Difference between revisions of "Wormhole (W)"

From CryptoWiki

m (1 revision imported)
m
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
[https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
"Despite being best known for its [[token]] and [[Non Fungible Tokens (NFTs)|NFT]] bridging solution, Wormhole is actually an arbitrary message-passing protocol allowing for cross-chain exchanges of data between fourteen chains and counting. In particular, it’s widely known for connecting [[Ethereum (ETH)|Ethereum]] to the [[Solana (SOL)|Solana]] and Terra ecosystems."
== Basics ==
== Basics ==


* Started in [https://cryptobriefing.com/solana-has-introduced-ethereum-bridge-called-wormhole/ 9-10-2020]
* Started in [https://cryptobriefing.com/solana-has-introduced-ethereum-bridge-called-wormhole/ 9-10-2020]
* [[Mainnet]] release: [https://wormholecrypto.medium.com/introducing-wormhole-32b16d795c01 10-8-2021]
* [[Mainnet]] release: [https://wormholecrypto.medium.com/introducing-wormhole-32b16d795c01 10-8-2021]
* A [[bridge]] between [[Solana (SOL)|Solana]], [[Ethereum (ETH)|Ethereum]], [[Terra (LUNA)|Terra]] and [[Binance|BSC]]. In which 19 well known [[Proof-of-Stake (PoS)|staking]]/[[node]] providers come to [[Consensus Algorithm|consensus]] on the [[Transaction (Tx)|tx]].
* A [[bridge]] between [[Solana (SOL)|Solana]], [[Ethereum (ETH)|Ethereum]], [[Terra (LUNA)|Terra]] and [[Binance|BSC]] in which 19 known [[Proof-of-Stake (PoS)|staking]]/[[node]] providers come to [[Consensus Algorithm|consensus]] on the [[Transaction (Tx)|tx]].


== Guardians ==
== Guardians ==


* [[Certus One]]; the team [https://rekt.news/wormhole-rekt/ behind] the Wormhole bridge. Certus One got [https://www.thetradenews.com/jump-trading-acquires-defi-infrastructure-firm-certus-one/ acquired] by [[Jump Trading]] (5-8-2021). Which [https://thedefiant.io/wormhole-bailout/ bailed out] Wormhole after it got exploited (3-2-2022).
*[[Certus One]]; the team [https://rekt.news/wormhole-rekt/ behind] the Wormhole bridge. Certus One got [https://www.thetradenews.com/jump-trading-acquires-defi-infrastructure-firm-certus-one/ acquired] by [[Jump Trading]] (5-8-2021). Which [https://thedefiant.io/wormhole-bailout/ bailed out] Wormhole after it got exploited (3-2-2022).  
* From the [https://wormholecrypto.medium.com/introducing-wormhole-32b16d795c01 introduction post] (10-8-2021):
* From the [https://wormholecrypto.medium.com/introducing-wormhole-32b16d795c01 introduction post] (10-8-2021):


[[Chorus One]], [[Staked (Company)|Staked.us]], P2P Validator, triton.one, [[Certus One]], [[Everstake]], Chainode Tech, ChainLayer, Staking Fund, [[Dokia Capital|Dokia]], [[01node|01Node]], Moonlet, Inotel, [[Figment Networks|Figment]], [[Staking Facilities]], [[HashQuark]], Forbole, Syncnode and Smith MCF.
[[Chorus One]], [[Staked (Company)|Staked.us]], P2P [[Validator]], triton.one, [[Certus One]], [[Everstake]], Chainode Tech, ChainLayer, [[Staking]] Fund, [[Dokia Capital|Dokia]], [[01node|01Node]], Moonlet, Inotel, [[Figment Networks|Figment]], [[Staking Facilities]], [[HashQuark]], Forbole, Syncnode and Smith MCF.
==Audits & Exploits==
==Audits & Exploits==
*[[Bug bounty]] program can be found [insert here].
*This protocol offers an [https://www.defisafety.com/app/pqrs/530 active] (3-11-2022) [[bug bounty]] of [https://immunefi.com/bounty/wormhole/ $10M].
*The  [[DeFi Safety]] score got [https://t.me/c/1453353094/13123 updated] (7-1-2023): ''"Based on some comments from the wormhole team on their Guardian mode we have increased their score to 75% with imporvements on time lock and pause control scores."''
*Previously scored [https://www.defisafety.com/app/pqrs/530 69%] (3-11-2022):
''"There is a little over 100% testing to code. No test coverage evidence was found, but clearly there's a complete set of tests. This protocol has not undergone [[Formal Verification|formal verification]]. There is a [https://wormhole.com/security/ page] of many audits. We have reviewed two different ones. Several links go to the same file. ([https://storage.googleapis.com/wormhole-audits/2022-01-10_neodyme.pdf here] and [https://storage.googleapis.com/wormhole-audits/2022-07-01_kudelski.pdf here]). Each review did find significant vulnerabilities but they were properly resolved. [[Admin Key|Admin control]] information is not clearly defined in the documentation. A mention of a 2/3 [[Multi-Signature|multisig]] for the 19 guardians over gas prices are mentioned. The Guardian contracts are [https://book.wormhole.com/wormhole/5_guardianNetwork.html#upgradability mentioned] to be upgradeable, but that leaves a lot of contracts without immutability/upgradeability documentation. [[Smart Contract (SC)|Smart contract]] change capabilities are not identified. This protocol's pause control is not documented. This protocol has no [[timelock]] documentation."''
*[https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
''"Wormhole has been [https://github.com/wormhole-foundation/wormhole/blob/dev.v2/SECURITY.md#white-hat-hacking-on-wormhole audited] by Neodyme and Kudelski (x2). It has audits by OtterSec, Certik, Halborn, Trail of Bits, and Coinspect scheduled for Q3 2022. Moreover, it has the largest bounty in the crypto space via a $10 million offer on Immunefi."''
 
===Bugs/Exploits===
===Bugs/Exploits===


* [https://rekt.news/wormhole-rekt/ From] [[Rekt]] (3-2-2022):
* [[CertiK (CTK)|Certik]] [https://news.bitcoin.com/proactive-detection-by-certik-saves-wormhole-bridge-from-potential-5-million-hack/ prevented] a potentially disastrous $5 million exploit in the Wormhole cross-chain bridge by identifying a critical bug (14-5-2024).
*Wormhole uninitialized proxy [https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a disclosed], $10 million bounty paid (21-5-2022).
*[https://rekt.news/wormhole-rekt/ From] [[Rekt]] (3-2-2022):


''"Minutes after [[samczsun]] pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit” The exploit was later [https://twitter.com/samczsun/status/1488974372756987906 addressed] directly, with a bold promise to restore the funds .Less than 24 hours later, and the backing has just [https://twitter.com/wormholecrypto/status/1489232008521859079 been restored].''
''"Minutes after [[samczsun]] pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit” The exploit was later [https://twitter.com/samczsun/status/1488974372756987906 addressed] directly, with a bold promise to restore the funds .Less than 24 hours later, and the backing has just [https://twitter.com/wormholecrypto/status/1489232008521859079 been restored].''


''The Wormhole was manipulated into crediting 120k [[Ethereum (ETH)|ETH]] as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in [[Wrapped Tokens|wrapped]] whETH (Wormhole ETH) on Solana. 93,750 ETH was bridged back to Ethereum over the course of 3 transactions where it still [https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es remains] in the hacker’s [[wallet]]. The remaining ~36k whETH were liquidated on Solana into USDC and SOL."''
''The Wormhole was manipulated into crediting 120k [[Ethereum (ETH)|ETH]] as having been deposited on [[Ethereum]], allowing for the hacker to mint the equivalent in [[Wrapped Tokens|wrapped]] whETH (Wormhole ETH) on [[Solana]]. 93,750 ETH was [[bridged]] back to Ethereum over the course of 3 [[transactions]] where it still [https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es remains] in the hacker’s [[wallet]]. The remaining ~36k whETH were liquidated on Solana into [[USDC]] and SOL."''
==Token==
===Launch===
 
* [[Airdropped]] part of their token in April 2024. [https://x.com/Pland__/status/1775670448203649063?t=UVsjODzJYJuvgmBPbNUBEA&s=35 Including] to the Wormhole hacker.
 
===Token Allocation===
===Inflation===
===Utility===
====Burns====
===Other Details===
==Technology==
*[[Whitepaper]] or docs can be found [https://docs.wormhole.com/wormhole/ here].
*Code can be viewed [https://github.com/wormhole-foundation/wormhole here]. [https://www.defisafety.com/app/pqrs/530 From] [[DeFi Safety]] (3-11-2022):
''"The wormhole repository has over 2500 commits, earning the protocol 100%."''
 
===Implementations===
* Consensus mechanism:
*Algorithm:
====Transaction Details====
*Capacity ([[TPS]]):
*[[Latency]]:
===How it works===
 
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
 
''"Wormhole’s design is simple. It is a [[Proof-of-Authority (PoA)|proof-of-authority]] network governed by 19 validators. Each blockchain supported by Wormhole is home to a “Core Bridge” contract. The core contracts emit messages to Guardians who verify and sign (aka approve) the message. This verified message is then relayed to the destination chain, where the message is processed and the cross-chain transaction finalized.''
 
''It is the guardian’s sole role to monitor the state of each supported Wormhole blockchain. Each Guardian observes and signs messages in isolation, with the resulting collection of signatures representing proof that a certain message is agreed upon by the Wormhole network. A message is only authentic if 2/3rds+ of Guardians have signed it.''
 
''Wormhole makes the following trust assumptions:''
 
# ''Externally verified by Guardians — Wormhole’s proof-of-authority system inherently trusts that Guardians can be trusted to verify transactions and that over 2/3rd of Guardians will not collude at a certain time.''
# ''Censorship risk— 1/3rd of Wormhole’s Guardians can collude to censor a message.''
# ''Guardians care about reputation — Wormhole relies on the fact that the potential benefit of collusion is lesser than the reputational cost of collusion for its Guardians. However, this could become a major issue if the benefits for ⅓ of the guardians outweigh the reputational cost of collusion.''
# ''Validators don’t have a bond — Guardians’ stake is not bonded, i.e., their stake won’t be slashed, or they won’t be penalized if they act maliciously. Thus, user funds are not protected by any bonding or [[slashing]] mechanism."''
 
===Fees===
===Upgrades===
===Staking===
====Validator Stats====
===Liquidity Mining===
===Scaling===
===Interoperability===
 
* [https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
 
''"Wormhole supports messaging across 14 blockchains, including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and [[Fantom (FTM)|Fantom]], along with [[Oasis Network (ROSE)|Oasis]], etc."''
 
=== Other Details===
== Oracle Method ==
 
* [https://www.defisafety.com/app/pqrs/530 From] [[DeFi Safety]] (3-11-2022):
 
''"Wormhole's [[oracle]] is defined to be the Guardian Network, consisting of 19 validators strapiucing signed messages, governed by a VAA [[Multi-Signature|multisig]]. This protocol does not document [[Frontrunners|front running]] mitigation techniques. This protocol does not document [[Flash Loan|flash loan]] mitigation techniques."''
 
== Usage ==
 
* [https://ournetwork.substack.com/p/ournetwork-issue-135?utm_source=substack&utm_medium=email From] [[Our Network]] (27-8-2022):
 
''"The [[Total Value Locked (TVL)|TVL]] on Wormhole bridge has come down significantly from a high of $4.67b to ~$500m. 80% of this TVL is locked on Ethereum with ETH accounting for about $174m. Terra, despite its crash earlier this year, still ranks at #2 by TVL.  Since most TVL is locked on Ethereum and most of it is ETH, it makes sense to look at where the ETH has been going. A few patterns are noticeable: most ETH has been going to Solana, and the monthly transfer volume is down significantly since December 2021."''
==Pros and Cons==
===Pros===
[https://blog.li.fi/navigating-arbitrary-messaging-bridges-a-comparison-framework-8720f302e2aa From] [[Li.Finance|Li.Fi]] (19-9-2022):
 
# ''"Non-[[Ethereum Virtual Machine (EVM)|EVM]] compatibility — Wormhole is one of the few messaging solutions that connects non-EVM compatible chains like [[Solana (SOL)|Solana]], [[Acala (ACA)|Acala]], [[Terra Classic (LUNC)|Terra Classic]], and [[Terra (LUNA)|Terra]] 2.0 to EVM-compatible chains like [[Ethereum (ETH)|Ethereum]] and [[Polygon (MATIC)|Polygon]].''
# ''Top tier validators — Wormhole is a proof-of-authority network secured by 19 “Guardians” that ensures cross-chain messages are safely transmitted. Among the “Guardians” are major companies like FTX, Certus One, Everstake, Staked, and Chorus One.''
# ''Seamless user experience — Wormhole charges exceedingly small fees (100 lamport, or less than a cent) when transacting from Solana. Furthermore, users simply need to create a transaction on the source chain and redeem it on the destination chain to execute a cross-chain transfer."''
 
===Cons ===
==Team, Funding and Partners==
===Team ===
*Full team can be found [here].
[[Jump Trading]] and Wormhole have “parted ways,” as per a Bloomberg [https://www.bloomberg.com/news/articles/2023-11-17/jump-spins-off-wormhole-project-shrinking-its-crypto-business article] (19-11-2023) quoting “people with knowledge of the matter.” The account further reveals that former Jump executives Saeed Badreg and Anthony Ramirez have allegedly departed to manage Wormhole independently.
 
* [[Robinson Burkey]]; foundation
 
===Funding===
 
* Wormhole has secured $225 million in funding (29-11-2023) by [[Brevan Howard]], [[Coinbase (COIN)|Coinbase Ventures]], [[Multicoin Capital]], [[Jump Trading]], [[ParaFi Capital|ParaFi]], [[Dialectic]], Borderless Capital, [[Arrington XRP Capital|Arrington Capital]], and more.
* The Wormhole Ecosystem Fund invested in the [https://x.com/solayer_labs/status/1828493462460867033 $12M] raise of [[Solayer]] (28-8-2024).
 
=== Partners===
==(:==
Knowledge empowers all and will help us get closer to the [[decentralised|decentralized]] world we all want to live in!
 
Making these free wiki pages is fun but takes a lot of effort and time.
 
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
 
[[Solana (SOL)|SOL]] tip [[address]]: EWewBNBRpBgbECg76MmwSxpsyDsdJ8eua5UAD3VXtwKL
[[Category:Companies/Organisations]]
[[Category:Companies/Organisations]]

Latest revision as of 04:26, 31 October 2024

From Li.Fi (19-9-2022):

"Despite being best known for its token and NFT bridging solution, Wormhole is actually an arbitrary message-passing protocol allowing for cross-chain exchanges of data between fourteen chains and counting. In particular, it’s widely known for connecting Ethereum to the Solana and Terra ecosystems."

Basics

Guardians

Chorus One, Staked.us, P2P Validator, triton.one, Certus One, Everstake, Chainode Tech, ChainLayer, Staking Fund, Dokia, 01Node, Moonlet, Inotel, Figment, Staking Facilities, HashQuark, Forbole, Syncnode and Smith MCF.

Audits & Exploits

  • This protocol offers an active (3-11-2022) bug bounty of $10M.
  • The DeFi Safety score got updated (7-1-2023): "Based on some comments from the wormhole team on their Guardian mode we have increased their score to 75% with imporvements on time lock and pause control scores."
  • Previously scored 69% (3-11-2022):

"There is a little over 100% testing to code. No test coverage evidence was found, but clearly there's a complete set of tests. This protocol has not undergone formal verification. There is a page of many audits. We have reviewed two different ones. Several links go to the same file. (here and here). Each review did find significant vulnerabilities but they were properly resolved. Admin control information is not clearly defined in the documentation. A mention of a 2/3 multisig for the 19 guardians over gas prices are mentioned. The Guardian contracts are mentioned to be upgradeable, but that leaves a lot of contracts without immutability/upgradeability documentation. Smart contract change capabilities are not identified. This protocol's pause control is not documented. This protocol has no timelock documentation."

"Wormhole has been audited by Neodyme and Kudelski (x2). It has audits by OtterSec, Certik, Halborn, Trail of Bits, and Coinspect scheduled for Q3 2022. Moreover, it has the largest bounty in the crypto space via a $10 million offer on Immunefi."

Bugs/Exploits

  • Certik prevented a potentially disastrous $5 million exploit in the Wormhole cross-chain bridge by identifying a critical bug (14-5-2024).
  • Wormhole uninitialized proxy disclosed, $10 million bounty paid (21-5-2022).
  • From Rekt (3-2-2022):

"Minutes after samczsun pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit” The exploit was later addressed directly, with a bold promise to restore the funds .Less than 24 hours later, and the backing has just been restored.

The Wormhole was manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana. 93,750 ETH was bridged back to Ethereum over the course of 3 transactions where it still remains in the hacker’s wallet. The remaining ~36k whETH were liquidated on Solana into USDC and SOL."

Token

Launch

Token Allocation

Inflation

Utility

Burns

Other Details

Technology

"The wormhole repository has over 2500 commits, earning the protocol 100%."

Implementations

  • Consensus mechanism:
  • Algorithm:

Transaction Details

How it works

"Wormhole’s design is simple. It is a proof-of-authority network governed by 19 validators. Each blockchain supported by Wormhole is home to a “Core Bridge” contract. The core contracts emit messages to Guardians who verify and sign (aka approve) the message. This verified message is then relayed to the destination chain, where the message is processed and the cross-chain transaction finalized.

It is the guardian’s sole role to monitor the state of each supported Wormhole blockchain. Each Guardian observes and signs messages in isolation, with the resulting collection of signatures representing proof that a certain message is agreed upon by the Wormhole network. A message is only authentic if 2/3rds+ of Guardians have signed it.

Wormhole makes the following trust assumptions:

  1. Externally verified by Guardians — Wormhole’s proof-of-authority system inherently trusts that Guardians can be trusted to verify transactions and that over 2/3rd of Guardians will not collude at a certain time.
  2. Censorship risk— 1/3rd of Wormhole’s Guardians can collude to censor a message.
  3. Guardians care about reputation — Wormhole relies on the fact that the potential benefit of collusion is lesser than the reputational cost of collusion for its Guardians. However, this could become a major issue if the benefits for ⅓ of the guardians outweigh the reputational cost of collusion.
  4. Validators don’t have a bond — Guardians’ stake is not bonded, i.e., their stake won’t be slashed, or they won’t be penalized if they act maliciously. Thus, user funds are not protected by any bonding or slashing mechanism."

Fees

Upgrades

Staking

Validator Stats

Liquidity Mining

Scaling

Interoperability

"Wormhole supports messaging across 14 blockchains, including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Fantom, along with Oasis, etc."

Other Details

Oracle Method

"Wormhole's oracle is defined to be the Guardian Network, consisting of 19 validators strapiucing signed messages, governed by a VAA multisig. This protocol does not document front running mitigation techniques. This protocol does not document flash loan mitigation techniques."

Usage

"The TVL on Wormhole bridge has come down significantly from a high of $4.67b to ~$500m. 80% of this TVL is locked on Ethereum with ETH accounting for about $174m. Terra, despite its crash earlier this year, still ranks at #2 by TVL. Since most TVL is locked on Ethereum and most of it is ETH, it makes sense to look at where the ETH has been going. A few patterns are noticeable: most ETH has been going to Solana, and the monthly transfer volume is down significantly since December 2021."

Pros and Cons

Pros

From Li.Fi (19-9-2022):

  1. "Non-EVM compatibility — Wormhole is one of the few messaging solutions that connects non-EVM compatible chains like Solana, Acala, Terra Classic, and Terra 2.0 to EVM-compatible chains like Ethereum and Polygon.
  2. Top tier validators — Wormhole is a proof-of-authority network secured by 19 “Guardians” that ensures cross-chain messages are safely transmitted. Among the “Guardians” are major companies like FTX, Certus One, Everstake, Staked, and Chorus One.
  3. Seamless user experience — Wormhole charges exceedingly small fees (100 lamport, or less than a cent) when transacting from Solana. Furthermore, users simply need to create a transaction on the source chain and redeem it on the destination chain to execute a cross-chain transfer."

Cons

Team, Funding and Partners

Team

  • Full team can be found [here].

Jump Trading and Wormhole have “parted ways,” as per a Bloomberg article (19-11-2023) quoting “people with knowledge of the matter.” The account further reveals that former Jump executives Saeed Badreg and Anthony Ramirez have allegedly departed to manage Wormhole independently.

Funding

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

SOL tip address: EWewBNBRpBgbECg76MmwSxpsyDsdJ8eua5UAD3VXtwKL