and check if the requirements above are met.
  3. dApp contract (Caller) on the source chain adds the new Bridge4 sender adapter to MultiBridgeSender on the source chain by calling the addSenderAdapters() function of MultiBridgeSender.
  4. dApp contract (Caller) on the source chain adds the new Bridge4 receiver adapter to MultiBridgeReceiver on the destination chain by calling the remoteCall() function of MultiBridgeSender, with arguments to call updateReceiverAdapter() of the MultiBridgeReceiver on the destination chain.

Updating quorum threshold is similar to configure a new bridge receiver adapter on destination chain. It requires a remoteCall() from the source chain Caller with calldata calling updateQuorumThreshold() of the MultiBridgeReceiver on the destination chain.

Example

Use case: contract A on Goerli send message to contract B on BSC Testnet in order to call enableFeeAmount() for state change. Apply a 2-of-3 messages governance model with message bridge C, D and E.

Deployment and initialization

  • Deploy MultiBridgeSender on Goerli, set address of A as allowed caller.
  • Deploy MultiBridgeReceiver on BSC Testnet.
  • Each message bridge provider prepare their own SenderAdapter and ReceiverAdapter, named with a prefix of their bridge name. Take preparation of CSenderAdapter and CReceiverAdapter as an example.
    • Deploy CSenderAdapter on Goerli, set address of MultiBridgeSender as multiBridgeSender.
    • Deploy CReceiverAdapter on BSC Testnet, set address of MultiBridgeReceiver as multiBridgeReceiver.
    • Call updateReceiverAdapter() of CSenderAdapter, set address of CReceiverAdapter on BSC Testnet(chain id 97) as a valid ReceiverAdapter.
    • Call updateSenderAdapter() of CReceiverAdapter, set address of CSenderAdapter on Goerli(chain id 5) as a valid SenderAdapter.
    • Transfer ownership of CSenderAdapter and CReceiverAdapter to address(0).
  • Once all message bridges are ready, somehow let contract A call addSenderAdapters() of MultiBridgeSender with an address array of CSenderAdapter, DSenderAdapter and ESenderAdapter.
  • Call initialize() of MultiBridgeReceiver, with an address array of CReceiverAdapter, DReceiverAdapter and EReceiverAdapter, and power threshold 2.

Sending your message

Prepare a calldata for contract B for calling enableFeeAmount(), then somehow let contract A call remoteCall() of MultiBridgeSender with _dstChainId = 97, _target = <address of contract B> and _callData = <calldata you prepared>.

Result

Imagine that the messages sent via C, D and E received by MultiBridgeReceiver on BSC Testnet in an order of 1.C 2.D 3.E. During receiving message sent via D, accumulated power reaches power threshold 2, which result in message execution(the calldata will be sent to contract B).

Notes to the community

We are more than happy to answer any questions, help with tests, collaborate with similar-minded builders like @AlexSmirnov, iterate based on feedbacks and provide audits from community selected firms.

Although Celer, being a 2018-vintage project, does not have the backing of large UNI-holding investors at this moment, we do trust the integrity and intelligence of all the Uniswap delegates to choose this positive-sum path that ensures the highest level of security and service quality for Uniswap’s multi-blockchain expansion.

We will update this post with testnet transactions once we worked through the small integration work using @Wormhole .

6 Likes

Posting here that I fall into camp that Leighton and Jesse do above.

I abstained from the vote, as I think the process here was unclear and not a comprehensive look at solutions. I also think that singular bridge choices are worse for the ecosystem. Agree with Jesse that competition and choice are best for everyone.

Based on everything above I’d probably lean Layer Zero, but my perspective on the process here is more important to me.

2 Likes