Sygma – L2BEAT

Website	buildwithsygma.com blog.buildwithsygma.com
App	subbridge.io docs.buildwithsygma.com/environments/testnet/obtain-testnet-tokens sygma-react-widget.pages.dev validator.faucet.chainsafe.dev/upload
Docs	docs.buildwithsygma.com
Explorer	scan.buildwithsygma.com scan.test.buildwithsygma.com
Repository	github.com/sygmaprotocol
Social	Discord @buildwithsygma buildwithsygma

Detailed description

Sygma is a an interoperability protocol enabling asset transfers, non-fungible tokens, and cross-chain execution. With Sygma, developers can extend their applications across Ethereum mainnet, Base, Cronos, Polygon, Gnosis, Polkadot, Kusama, and other Substrate-based chains with active work on Bitcoin and Cosmos SDK interoperability.

Sygma in its current version is an interoperability protocol relying, from the Ethereum’s point-of-view, on a single EOA address’ signature. This address is meant to represent MPC validators. There are plans in the future to extend the protocol and add zk verifiers for block header oracle verification and optimistic routes that can be tailored to users’ needs, however at the moment these capabilities are not deployed.

Risk summary

Principle of operation

Sygma currently leverages an MPC relayer network along with threshold signature schemes (TSS) to facilitate cross-chain transfers. From the PoV of Ethereum transfers are authorized by a single EOA address.

Transfers are externally verified

The Sygma MPC Relayer is, according to project`s information, is supposed to be a set of decentralized permissioned network agents and is the entry-level into Sygma verification systems. On each deposit event or cross-chain message, the trusted relayers on the Sygma protocol perform an MPC ceremony utilizing threshold signature signing (TSS) to jointly attest to the validity of the cross-chain message prior to execution. Although entry-level, an MPC relayer architecture represents a significant increase in security versus traditional multisig bridges, ensuring that no single participant can defeat an honest majority. The current Sygma relayer network consists of a set of federated entities including Bware Labs, Phala Network, ChainSafe Systems, and Sygma Labs. It is worth noting that this offchain setup cannot be verified on Ethereum and has to be trusted.

Users can be censored if Greater than threshold number of MPC relayer nodes decide to censor certain transactions (CRITICAL).
Funds can be stolen if Greater than threshold number of MPC relayer nodes are maliciously taken over resulting in signing of malicious transactions (CRITICAL).
Funds can be lost if Greater than threshold number of MPC relayer nodes lose access to their MPC private keys (CRITICAL).

Destination tokens

Depending on the integration of the specific token route, bridged tokens will follow either a lock/release (1:1 backed, wrapped asset) mechanism or a burn/mint (synthetic asset) mechanism.

Permissions

The system uses the following set of permissioned addresses:

Admin Multisig 0xde79…dF53

The admin multisig covers a set of administrative privileges, including ability to configure handlers that contain logic for handling deposits/withdrawals for specific chains and assets. This is a Gnosis Safe with 3 / 5 threshold.

Admin Multisig participants 0xacc0…51C4 0x5a28…A5df 0xe845…FD49 0x197C…7ADA 0x86a7…f60f

Those are the participants of the Admin Multisig.

Community Multisig 0xc4d8…7D05

This multisig has the ability to manually withdraw tokens from the bridge using adminWithdraw() method. This is a Gnosis Safe with 4 / 6 threshold.

Community Multisig participants 0x0c1d…A12a 0xd85b…9677 0xa399…7E77 0xe845…FD49 0xC645…8676 0x86a7…f60f

Those are the participants of the Community Multisig.

Pauser/Unpauser 0x695b…a049

EOA address with the permission to pause/unpause the bridge.

Smart contracts

The system consists of the following smart contracts:

Bridge 0x4D87…7089

The contract that facilitates and manages the cross-chain transfer of assets by recording and verifying deposit and withdrawal events across different blockchain networks. The actual handling of the deposits/withdrawals is handled by a configured Handler contracts such as for example ERC20Handler.

ERC20 Bridge Handler 0xC832…B830

A contract that handles ERC20 tokens, enabling their deposit, withdrawal, and management within the protocol. This contract currently stores PHA tokens. This contract stores the following tokens: PHA.

FeeHandlerRouter 0x1d34…90cF

The FeeHandlerRouter contract routes fee handling for cross-chain transactions to appropriate fee handlers based on the destination domain and resource ID, while managing exemptions through a whitelist system.

BasicFeeHandler 0x9f97…51C7

The BasicFeeHandler contract collects and manages deposit fees for cross-chain transactions, allowing for fee adjustments and the distribution of collected fees, intended for use with the bridge and fee router contract.

Permissionless Generic Handler 0x3128…AdCD

The PermissionlessGenericHandler contract facilitates the processing of generic deposits and their execution without permissions, integrating with the bridge contract for cross-chain interactions, and is designed to handle complex data encoding for executing transactions across chains.

The current deployment carries some associated risks: