<aside> 💡 Assessment conclusion

The analysis of Multichain has concluded that the protocol does not satisfy the requirements of the Uniswap DAO's cross-chain governance use case as outlined in the Assessment Framework. Multichain relies on a largely permissionless validator set to secure the protocol, making it difficult to ascertain who controls these validators and how centralized it currently is. There are no disincentives for validators to collude, making the security model of the protocol unclear. Additionally, there is a significant lack of transparency and auditability regarding important security properties of the protocol, such as the threshold for signing messages. Furthermore, the protocol appears to have limited technical documentation. The implementation risk associated with its core cryptographic components also appear notable, based on concerns raised in auditor reports and a critical security vulnerability identified in March 2023. In light of these findings, the Committee recommends that the team focuses on clarifying the security model of the protocol and improving transparency, before it should be considered for reassessment by the Uniswap Community.

</aside>

Security Analysis Summary

Multichain is a general-purpose cross-chain messaging protocol that depends on an external validator set for security. The protocol appears to have significant connectivity across diverse ecosystems, connecting 89 chains. The protocol also claims to have a significant amount in TVL, $1.78B, though verifying this number is difficult.

Unlike other externally verified cross-chain protocols that employ proof-of-authority or proof-of-stake mechanisms to ensure the honesty of the validator set, Multichain has a permissionless validator set and does not offer any cryptoeconomic guarantees. There are also no mechanisms in place to ensure the independence of validators, which means that a few entities could control most of the validator set. This makes the fundamental trust model, security assumptions and properties of the protocol unclear.

The protocol utilizes two sets of validators: one group of 21 validators that validate communication across established networks, and another group of 42 validators that serve other networks. The 21-validator group has been operational since 2018 and is claimed to be used for more "popular and valuable coins." However, details about how these validators are being used are difficult to verify. Members of the Multichain team operate several validators, and many other validators are operated by largely anonymous individuals and entities. There is no mechanism to verify whether most of these validators are operated by distinct entities. Therefore, it is possible that the validator set is controlled by a very small subset of entities.

Validators coordinate to sign messages using MPC and a threshold signature scheme off-chain. The team claims that 2/3rds of validators need to coordinate to sign a message using the threshold signature scheme, for it to be considered valid. However, these claims cannot be publicly verified, and could be changed without detection.

There is no visibility into the operation of the validator set or the core security parameters that govern their operation. Consequently, one must take the team's assertions on faith.

There are several additional concerns that span the design, implementation, and operational aspects of the protocol. The committee has concluded that Multichain does not currently meet the security requirements of Uniswap. Therefore, it is recommended that Uniswap only consider reassessing this protocol if substantial changes that address all of the concerns are implemented.

Risks and Concerns

• As mentioned above, the fundamental security model of the protocol is unclear. It lacks disincentives, such as economic penalties or reputational damage, to discourage validators from deviating from the protocol or behaving maliciously. As a result, it is possible that a quorum of validators could collude to violate safety without consequence or recourse. Considering that the protocol's token bridge has almost $2 billion in TVL, the protocol's security model appear unsound.
• Because the protocol is largely permissionless and does not have any mechanism for ensuring validator independence, a few entities might already be operating multiple validators and controlling a quorum of validators that can compromise safety or liveness.
• Key security parameters that determine the safety and liveness properties of the protocol, are opaque and cannot be independently verified, requiring the team's assertions to be taken on faith. Furthermore, the protocol does not offer visibility into the operations of its validator set. This lack of transparency makes it difficult to effectively assess the protocol.
• The protocol is significantly under-documented, particularly with regards to key technical details and security parameters that are essential in understanding the protocol. Consequently, the committee had to invest considerable effort in code analysis and on-chain exploration to gain an understanding of the protocol.
• The security of the protocol largely depends on a relatively recent threshold cryptography scheme. Considering the adversarial setting under which the Multichain protocol operates, with permissionless validators and no other clear disincentives to misbehave, the risks to this approach are notable. Critical vulnerabilities have been discovered in common implementation of this protocol (by Fireblocks and Verichain). More importantly, the team has developed its own implementation of the cryptographic scheme, which carries inherent risks. Two observations exemplify these risks:
  1. A critical vulnerability was discovered in the implementation: The vulnerability, which was discovered by Verichain and reported last month (March 27, 2023), states: "In December 2022, we reported a private key extraction vulnerability that completely broke the security of the Threshold Signature Scheme (TSS) implementation by Secure Multi-Party Client (smpc) of Multichain fastMPC mainnet." The Multichain team has indicated that they have patched this vulnerability but have not yet published a detailed post-mortem.
  2. In two separate audits, Trail-of-Bits raises concerns about the "immature codebase" of the implementation of this component. Although the critical issues identified by ToB were addressed, the auditor notes that they "suspect that similar issues are present elsewhere in the codebase."

Next steps

The committee recommends that the Multichain team prioritize addressing the fundamental issues identified and take the necessary steps to improve the protocol's security and transparency. The Committee strongly encourages the team to provide clear documentation of the protocol's fundamental security properties and improve the implementation of the core cryptographic component.