Difference between revisions of "Multichain (ANY)"
m (1 revision imported) |
wiki_crypto>Zeb.dyor (→Audits) |
||
Line 20: | Line 20: | ||
===Bugs/Exploits=== | ===Bugs/Exploits=== | ||
* From [[Week In Ethereum|Week in Ethereum]] (22-1-2022): | |||
''"Multichain bridge [https://twitter.com/MultichainOrg/status/1483733455296860160 vulnerability], 600 [[Ethereum (ETH)|ETH]] exploited."'' | |||
* [https://www.rekt.news/anyswap-rekt/ From] [[Rekt]] (13-7-2021): | * [https://www.rekt.news/anyswap-rekt/ From] [[Rekt]] (13-7-2021): | ||
Line 33: | Line 32: | ||
''Anyswap call themselves a “[[trustless]] protocol”, but perhaps that label no longer has the desired effect after such a damning evaluation from a leading [[Ethereum (ETH)|Ethereum]] developer."'' | ''Anyswap call themselves a “[[trustless]] protocol”, but perhaps that label no longer has the desired effect after such a damning evaluation from a leading [[Ethereum (ETH)|Ethereum]] developer."'' | ||
* [https://mobile.twitter.com/MultichainOrg/status/1483110393543544832 From] their Twitter (17-1-2022): | |||
<blockquote>''Critical vulnerability that affected 6 tokens ([[Wrapped Ethereum (WETH)|WETH]], PERI, OMT, WBNB, [[Polygon (MATIC)|MATIC]], [[Avalanche (AVAX)|AVAX]]) has been reported and fixed. All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely.:''</blockquote> | |||
==Governance== | ==Governance== | ||
===Admin Key=== | ===Admin Key=== |
Revision as of 06:44, 24 January 2022
Basics
History
- Rebranded from Anyswap to Multichain (2022).
Audits
- Bug bounty program can be found [insert here].
- From Rekt (13-7-2021):
"Anyswap will reward anyone who reports bugs to us. This will help us build truly secure and even better cross-chain solutions."
Bugs/Exploits
- From Week in Ethereum (22-1-2022):
"Multichain bridge vulnerability, 600 ETH exploited."
"The funds lost were all $ pegged stablecoins totalling approximately $7.9M. The root of the exploit lay in the prototype V3 Router’s use of ECDSA, the algorithm securing its MPC wallet by generating private keys. This potential security flaw has been known since 2010, when console hacking group fail0verflow detailed the process here (p123-129). And its application to blockchain keys was later detailed in 2013. Despite this, Anyswap’s post-mortem states that the attacker detected a repeated k value in two of the V3 Router’s transactions on BSC, and was able to back-calculate the private key.
Anyswap stressed that “only the new V3 cross-chain liquidity pools have been affected” and that the bridge remains operational via V1 and V2 Routers. The post-mortem also states that the V3’s code has been fixed and will reopen after the 48hr timelock installed by the team expires. Although action was taken relatively quickly to prevent another attack, @nicksdjohnson is of the opinion that the patch does not do enough:
"Setting aside the fact that there's a much better, industry standard solution to this, their patch: Fails catastrophically (exposing users to another hack) if you accidentally delete a file, or restore from an old backup, or move to a new server. And it requires every signature request to scan every previous one, but really that's the smallest problem here."
Anyswap call themselves a “trustless protocol”, but perhaps that label no longer has the desired effect after such a damning evaluation from a leading Ethereum developer."
- From their Twitter (17-1-2022):
Critical vulnerability that affected 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) has been reported and fixed. All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely.:
Governance
Admin Key
DAO
Treasury
Token
Launch
Token Allocation
Utility
Other Details
Stablecoin
Coin Distribution
Technology
- Whitepaper can be found [insert here].
- Code can be viewed [insert here].
Implementations
- Built on: BSC
- Programming language used:
Transaction Details
How it works
Fee Mechanism
Upgrades
Mining
Staking
Validator Stats
Liquidity Mining
Scaling
Interoperability
- Also behind Allbridge.
Other Details
Oracle Method
Privacy Method
Compliance
Their Other Projects
Roadmap
- Can be found [Insert link here].
Usage
Projects that use or built on it
Competition
Pros and Cons
Pros
Cons
Team, Funding and Partners
Team
- Full team can be found [here].
Funding
Partners
(:
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31
Also check out CoinTr.ee for more content.