<aside> 💡 Assessment conclusion
The analysis of Multichain has concluded that the protocol does not satisfy the requirements of the Uniswap DAO's cross-chain governance use case as outlined in the Assessment Framework. Multichain relies on a largely permissionless validator set to secure the protocol, making it difficult to ascertain who controls these validators and how centralized it currently is. There are no disincentives for validators to collude, making the security model of the protocol unclear. Additionally, there is a significant lack of transparency and auditability regarding important security properties of the protocol, such as the threshold for signing messages. Furthermore, the protocol appears to have limited technical documentation. The implementation risk associated with its core cryptographic components also appear notable, based on concerns raised in auditor reports and a critical security vulnerability identified in March 2023. In light of these findings, the Committee recommends that the team focuses on clarifying the security model of the protocol and improving transparency, before it should be considered for reassessment by the Uniswap Community.
</aside>
Multichain is a general-purpose cross-chain messaging protocol that depends on an external validator set for security. The protocol appears to have significant connectivity across diverse ecosystems, connecting 89 chains. The protocol also claims to have a significant amount in TVL, $1.78B, though verifying this number is difficult.
Unlike other externally verified cross-chain protocols that employ proof-of-authority or proof-of-stake mechanisms to ensure the honesty of the validator set, Multichain has a permissionless validator set and does not offer any cryptoeconomic guarantees. There are also no mechanisms in place to ensure the independence of validators, which means that a few entities could control most of the validator set. This makes the fundamental trust model, security assumptions and properties of the protocol unclear.
The protocol utilizes two sets of validators: one group of 21 validators that validate communication across established networks, and another group of 42 validators that serve other networks. The 21-validator group has been operational since 2018 and is claimed to be used for more "popular and valuable coins." However, details about how these validators are being used are difficult to verify. Members of the Multichain team operate several validators, and many other validators are operated by largely anonymous individuals and entities. There is no mechanism to verify whether most of these validators are operated by distinct entities. Therefore, it is possible that the validator set is controlled by a very small subset of entities.
Validators coordinate to sign messages using MPC and a threshold signature scheme off-chain. The team claims that 2/3rds of validators need to coordinate to sign a message using the threshold signature scheme, for it to be considered valid. However, these claims cannot be publicly verified, and could be changed without detection.
There is no visibility into the operation of the validator set or the core security parameters that govern their operation. Consequently, one must take the team's assertions on faith.
There are several additional concerns that span the design, implementation, and operational aspects of the protocol. The committee has concluded that Multichain does not currently meet the security requirements of Uniswap. Therefore, it is recommended that Uniswap only consider reassessing this protocol if substantial changes that address all of the concerns are implemented.
The committee recommends that the Multichain team prioritize addressing the fundamental issues identified and take the necessary steps to improve the protocol's security and transparency. The Committee strongly encourages the team to provide clear documentation of the protocol's fundamental security properties and improve the implementation of the core cryptographic component.