Uniswap: problems with the LayerZero bridge

Voting via snapshot to select the cross-chain bridge between Ethereum and BNB Chain to be used on Uniswap v3 ended today. 

Indeed, following the positive outcome of the poll on the possible landing of Uniswap on BNB chain, work has begun on the long process of implementing all the necessary tools to enable the DEX to work on the Binance blockchain as well. 

A few days ago the executive director of the Uniswap Foundation, Devin Walsh, launched a new non-binding survey regarding the bridge that could be used to enable the Uniswap protocol on Ethereum to communicate with its version on BSC chain. 

The poll proposes a choice of four bridges: Wormhole, LayerZero, deBridge and Celer. 

Right now Wormhole is slightly ahead of LayerZero, but only barely. 

Uniswap’s choice and LayerZero’s problems

The recent problems of LayerZero may weigh on the outcome of this poll, which concerns the world’s largest DEX (Uniswap). 

In reality, these are not confirmed problems, only allegations, which may have been brought up specifically to try to damage Bridge’s reputation so that it would lose the poll that ends today. 

It all stems from a post yesterday by the founder of another cross-chain bridging service,  

James Prestwich of Nomad claimed that LayerZero has a backdoor that would allow it to bypass security controls to pass data without anyone’s permission.

According to Prestwich, these would be two critical vulnerabilities, one in the Endpoint smart contract and another in the UltraLightNodeV2 smart contract. Through these vulnerabilities LayerZero’s MultiSig could “exploit user applications by passing arbitrary messages to the application without Relayer or Oracle sign-off.”

Prestwich’s allegations are very serious, because he also claims that the vulnerability is being actively exploited by LayerZero code, suggesting that not only is the LayerZero team aware of it, but also that they are deliberately hiding the control they would actually have over applications.

As such, in theory LayerZero would have the ability to unilaterally steal or move locked funds to platforms that use its bridging services with default settings. 

Pellegrino’s denial

LayerZero co-founder Bryan Pellegrino denied the existence of such a backdoor and also denied that the team ever tried to hide it. 

He explained that each application has the ability to select only the security properties it intends to use, so that the configuration is set up so that no one can ever do what Prestwich speculates. 

Indeed, according to Pellegrino, Prestwich himself would know that calling this feature a critical security vulnerability is crazy.

Thus, it is worth noting that Pellegrino did not deny the existence of what Prestwich calls “critical vulnerabilities” in Endpoint and UltraLightNodeV2 smart contracts, but only denied that these are indeed critical vulnerabilities. 

It is important to keep in mind that Prestwich’s bridge, Nomad, is in fact a competitor to Pellegrino. 

Furthermore, Pellegrino claims that other bridges, such as Nomad and Wormhole, also have similar characteristics, stating that in the worst case scenario LayerZero functions in the same way that Wormhole or Nomad does. 

Perhaps this is why such allegations do not seem to have had a particularly severe impact on the current survey, seeing as Wormhole is ahead of LayerZero only by very few votes. 

This is partly because Nomad’s very bridge in August last year was attacked by hackers who exploited an exploit to steal about $200 million in funds. 

Bridges

Bridges are one of the critical points of the crypto ecosystem. 

Individual blockchains, including Ethereum and BNB chains, are not able to exchange information directly, but to do so they require precisely so-called “bridges.” 

The task of bridges is to operate simultaneously on different blockchains so as to extract information from one and make it available on the other. 

For example, all of the so-called wrapped tokens are tokens created on bridges so that tokens from other blockchains can be represented on those on which the bridge operates. 

Since they are non-native tools, bridges can have vulnerability issues, depending on who created them, how they were created, and whether or not they have been tested. Since they are smart contracts with open source code anyone can theoretically check them, but sometimes it happens that some eventual problem slips through the cracks. 

By now, countless times it has happened that some hacker has discovered vulnerabilities on some bridge and exploited it to steal tokens. 

Therefore the concerns raised by Prestwich cannot be ignored, however if a bridge proves to be solid over time it can be considered quite reliable. 

Moreover, in many cases the different bridges actually work very similarly, since they all do virtually the same thing with the same tools, as Pellegrino himself pointed out. So the vulnerability cases are isolated, albeit numerous, and for many of them the solutions are also already well known and tested. 

Source: https://en.cryptonomist.ch/2023/01/31/uniswap-problems-with-the-layerzero-bridge/