wstETH on Avalanche and BNB and Ownership Acceptance by Lido DAO

Folks, I didn’t quite realize that LayerZero has fully launched this into production, despite there being no official approval from Lido.

Right now on stargate.exchange if you go to bridge wstETH from Ethereum to Avax/BNB/Scroll, you are bridging into LZ’s proprietary OFT standard. This looks completely official. There is no “beta” or “wrapped” or “demo” language used at all.

Normal users have no idea that they will NOT be receiving an official Lido wstETH token.

Moreover, the security concerns here have not been discussed at all. I believe the message oracle being used by LayerZero is Google’s oracle, which is completely centralized and not censorship resistant.

I personally feel that it is completely inappropriate to deploy this into production before the LidoDAO voted on or approved anything. My view is that LayerZero should take this down until a DAO vote happens.

18 Likes

This is already ridiculous and proves me right about my previous comment.

By implementing Layer Zero, Lido would have no control over what happens with wstETH.
As you rightly said, there are options, such as xERC20 which would be a token deployed and controlled by the DAO.

2 Likes

Gm all,
We’ve been closely observing the ongoing discussions regarding the implementation of LayerZero’s OFT standard, particularly its application to wstETH.

First and foremost, it’s important to recognize the potential advantages of adopting a token standard like OFT or xERC20 for wstETH. Such a standard could potentially improve the rates and execution efficiency for bridging wstETH across different chains. This could be beneficial for aggregators, including ourselves, and the broader ecosystem.

However, we have some reservations regarding the manner in which the current proposal has been presented and marketed as an official statement, some of which were rightly voiced out by hal2001 in his comment.

Furthermore, building on our expertise of working deeply with bridging solutions and previous partnerships with DAOs, we suggest the Lido DAO consider the following recommendations:

  1. Using the Native Bridge for Scroll Deployment

Using the native bridge for an L2 does not introduce any new trust assumptions as it only relies on the open source, core bridge infrastructure of the chain.

This approach aligns with the recommendations made by the Uniswap Bridge Committee to the Uniswap DAO for their cross-chain governance messaging needs. Consequently, opting for a third-party bridge where a secure, battle tested native bridge exists may not be the most compelling choice.

  1. Adoption of a Multi-Bridge, Agnostic Token Standard like xERC20

While mint-and-burn token standards offer notable benefits in terms of pricing and user experience, they also carry significant risks when linked with an underlying messaging bridge. Given the crucial role of Lido and wstETH in the DeFi ecosystem, it’s prudent to mitigate these risks by distributing minting rights across various bridging solutions.

To this end, we propose that the DAO considers xERC20 as a potential solution.

“xERC20 allows tokens to be minted and burned across chains by multiple bridges (canonical or 3rd-party), while giving token issuers the ability to granularly control their security preferences for each bridge using rate limits.”

A recent example is Beefy’s launch of their $BIFI token as an xERC20, using LayerZero, Axelar, and Chainlink’s CCIP for messaging, coupled with mint/burn rate limits of 2.5k per day per bridge, reducing the dependency on any single bridge provider.

Conclusion and Call to Action
In conclusion, we urge the DAO to thoroughly examine the advantages and drawbacks of the various solutions under consideration. It is vital not to hasten the decision-making process regarding the deployment of wstETH across chains.

We support hal2001’s proposal for issuing an RFP (Request for Proposal) to explore options for bringing wstETH to different chains, and we advocate for an extensive, informed debate within the community. Such a measured and collective approach will undoubtedly contribute to the most beneficial outcome for the DAO and the wider ecosystem.

Thank you for considering our perspectives.

15 Likes

The parallels between this situation and Lido’s 33% attack on Ethereum are unmistakable.

Seems to me that Lido folks are now getting a taste for what it feels like when a large, profit motivated party uses their marketing and execution prowess to irresponsibly endanger a permissionless protocol.

You can’t complain about what Layer Zero is doing to Lido and then turn around and do the same sort of thing to Ethereum.

I mean, you can, but it’s hypocritical and lacks integrity.

2 Likes

LayerZero and Stargate today are tightly coupled, which is fine - we understand the need for liquidity when marketing a bridge. However, from a network architecture perspective, liquidity should be completely decoupled from the transportation mechanism. In other words, the coupling of liquidity with the underlying transport mechanism is not an ideal setup for the benefit of the wider network. Liquidity fragmentation is a real issue in the ecosystem, and unifying liquidity should be a top priority for blue-chip projects like Lido.

The existing methods of bridging tokens via liquidity pools are not scalable, and I support “mint and burn.” Though this is not without grave concerns. The mint and burn mechanism grants the transportation layer (LayerZero) an overwhelming amount of power, as the security is now solely in their hands. Some controls can be put in place, such as limits on the amount minted per time period and other decentralized manual approval mechanisms. However, I hold the opinion that giving that power to one single project is too much power to hold.

A better solution is to adopt an OFT (or similar) standard across all networks but mandate the integration of more than one transportation layer to allow for minting. For example, combining the security of LayerZero and Axelar to jointly approve mints (high limit) would be more secure. After all, it’s unlikely both bridges are compromised at the same time. I understand BIFI token is using xERC20 however wstETH’s marketcap would make this a target for exploits. One drawback of such a design would be the relatively higher cost since more than one confirmation is needed - but there are things we can do to optimize this.

If users prefer a more secure bridging mechanism, then they can use the native bridge between L1 and L2 for that. Though users would still want to bridge from L2s to other alt L1s or L2s, in that case, requiring users to go back to L1 and then bridge away is not an efficient route currently as L1 has higher gas requirements. At the same time, if a fast bridge like LayerZero is used from L1s to other chains, then there would still be security implications and liquidity fragmentation. Overall, IMO OFT is the right direction, and I anticipate most users will not care for the added security and would prefer convenience. When adopting OFT (or similar) standards, I highly recommend we consider decoupling liquidity (projects adopting OFT) from the underlying transportation mechanism.

2 Likes

Hi all - I’m usually in my Rocket Pool corner, but wanted to come over to support Lido DAO here.

This situation sucks. It’s bad for users, bad for Lido, and will be bad for Layer Zero. Not sure why we’re here.

Possible paths all suck:

  • Lido decide to use Layer Zero
    • We get visible “proof” that you can use someone’s name to leverage even the biggest defi protocol to do what you want
    • Importantly – there is no way to determine if Lido actually opt in because it’s the best choice or to try to avoid confusion etc
  • Lido decide not to use Layer Zero and use a different bridge
    • Liquidity fragmentation, confusion, etc.
    • The stargate example is a good one. Will they switch? Will wstETH from stargate in October be different than wstETH from stargate in March? Will wstETH from stargate be counter to the one supported by Lido DAO? Will they continue to use Lido DAO’s branding and naming??
      • Note that this issue will be replicated for every protocol that uses the current iteration of wstETH.
  • Lido decide not to expand to a chain that has a Layer Zero token
    • Users will be misled by branding, naming and phrasing like “NATIVE wstETH CAN NOW BE TRANSFERRED”. This was an active choice – compare with axlrETH, for example
  • These paths can be followed differently per chain, which may make for even more confusion

No real advice (and not really my place). Hope you guys find the best path possible.

13 Likes

Gm Lido community! A lot of folks have forwarded this thread to me so figured I should leave some thoughts.

It sounds as though a more in-depth discussion of the tradeoffs/specifics of EIP-7281 (xERC20) could be helpful, but this isn’t the best place/time for it (disclaimer: I’m the author of the EIP).

Instead, I’d like to focus on some key higher-level points that I think Lido should take into consideration while thinking through the overarching strategy for chain expansion.

  1. Any vendor-locked-in approach to bridging (particularly one without security limits of some sort) creates a systemic risk for wstETH. By extension, this creates a systemic risk for Ethereum itself.
  2. The most secure mechanisms for crosschain message verification, such as shared sequencers for L2-L2 or an m-of-n marketplace of zk light clients (e.g. Hashi, MMA) for L1-L1, are still under development and will take time to reach implementation maturity and economic viability.
  3. Despite the above, there is clear and salient market demand for wstETH to exist on more chains. This market need is what is driving LZ to yolo-deploy their own wstETH implementation today. Following on @valdorff’s comment, projects deploying fragmented and competing wstETH representations are a lose-lose scenario that will continue to occur in cases where Lido doesn’t explicitly own or enshrine a given wstETH representation as “canonical”.

Lido needs a way to (securely) meet the needs of the present while maintaining the optionality to support better interoperability mechanisms as they become available in the future. Realistically, this looks like an open interface where Lido can decouple the deployment of wstETH to new ecosystems (and subsequent cost-efficient bridging) from the security of the system as a whole.

10 Likes

Thank you to the DAO for the thoughtful engagement here. We are happy to see the robust dialogue and encourage dedication of ample time and resources to broader discussion within the DAO around wstETH on L2s.

We respect and acknowledge the DAO’s immediate desire to use canonical bridges for L2s. Further, we strongly agree with the DAO that if the protocol or users are indifferent to the benefits of horizontal composability then the best way to move assets onto L2s is through native bridges.

When we constructed the initiative to deploy wstETH with horizontal composability, each network was included only upon the explicit desire and opt-in of their respective core teams. Based on the current feedback, we recognize the preferences of the DAO regarding native bridges and L2s and have, in coordination with Scroll, requested that the Stargate Foundation removes the bridging of wstETH into Scroll.

Per the original forum post above, we request that the Lido DAO claim ownership of the contracts on BNB and Avalanche; the Lido DAO has entire control over the native token once ownership is accepted, including minting limits and additional security configurations. Once accepted, LayerZero Labs maintains no ability to mint or burn tokens, by design. The implementation follows the specifications which were utilized in the expansion of wstETH to Neutron, as advised by the Lido core team.

We have been engaging with the Lido Core team, community members, and independent security teams for several months now on this specific permissionless deployment and made adjustments to the approach based on their feedback. We hope there is further engagement by Lido contributors to discuss the technical specification further and to cover any concerns or inaccuracies present in the forum. As always, we are eager to support the growth of cross-chain LSTs at-large in alignment with protocol builders.

Note: The original post has been updated to reflect the changes made based on robust engagement with the DAO.

4 Likes

Hey, I’d like to share my thoughts about Layerzero.

Layerzero is really too centralized, in fact there’s hardly anything decentralized at the moment. For example, they’re linked to Google and Conflux (linked to China Telecom and the Chinese government). There’s still no information on how the tokens will be distributed (but given the amount of funds raised, it’s safe to assume that this will certainly be centralized).

There’s no transparency about what the team is doing… No blog… Their website doesn’t show their eco system…

And above all, a lot of marketing and playing on the ambiguity of airdrop.

I find this outrageous and wanted to share my thoughts with the lido community. While many make efforts to decentralize, others lie to their community and centralize.

3 Likes

On top of all of the unethical behavior already called out, the Curve team has now addressed it publicly that L0 is also blatantly lying about CRV and crvUSD being part of this “Outrageously Fraudulent Token” sham

twitter(.)com/fiddyresearch/status/1717661828564570465

2 Likes

This is an appropriate move regarding Scroll. However, it seems reasonable and necessary that you do the same with Avalanche and BNB. Right now—live and in production!—stargate.exchange is bridging wstETH from Ethereum to AVAX/BNB using your unapproved and unofficial OFT bridge, but displaying this like it’s official and approved by Lido. This should not happen without DAO approval.

I believe you should immediately remove AVAX/BNB wstETH bridging from the stargate frontend to minimize further user confusion.

6 Likes

Hi everyone, I’m Georgios Vlachos, representing Axelar Foundation.

  • Axelar network is a cross-chain messaging platform sanctioned to bring wstETH to Cosmos, the first L1 ecosystem where Lido has officially expanded. You may find the relevant discussion in the forum, under the conversation titled: “Lido on Cosmos: Initial Deployment”.
  • Axelar network is the only decentralized solution on the market, with a tech stack and security model that adhere to high standards. Axelar network’s security has been assessed by top DeFi teams, including the recent Uniswap Foundation report which is pubicly available.
  • Axelar Foundation, Lido DAO, KyberSwap and Squid launched an initiative for wstETH->wstETH transfers across L2s. You may try it on Squid Router’s website, under v2.

Cosmos wstETH deployment uses Axelar network
For Cosmos, Neutron instantiated a multi-bridge contract for wstETH, with Axelar network as the first participant. The multi-bridge was implemented at Lido DAO’s instruction, in order to maintain the ability to add further participants (like Wormhole) later. Axelar Foundation received this approval following a multi-month discussion with Lido DAO stakeholders. It’s worth noting that Axelar network assets (including wstETH) had already been widely adopted within Cosmos, after last year’s governance vote by the Osmosis community. In furtherance of the initiative’s best interests, steps were taken to support the adoption of wstETH and wstETH-based DeFi across the larger Cosmos ecosystem, specifically through adoption of Neutron’s implementation, rather than the existing Axelar network version of wstETH (such steps included the allocation of 2m AXL tokens total to Osmosis and Injective).

Axelar network has a track record of delivering best-in-class security
The hard part of interoperability is building a robust messaging network. As of today, Axelar network is the most decentralized (75 validators), followed by Wormhole (19 validators). Recent independent reports concluded that only Axelar network and Wormhole provide reasonable decentralization, with transparent and open-source codebases. LayerZero is a centralized implementation, with an opaque codebase. As an example, you may review the Uniswap Foundation report.

I’d also like to address one of LayerZero’s key selling points, as presented in the OP, namely the ability to customize security. The claim is that LayerZero offers the best approach, because it can give mint/burn privileges to multiple messaging protocols. However, this is not a differentiator, as this functionality is simple to implement. Neutron team built it for the Cosmos instantiation of wstETH, as have many other teams in the past. There is also a roadmap for adding new validation methods to Axelar network, including ZK-based state proofs, as those become available.

Axelar Foundation’s recommendation for BNB, Avalanche and L2s

  • For L2 ecosystems use the native bridges, as articulated by @jakov and others.
  • For L1 ecosystems (starting with BNB and Avalanche), replicate the precedent set within the Cosmos ecosystem, through a multi-bridge approach with Axelar network’s battle-tested approach as the first participant. The multi-bridge contract should remain as close as possible to the specifications of the Cosmos contract. Over time, messaging networks that meet certain quality criteria should be added to the multi-bridge contract.

Axelar Foundation is open to participating in a RFP (Request for Proposal) process, as recommended by earlier posts, if the Lido DAO decides to go down that path. Axelar Foundation will be following up with a formal proposal.

8 Likes

Hello Lido Community,

I’m Kydo from the Uniswap community.

I’d like to share the Uniswap Bridge Assessment Report with you. This report distills Uniswap’s learning from the turbulent bridge battle, a contentious debate that generated over 200 comments and 50 thousand words on our forum.

This 50+ page report details the assessment methodology and the analysis of 6 bridges.

While this report may not perfectly apply to Lido’s current situation, and it may not include the latest information on these bridges, I believe it offers a helpful starting point for developing a framework to analyze the security properties of these interoperability protocols.

I am starting to feel this discussion thread is descending into the Uniswap bridge situation. As a Uniswap delegate who went through that, I do not wish that for Lido.

I hope Lido community leaders (ccing a few here @Hasu @sacha @ujenjt ) can start these technical conversations early and steer the discussion to more productive territories.

Background info:

  1. Orignial heated discussion around Uniswap bridging: https://gov.uniswap.org/t/rfc-update-deploy-uniswap-v3-1-0-3-0-05-0-01-on-bnb-chain-binance/19734
  2. Uniswap bridge committee members and their background (included in the report):
11 Likes

we need only the Binance native version of wstETH. a centralised token standard is unnecessary and unwelcome, particularly from a centralised closed-source 2-of-2 multisig.

This team appears to scoff at the core principles of why we are here in the first place, to create open-source, decentralized, and permissionless technology for the world.

2 Likes

The fact that their code base on their oracle and relayer is not open source is a major red flag and should automatically strike them out. Also by using them you’re essentially ‘giving the keys’ to Lido to Google Cloud who runs their oracle. This isn’t Web2 or traditional tech, and this isn’t 2017-2918. Centralized oracle’s are a point of failure

3 Likes

I support the Axelar Foundation’s proposal for BNB, Avalanche and L2. Axelar is by far the most decentralized and secure network today. They’re totally transparent about what they’re doing, and it’s open source, unlike Layerzero. It’s a team who do everything they can to make it as easy to use (one-click) and as decentralized as possible. When they say something, they do it, not misleading marketing.

Layerzero, which uses Google Cloud’s oracle by default, is a big step backwards in terms of decentralization and security.

That’s why I recommend the Axelar foundation.

2 Likes

As an observer, it’s been really great to see the discussion that this sparked. We’ve been talking about these types of issues coming up on our team since we’ve started working on Hyperlane, and solutions for these problems are what motivated us to build Hyperlane’s Modular Security stack.

With Hyperlane, the Lido DAO can deploy wstETH tokens on any chain while it remains the sole owner of those tokens. In terms of security, we’ve designed and shipped an option, the Aggregation module, that can enhance the resilience of a system by integrating and aggregating multiple providers (at the discretion of the deployer). In fact with Hyperlane v3 (launching imminently :eyes:), we tackle this issue head on and make it easier than ever to integrate any application. You can read more about these in two short posts in our blog (unfortunately, I can’t post the links here but you can find the blog through the Hyperlane website hyperlane.xyz): the first, explaining how you can use Hyperlane to assemble your ‘Security Legos’, and another explaining Hyperlane Hooks, to make this more accessible to developers than ever before. This approach would allow the DAO to use the native bridge for rollups, and use a quorum of bridge providers for other cases, all the while utilizing the same interface and tokens.

Hyperlane was built to allow token issues to have maximum flexibility, without losing their sovereignty, in their pursuit of interchain expansion. Choice of interoperability provider should not result in an organization losing control and ownership of its destiny.

Given the interest sparked by these discussions, the core contributors at Hyperlane may proceed with a more formal proposal to the DAO about incorporating the design mentioned here.

TL;DR

  • Hyperlane was built with a modular security stack to promote the customization of security and reduce dependency on single points of failure.
  • Hyperlane’s Aggregation ISM is live, and can allow the Lido DAO to easily integrate multiple bridges, and use those as to handle the interchain transfers of wstETH
  • A more formal proposal may follow to suggest how these ideas can be implemented within the Lido DAO to promote its interchain expansion, without a loss of sovereignty for the DAO.
2 Likes

Hi all, Michael from Chainlink Labs here.

We’re happy to see such thoughtful discussion in the Lido community on how the protocol can expand cross-chain and broaden access to wstETH to new chain environments. Given that cross-chain interoperability is an extremely security-sensitive dynamic (with billions lost over the past few years due to hacks/exploits), and the fact that Lido’s Liquid Staked Ether secures an immense amount of value ($15B+), the selection of any cross-chain infrastructure should not be done hastily without considering the options available.

We’re fully aligned with @Hasu’s comment regarding having formal objective evaluation criteria and process for selecting the cross-chain infrastructure solution for Lido, and we’re glad to see that the Network Expansion Workgroup (NEW) has provided initial guidelines to initiate this process.

We believe that Chainlink’s Cross-Chain Interoperability Protocol (CCIP) offers a robust standard for such evaluation. It utilizes the same battle-tested Decentralized Oracle Network (DON) infrastructure that have been the backbone of DeFi for years, with multiple DONs used to secure cross-chain interactions, a unique independent Risk Management Network for secondary validation and anomaly detection, and additional security features like per-token and aggregate rate limiting on cross-chain token transfers. CCIP operates at the highest level of cross-chain security, providing a defense-in-depth solution resolving many of the security issues seen with other cross-chain protocols historically.

Many node operators securing Chainlink CCIP already run Lido validators, minimizing additional trust assumptions. CCIP also provides protocols, such as Lido, full ownership and control over their token contracts on the destination chains and does not impose vendor lock-ins via the implementation structures.

CCIP has been built not only to create an interoperable public blockchain ecosystem, but also to connect private bank blockchains to any other public or blockchain network, creating a global internet of contracts that can bridge the crypto world and DeFi leaders like Lido to the rising wave of institutions adopting blockchains. We have worked with some of the largest financial institutions and market infrastructures in the world, including Swift (interbank messaging standard for 11,000+ global banks), DTCC (settles $2+ quadrillion in securities volume annually), and ANZ ($1T+ assets under management), on how CCIP can securely facilitate the cross-chain settlement of tokenized assets across public/private chains.

We’ll share more specifics for the current review process outlined by the NEW, where we will post our full proposals for Avalanche and BNB Chain based on the community’s desired timelines, deliverables, and other requirements to meet the needs for cross-chain wstETH, which will also inform future CCIP proposals to other blockchain ecosystems.

We’re excited to collaborate with the Lido community, including the recently formed Network Expansion Workgroup, to help Lido achieve its cross-chain goals.

7 Likes

Using IBC as an alternative erases the need for reliance on third-party intermediaries, prioritizing decentralization and security, which is particularly crucial for assets such as $stETH that serve as foundational elements for security within their native chains.

1 Like

GM, as a simple user , may i voice my opinion here we are a bit rekt here now ? you (l0) open a bridge from scroll to avax and bnb ,in a huge marketing push , people do as they are told and try it out and and are now stuck on bnb and avax without any way to swap it back since there is no liquidity and you closed the bridge back . furthermore you leave the bridge into the liquidity hole open for even more users to get rekt ? then you advise the only solution to bridge to ethereum , swap there and bridge back to scroll … cost atleast 30 dollar which is a daily wage in my country … dont forget us

2 Likes