Wormhole x Axelar | Lido Bridge: Implementation for wstETH on BNB Chain

Proposals
23

Wormhole x Axelar Thoughts

Before the vote for this temperature check ends, LayerZero Labs would like to share thoughts on the Axelar/Wormhole joint proposal in the context of why we believe LayerZero V2 is a better solution.

Our current wstETH proposal can be found here. It outlines how Lido DAO may leverage LayerZero V2’s modular Security Stacks to extend wstETH to BNB Chain using a 2/2 or 3/3 verification setup that includes Polyhedra’s zkLightClient, a Nethermind DVN, and/or a third party bridge (like CCIP, Axelar, or Wormhole).

The argument can be broken down into two basic points:

1. Vendor Lock-In vs. Modular Security

This Axelar and Wormhole implementation risks vendor lock-in, as it is essentially a 2/2 multisig with the option for Lido DAO to “add more Endpoint providers," without instruction on how to do so or a roadmap for other bridges to be included. As shown by other multi-bridge solutions like xERC20, MMA, and Hashi, adding extra verification methods is not an easy task due to audits and development time. LayerZero Labs does not believe that Axelar and Wormhole are incentivized to push for additional bridges to be added here.

In contrast, LayerZero V2’s vendor-agnostic approach to security was designed to enable permissionless incorporation and evolution of verification methods. LayerZero V2 implicitly supports 15+ client-diverse Decentralized Verifier Networks (DVNs) that can be configured together to verify messages, including zkLight clients, native bridges, Ethereum client teams (like Nethermind), community signers (like StableLab and Gitcoin), and third-party bridges (like Axelar and CCIP). V2 also allows Lido DAO to configure its selection of message executors, what chains to deploy to, and how many block confirmations DVNs must wait for to verify a message for wstETH.

It is possible to wrap bridges as “Adapter” DVNs. At launch, Adapters for Axelar and CCIP will be live. If Lido DAO prefers to include Wormhole as a verification option, LayerZero V2 supports a Wormhole Adapter as well and LayerZero Labs will handle audit costs.

In other words, LayerZero V2 allows for Lido DAO to leverage multiple verification methods without being beholden to Axelar and Wormhole to continue working together to build third party Endpoints to tack onto their proposed architecture. Additionally, Lido DAO has the ability to change the verification methods used for wstETH messages at any time.

While biased, this is how Axelar/Wormhole versus LayerZero V2 should be imagined:

  • Axelar/Wormhole: dependency on new, untested code to conjoin two third-party bridges without a plan to expand to new bridges practically enforces vendor lock-in.

  • LayerZero V2: permissionless and configurable verification chosen by application developers ensures modularity.

2. Short-Term Collaboration vs Long-Term Solution

The multi-bridge approach posited by Axelar and Wormhole proposes an entirely new and untested codebase to accommodate a short-term BD win for two third-party bridges. Nearly all bridge hacks of the last 18 months have been a result of the introduction of smart contract upgrades or un-methodically tested (hardened over time x value secured) code. Even assuming positive collaborative intentions, the likelihood of a vulnerability in an ad-hoc implementation should be considered a very real risk. The LayerZero protocol has secured $40B+ over more than 18 months; the protocol was designed for the exact purpose of enabling multiple message verification methodologies and can support Axelar and Wormhole as options today.

Furthermore, the Axelar and Wormhole’s joint effort does not inherently guarantee future cooperation or extensibility to other chains. A few questions to consider here, based on the assumption that Axelar and Wormhole are competitors:

Are Axelar and Wormhole incentivized to…

  • work together long-term?
  • extend this wrapper to new chains and assets?
  • focus on auditing and shipping this product on time?
  • add new verification methods to this architecture?

LayerZero Labs believes the answer to each of these questions is no. And if Lido DAO members agree with us, then they should be worried about the long-term health of wstETH should this Axelar and Wormhole proposal be selected.

Conclusion

The Axelar and Wormhole proposal replicates features already present in LayerZero V2 (and other multi-bridge solutions like Hashi, MMA, and xERC20) but on a lesser scale. LayerZero V2’s architecture already encompasses the functionalities proposed by Axelar and Wormhole, rendering their solution somewhat redundant in the face of LayerZero’s more comprehensive, widely-adopted, and audited solution.

Good developer infrastructure should be both evergreen and adaptable and LayerZero V2 is good developer infrastructure. It is an immutable, permissionless, and censorship-resistant protocol built to support wstETH (and any token that uses the OFT standard) over a long time horizon.

For more information on LayerZero V2, please see our V2 Lido DAO proposal, V2 Medium post, V2 whitepaper, V2 documentation, and V2 launch video.

2 Likes
24

As the vote draws to a close, we wanted to express our appreciation for the strong show of support from the Lido DAO so far. Additionally, we wanted to take this opportunity to expand further on why we chose to collaborate on a joint solution as well as re-emphasize and clarify several aspects of our proposal.

  • No Vendor Lock In: The framework we have been collaborating with Axelar on is open source, extendable, and can accommodate additional verification providers in the future. It is up to the Lido DAO on whether they would like to expand this set beyond Axelar and Wormhole in the future. Since the implementation is open source, anyone — whether that be Axelar, Wormhole, Lido contributors, LayerZero, or someone else — can build new Endpoint contracts to use for additional verifiers.

  • Commitment to ship a future-proof solution and collaborate with the DAO:

    • As Jakov from the Network Expansion Workgroup (NEW) mentioned here, both Wormhole and Axelar have long histories of collaboration with the Lido DAO. As such, it is part of both Wormhole’s and Axelar’s missions to
      • Improve bridging UX
      • Support more chains
      • Enhance token bridging security via open-source features (such as rate-limiting and accounting)
      • Enhance cross-chain messaging security via future ZK verification

    The opportunity to build a solution for the Lido DAO while also moving these mutual goals forward is something we are very excited about and fully committed to.

  • Battle tested: The core codebases behind the Wormhole and Axelar solution, namely the Wormhole and Axelar networks, have both been live in production for at least 2 years. Wormhole ($38B) and Axelar ($7.5B) have collectively processed more volume than any other messaging protocol, including LayerZero. LayerZero V2 is a new and untested solution launched in December 2023, which uses validation mechanisms that haven’t been running in production.

  • Robust & Reliable UX: Our solution leverages Wormhole Standard Relaying and Axelar Gas Services to ensure that messages are quickly and reliably delivered from Ethereum mainnet to BNB. It can also be integrated into frontend UIs such as Wormhole Connect and Squid. It is important to note that LayerZero’s v2 messaging wrappers are not supported by Axelar nor Wormhole and do not solve a major challenge with cross-chain messaging: relaying verified messages to the destination chain. Unnecessarily adding LayerZero as an intermediary wrapper into this stack will ultimately hurt users.

We’d like to again link to the following:

  • Our technical update, which includes links and in-depth details about our open source implementation.
  • Our original post, which announces our partnership and covers high level details of our solution, as well as overviews of Wormhole and Axelar and our security programs

Finally, we’d like to close by addressing some key misrepresentations by LayerZero:

The claim that our design is “essentially a 2/2 multisig” is oversimplified — Wormhole and Axelar are both secured by large, decentralized, and battle tested sets of validators. 13 out of 19 Wormhole validators and 32 out of 75 Axelar validators (based on quadratic voting power of the current set) need to approve every message, resulting in strong security guarantees.

The claim that there is no plan to expand to new bridges is false and was previously addressed — the Lido DAO will have freedom to add more verification methods via Endpoint contracts in the future, especially as Wormhole and Axelar roll out ZK verification on Ethereum mainnet.

The claim that there is no plan to expand to new chains is untrue. Our solution can be used on any EVM-supported chain. That said, this vote is focused on bringing wstETH to BNB — we have correspondingly focused our proposal on that corridor.

The claim that we will not focus on audits and shipping this product in time is untrue — both Axelar team and Wormhole have done over 60 audits collectively, and run multi-million dollar bug bounties on Immunefi prioritizing theoretical and practical security.

LayerZero’s dismissal of our collaboration as “a short-term BD win for two third-party bridges” is misleading. Our partnership is a response to the community blowback towards LayerZero that we saw after their original proposal.

Our goal is to build the best solution for the Lido DAO. To accomplish that, we aim to act in good faith, bring strong technical proficiency, and uphold our industry’s strong ethos of open source, decentralization, and permissionlessness. We want to work together with the Lido DAO to build a solution that will address the community’s concerns around flexibility, security, and extensibility.

7 Likes
25

I’d suggest to implement xERC20 standard which is open and decentralized. Closed/Proprietary standards being proposed by L0/Wormhole/AXL are against the true ETHOS of crypto. Lido should not be compromising with sovereignty.

1 Like
27

Update and Mainnet Preparation

Wormhole and Axelar are excited to provide an update as we prepare for the mainnet launch of the industry’s first multi-chain solution for wstETH.

Tentative Timeline

  • June 3rd: 2nd Cyfrin audit begins on wstETH token.
    • Testnet deployment of wstETH
    • UI integration and testing with Squid Router and Wormhole Connect begins.
  • June 7th: wstETH token audit concludes.
  • June 10th: 3rd Cyfrin audit begins on Axelar Transceiver.
  • June 14th: Axelar Transceiver audit concludes.
  • June 17th - July 1st: A built in 2-week buffer is allocated to address any findings from audits, but this may not be needed.
  • July 1st: wstETH deployment on BNB Mainnet
    • Wormhole will go live for 2 weeks as per the governance post. wstETH will be available in the Wormhole Connect UI.
    • Axelar added as the second signer two weeks after wstETH mainnet deployment and wstETH available in Squid Router
  • July 18th or July 25th (pending Lido DAO): Lido DAO Snapshot vote to recognize the wstETH on BNB deployment as canonical

BNB chain launch and GTM support

For any BNB chain integrator interested in supporting wstETH on day 1, or if there are any questions around support for general go-to-market, including marketing and comms, please reach out on Telegram to:

  • Ossie Amir (@am_os) from the Wormhole Foundation
  • Jason Ma (@Jason_C_Ma) from the Axelar Foundation

A Note to the Community

Our original post was in late November with an estimated late January launch. The DAO governance process took two months and the vote for Wormhole-Axelar’s multibridge solution ultimately passed on January 24th of this year.

The two month delay resulting from the governance process pushed our estimated launch back. As both Axelar and Wormhole contributors value delivering a thorough and well-tested end solution, additional time was allocated for internal reviews and extra audits to uphold this mission. Today, the Wormhole and Axelar contributors are happy to share that the solution has already undergone 3 audits (Cyfrin, Spearbit Cantina, and an internal audit from Asymmetric Research), with two more on the way.

Thank you to the many community members who contributed by designing, implementing, and reviewing—your tremendous amount of man-hours and invaluable feedback have been instrumental to the upcoming launch.

Now that we’re in the final stretch of the project, we are excited to deliver a multi-chain solution for wstETH in the decentralized and robust manner voted for by the Lido DAO. Expect more updates as we approach the mainnet launch.

9 Likes
29

Hey everyone!

As part of an open and transparent contribution framework and an important milestone in industry-wide DAO transparency, I’m noting a disclosure point:

Some DAO contributors received W allocations either for personal actions via Wormhole bridge or via separate airdrop allocations based on public qualification.

It is important to note that no contributor was aware of the rules or eligibility before the airdrop, which happened after the Snapshot.

5 Likes
30

Update and Mainnet Deployment

We’ve successfully deployed the wstETH bridge connecting Ethereum and BNB Chain mainnets.

This bridge is now operational and is ready for official endorsement by the Lido DAO in the upcoming governance vote slot scheduled for this month. The new functionality enables wstETH transfers between Ethereum and BNB Chain networks and is live on Wormhole Connect. It’s also available for testing on Portal Bridge. *Please note that the solution is not considered canonical until it is passed by a formal Lido DAO governance vote (details below).

Axelar verification will be integrated on July 15th, establishing a 2-of-2 threshold to enhance security. We’ve provided detailed specifications for mainnet and testnet deployments, along with audit reports that can be accessed for review. These additional details on deployments and security audits are available below for those interested in a deeper technical understanding of the bridge’s implementation. We encourage users to explore the new bridge functionality and welcome feedback through our official channels.

Stay tuned for updates on the Lido DAO governance vote and further developments as we continue to improve cross-chain liquidity for staked ETH.

Timeline for DAO Recognition

  • July 15th: Axelar added as the second signer (another update will be shared at this milestone).
  • *[TENTATIVE] Dates for Lido DAO governance
    • July 25th: Lido DAO Snapshot vote period begins to recognize the wstETH on BNB deployment as canonical
    • August 1st: Lido DAO Snapshot vote period ends
    • August 2nd (pending Lido DAO governance): Lido DAO assumes taking over administrative roles for the wstETH contract (proxy admin) and NTT contracts.
    • *Note - The above dates above are tentative and subject to the Lido DAO.*

BNB chain launch and GTM support

As we approach launch, we’re in touch with several BNB projects and we’d like to invite any other BNB chain integrator interested in supporting wstETH to reach out with questions regarding gtm support, including marketing and comms. Please reach out on Telegram to:

  • Ossie Amir (@am_os) from the Wormhole Foundation
  • Jason Ma (@Jason_C_Ma) from the Axelar Foundation

Deployment Details and Contract Addresses

4 Likes
31

Update and Mainnet Configuration

Wormhole and Axelar Contributors have added Axelar verification to the mainnet deployment. The mainnet deployment configuration is now set for the DAO to vote on and adopt.

To provide complete transparency into the mainnet deployment, we are sharing information below on the mainnet contract addresses, parameters, and a breakdown and explanation of all administrative configuration transactions that were performed during the deployment. We will describe the testnet deployment in similar detail in a follow-up post.

Mainnet

Contracts

Description of contracts:

  • WstEthL2Token: This is the wstEth token contract deployed on BNB.
  • NTT Manager: The manager contract contains the core logic for the NTT framework. To perform transfers, users call into the transfer entry point, which then sends the cross-chain token transfer instruction through all of the registered transceivers. On the destination chain, the transceivers deliver the verified messages to the NTT Manager. The Manager then handles replay protection, enforcing the threshold attestation, and finally transferring tokens to the user to complete the cross-chain transfer. Read more about the NTT design, including the roles of the Manager and Transceivers here: GitHub - wormhole-foundation/example-native-token-transfers: Open, flexible, and composable framework for transferring tokens across blockchains without liquidity pools
  • Wormhole Transceiver: This is the transceiver implementation for Wormhole. It handles sending and receiving messages via Wormhole.
  • Axelar Transceiver: This is the transceiver implementation for Axelar. It handles sending and receiving messages via Axelar.
  • Transceiver Structs: This is a general library that is used to properly encode and decode NTT messages. It’s used by the NTT Manager and both Transceivers.

Parameters

Description of parameters:

  • WstEthL2Token
    • Owner: This address has the ability to upgrade the contract and set the minter address.
    • Minter: This address has the ability to mint new tokens. It is set to the NTT Manager contract, since that is the only contract that should be capable of minting new tokens when cross-chain transfers are performed from Ethereum.
  • NTT Manager
    • Outbound Rate Limit: This defines the total number of tokens that can leave a source chain during a 24 hour period. Rate limits are refreshed linearly. If a transfer violates the rate limit, users can choose to either revert the transaction to try again later, or queue the transaction for 24 hours and come back later to “complete” the transaction by taking it out of the queue and processing it on the source chain.
    • Inbound Rate Limit: This is a per-chain limit that defines the total number of tokens that can enter a given chain from another specified chain. The only other chain in this deployment is BNB, so we have set the same value as the outbound limit of 30,000 tokens. If a transfer violates the rate limit, it’ll get queued for 24 hours. Users can return after 24 hours to “complete” the transaction by taking it out of the queue and processing it.
    • Owner: This address has the ability to upgrade, set rate limits, add/configure Transceivers, set the threshold attestation requirement, and transfer ownership/pauser capability. The owner is also the only address allowed to unpause the contract.
    • Pauser: This address has the ability to call the pause function, which prevents anyone from initiating new outbound transfers or redeeming inbound transfers. The pauser is only allowed to pause the contract; they are not allowed to unpause the contract. The pauser can also transfer the pauser role to another address.
    • _mode: This enum value specifies whether the deployment is in LOCKING or BURNING mode. In LOCKING mode, tokens are locked/unlocked by the NTT Manager contract when sending/redeeming cross-chain transfers. In BURNING mode, tokens are burned/minted by the NTT Manager contract when sending/redeeming cross-chain transfers. The NTT Manager on Ethereum is set in LOCKING mode since wstEth on Ethereum mainnet cannot be burned/minted. The NTT Manager on BNB is set in BURNING mode since the WstEthL2Token can be burned/minted and allows setting a minter address (which is the NTT Manager).
    • _chainId: This value specifies the chain ID that the NTT Manager is deployed on. The chain IDs are formatted based on Wormhole Chain IDs.
    • _rateLimitDuration: This value sets the refresh basis for rate limiting and the duration for which queued transfers are held (in seconds). NTT rate limiting is based on a linear refresh. The value of 86400 sets the refresh basis to 24-hours. Read more about NTT rate limiting here.
    • _skipRateLimiting: This value specifies whether to skip the rate limiting feature entirely. It is set to False on both Ethereum and BNB, since rate limiting is used.
  • Wormhole
    • Core Contract: The Wormhole core bridge contract is responsible for emitting messages (when sending) and verifying messages (when receiving). The Wormhole Transceiver calls into the Wormhole core contract to send and verify messages properly.
    • Standard Relaying Contract: This is the contract that is used for Wormhole Standard Relaying. Wormhole Standard Relaying improves the user experience for bridging by allowing users to pay up front to automatic message delivery to the destination chain. The Wormhole Transceiver is integrated with Wormhole Standard Relaying so that the user experience of performing cross-chain wstEth transfers is as smooth as possible.
    • Special Relaying Contract: This is the contract that is used for automatically relaying Wormhole messages to/from Solana. While properly set to the correct address, it is currently unused since the Lido deployment only concerns Ethereum and BNB mainnets.
    • _consistencyLevel: This value specifies the level of finality to reach before the Wormhole Guardians will observe and attest the emitted event. This is a defense against reorgs and rollbacks since a transaction, once considered final, is guaranteed not to have the state changes it caused be rolled back. Read more about the consistency level here. See the Ethereum consistency level values here, and the BNB consistency level values here. The values used on Ethereum (1) and BNB (15) both instruct the Wormhole Guardians to wait until blocks are finalized before attesting to transfers.
    • Contract addresses and Wormhole registered chain IDs can be verified against the docs:
  • Axelar
    • Axelar Gateway: This is the contract that apps initiate or receive Axelar-powered cross-chain messages
    • Axelar Gas Service: This is an optional contract that apps can use to pay a relayer to execute their cross-chain message end-to-end
    • Axelar Transceiver Storage: The Axelar transceiver stores the bidirectional mapping between Axelar and Wormhole chain identifiers. Axelar uses string chain names as chain identifiers. The storage also contains a mapping from Wormhole chain identifier to the Axelar transceiver address and it’s hash, to know the trusted Transceiver address on remote chains for sending/receiving cross-chain messages.
    • Contract addresses and Axelar registered chain names/identifiers can be verified against Axelar docs or configs

Configuration Transactions

Note that the NTT Manager transfer ownership operation was executed twice to test that contributors could pass ownership back and forth between the multisig. Contributors ran this test because we did not want to raise a governance proposal for an accidentally bricked deployment.

The only transactions executed between transferring ownership back and forth on Ethereum and BNB were:

  1. Setting the NTT Manager outbound rate limit to 30,001
    1. Ethereum: Ethereum Transaction Hash (Txhash) Details | Etherscan
    2. BNB: BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
  2. Setting the NTT Manager outbound rate limit back to the correct value of 30,000
    1. Ethereum: Ethereum Transaction Hash (Txhash) Details | Etherscan
    2. BNB: https://bscscan.com/tx/0xe5810f53c16136a9a042897c03b49e6ff07e286bad784810017ced83c0f6d42e

Contributors made these two “dummy” transactions in between transferring ownership to sanity check that the new owner was still able to execute admin commands.

5 Likes
32

Testnet Deployment Details

Following up on the post above, which fully details the mainnet deployment, we are sharing complete details for the testnet deployment below.

Contracts

Parameters

Configuration Transactions

1 Like
33

We are also excited to share that Cyfrin has completed another audit on the NTT framework. This audit was performed over the diff from their previous NTT audit and the v1.1.0+evm release, which was used for this deployment. You can view both audits here:

We are also re-sharing the other audits which were performed by Cyfrin on the WstEthL2Token and the Axelar Transceiver:

*We’d like to note that the two findings in the original NTT Cantina audit were acknowledged and fixed. The first Cantina finding (3.1.1) was fixed by PR evm: Fix quoting with transceiver instructions by djb15 · Pull Request #360 · wormhole-foundation/example-native-token-transfers · GitHub. This was the same as finding 7.1.2 in the original/first Cyfrin report and was reviewed by Cyfrin before merging. The second Cantina finding (3.1.2) was fixed and audited by Wormhole Contributors and Asymmetric Research, as well as by Cyfrin in their latest audit: evm: Check forks on all entrypoints by djb15 · Pull Request #378 · wormhole-foundation/example-native-token-transfers · GitHub.

5 Likes
34

Interim Multisig Update

Until now, the deployment has been kept under the ownership of the interim multisig of Wormhole contributors on Ethereum and BNB mainnets.

This interim multisig is currently the admin and pauser for the NTT deployments, as well as the admin for the WstEthL2Token on BNB.

For the official governance vote period, we are planning to transfer all admin and pauser roles to a new interim multisig comprised of Lido, Wormhole, and Axelar contributors. The new multisig will have the same setup on both Ethereum and BNB, and participating members/organizations will perform public verification of the addresses.

The new multisig details are as follows:

*xLabs is a Core Contributor to the Wormhole protocol. xLabs has participated throughout this project by assisting with development, contract deployments, testing, and running relayers which deliver verified messages between Ethereum and BNB.

2 Likes
35

@AxelarFDN is looking to join 0x83271E76df1eF8f77487A88fc6aE1478280396bD and 0x3e277051019fDBF6A759ff847D197FE657Ca74fe interim multisigs, which will have temporary admin and pauser capability over the Lido wstEth NTT deployment on Ethereum and BNB, as well as admin capability over the wstEth token on BNB with the address 0x4687759DAb0B8319E8dcc59007116b4723838FB1

2 Likes
36

@WormholeFdn is looking to join 0x83271E76df1eF8f77487A88fc6aE1478280396bD and 0x3e277051019fDBF6A759ff847D197FE657Ca74fe interim multisigs, which will have temporary admin and pauser capability over the Lido wstEth NTT deployment on Ethereum and BNB, as well as admin capability over the wstEth token on BNB with the address 0x1377C31BB16018e1F0B0C76dF63A6a1a75967AAf

2 Likes
37
1 Like
38
2 Likes
39

@xlabsxyz is looking to join 0x83271E76df1eF8f77487A88fc6aE1478280396bD and 0x3e277051019fDBF6A759ff847D197FE657Ca74fe interim multisigs, which will have temporary admin and pauser capability over the Lido wstEth NTT deployment on Ethereum and BNB, as well as admin capability over the wstEth token on BNB with the address 0xbFf94d4afA68b04532b36ca54A14F3258Ba32a2B

2 Likes
40

Hey everyone,

The Lido contributors have engaged the Oxorio team to conduct a verification of the recent deployment, based on the details provided in the proposal.

You can view the report here: Lido-wstETH-on-BNB Deployment Verification Report.

While the teams at Wormhole and Axelar have made significant and quite outstanding efforts to deliver this solution and ensure transparency, the report highlights several important issues that need attention:

  • 2.4 Deploy script check [FAIL]
  • 2.6 Initialization params check [FAIL]
  • 2.8 Storage check [FAIL]
  • 2.9 Documentation verification checks [FAIL]

It’s important to note that these checks failed not due to incorrect setup but rather because of insufficient or incomplete information for verification.

As a participant in the Network Expansion Workgroup, I suggest the @Wormhole-Axelar team to address the issues highlighted. This includes enhancing the references, rationale, and transparency of the proposal initial params and deployment. Once these improvements are made, it would be more reasonable proceed with a snapshot vote, enabling voters to make an informed decision regarding the DAO recognition of the proposed deployment.

8 Likes
41

Following up on the above, we are providing additional details on the ownership/pauser transfer transactions to the publicly verified multisig and the WstEthL2Token configuration transactions.

Note that the WstEthL2Token transfer ownership operation on BNB was also executed twice to test that contributors could pass ownership back and forth between the multisig. Contributors ran this test because we did not want to raise a governance proposal for an accidentally bricked deployment.

There were no configuration transactions executed between transferring ownership back and forth on BNB.

3 Likes
42

Thank you to the Lido contributors and Oxorio for compiling the verification report on the wstEth BNB deployment. We appreciate the thorough reviews throughout this process.

Addressing each finding from the above report individually, we’ve completed the following:

“2.4 Deploy script check [FAIL]”

The configuration transactions detailed in Wormhole x Axelar | Lido Bridge: Implementation for wstETH on BNB Chain - #31 by Wormhole-Axelar are ordered top to bottom and divided into semantic sections (NTT manager, Wormhole Transceiver, Axelar Transceiver, WstEthL2Token).

The forum post immediately preceding this one details the ownership/pauser transfer transactions to the publicly verified multisig and the WstEthL2Token configuration transactions: Wormhole x Axelar | Lido Bridge: Implementation for wstETH on BNB Chain - #41 by Wormhole-Axelar

“2.6 Initialization params check [FAIL]”

We have updated the forum post which details mainnet deployment with the additional parameters specified in the report as well as more links to documentation: Wormhole x Axelar | Lido Bridge: Implementation for wstETH on BNB Chain - #31 by Wormhole-Axelar. We are restating the parameters here as well:

  • Ethereum:
    • NTT Manager:
      • _mode: 0 (LOCKING)
      • _chainId: 2
      • _rateLimitDuration: 86400
      • _skipRateLimiting: False
    • Wormhole Transceiver:
      • _consistencyLevel: 1
  • BNB:
    • NTT Manager:
      • _mode: 1 (BURNING)
      • _chainId: 4
      • _rateLimitDuration: 86400
      • _skipRateLimiting: False
    • Wormhole Transceiver:
      • _consistencyLevel: 15

Description of parameters:

  • NTT Manager:
    • _mode: This enum value specifies whether the deployment is in LOCKING or BURNING mode. In LOCKING mode, tokens are locked/unlocked by the NTT Manager contract when sending/redeeming cross-chain transfers. In BURNING mode, tokens are burned/minted by the NTT Manager contract when sending/redeeming cross-chain transfers. The NTT Manager on Ethereum is set in LOCKING mode since wstEth on Ethereum mainnet cannot be burned/minted. The NTT Manager on BNB is set in BURNING mode since the WstEthL2Token can be burned/minted and allows setting a minter address (which is the NTT Manager).
    • _chainId: This value specifies the chain ID that the NTT Manager is deployed on. The chain IDs are formatted based on Wormhole Chain IDs.
    • _rateLimitDuration: This value sets the refresh basis for rate limiting and the duration for which queued transfers are held (in seconds). NTT rate limiting is based on a linear refresh. The value of 86400 sets the refresh basis to 24-hours. Read more about NTT rate limiting here.
    • _skipRateLimiting: This value specifies whether to skip the rate limiting feature entirely. It is set to False on both Ethereum and BNB, since rate limiting is used.
  • Wormhole Transceiver:
    • _consistencyLevel: This value specifies the level of finality to reach before the Wormhole Guardians will observe and attest the emitted event. This is a defense against reorgs and rollbacks since a transaction, once considered final, is guaranteed not to have the state changes it caused be rolled back. Read more about the consistency level here. See the Ethereum consistency level values here, and the BNB consistency level values here. The values used on Ethereum (1) and BNB (15) both instruct the Wormhole Guardians to wait until blocks are finalized before attesting to transfers.

“2.8 Storage check [FAIL]”

These checks are addressed in the Initialization section (#2.6) above.

“2.9 Documentation verification checks [FAIL]”

The NTT framework is documented both on the official Wormhole docs website and in the Github README. The EVM cross-chain message lifecycle is documented here. E2E tests can be found here and here.

4 Likes
43

Hey everyone.

Thanks for the detailed response regarding our verification report. We have updated the report to incorporate your latest clarifications on initialization parameters, the contract configuration process, and the documentation. In the updated report, we confirm the validity of your additions and have changed the status of all remaining findings from FAIL to PASS.

5 Likes
44

A working group of the Lido on Ethereum protocol contributors (@TheDZhon, @psirex) has evaluated the current proposal and ended up with the conclusion that the solution adheres to the expectations set via initial RFP and corresponding temp check vote. The deployed codebase is audited, parameters are expected, and ACL setup corresponds to the provided above.

Some additional thoughts for future reference:

  • it might be prudent to add additional bridge validators in the future and have a threshold scheme 2/3 for the sake of message delivery robustness
  • the current limit of 30k wstETH might be re-evaluated based on the market activity and traction
  • future NTT improvements might suggest timelock mechanics for the pause reaction window to be prolonged

Looking forward to seeing a snapshot vote live :saluting_face:
Hope the Lido DAO will consider the proposal favorably.

7 Likes