Thanks @ishaan, Blockchain at Michigan, and Proximity Labs for putting together this proposal!
I want to dig in to the security of the governance messaging passing bridge.
As background for the community, @tobyshorin summarized some of the risks to insecure implementations of bridges in his UGM Findings + Recommendation post here.
My chief concern is the risk of an attack that would send a malicious, invalid message to a cross-chain deployment of Uniswap v3 that would turn on fees and sends the fees to an attacker’s address, and/or changes ownership of the deployment’s Factory contract to the attacker’s address. This is a major security risk for the Protocol, and would also damage Uniswap’s reputation.
Thank you for using the template for cross-chain deployments here, however I do want to further clarify some of the information.
So to clarify here - it sounds like today, the bridge does NOT SUPPORT arbitrary message passing. Can you confirm? If this is correct can you please edit in the Consensus check (if Temp check is passed).
Will there be an audit of this contract prior to going live? Uniswap governance would be the first user of this connector contract?
Can you further clarify how this works?
Who are the members of the multi-sig? What is the difference between the Relayers and the multisig?
Is there a risk that the multi-sig could be subject to a Ronin or Horizon style hack which could send a malicious message of the type described above?
Can you clarify this - where does the multi-sig come into play?
Who are the watchdogs? How many are there, and how are they incentivized?