<aside> 💡 Assessment conclusion

After assessing the current version of the deBridge protocol, the Committee has concluded that it does not currently satisfy the requirements of the Uniswap DAO's cross-chain governance use case as outlined in the Assessment Framework. deBridge employs a proof-of-stake mechanism to secure the protocol. Although the protocol is presently functioning and successfully handling messaging traffic, some of its security assurances are expected to change upon the introduction of the deBridge governance token and the implementation of its planned slashing and delegated staking system. Consequently, a thorough reassessment may be necessary. The Committee recommends that the Uniswap Community reassess deBridge once these mechanisms are fully established and have matured.

</aside>

Security Analysis Summary

deBridge is a general-purpose cross-chain messaging protocol that relies on an external validator set and cryptoeconomic guarantees that stem from its delegated proof-of-stake mechanism for security.

deBridge's current validator set consists of 12 validators, of which 11 are operational. In order for a message to be considered valid, 2/3 of the 11 validators (i.e. 8) must sign the message. This means that if any eight validators are compromised or collude, the protocol's safety could be violated, and invalid messages processed through the protocol. Similarly, any 4 validators could impact liveness if they fail, or censor messages if they choose to do so. The deBridge team has expressed intentions to expand its validator set, which may be more satisfactory in the future.

deBridge’s documentation asserts that the protocol’s security relies on cryptoeconomic guarantees and that their delegated staking and slashing mechanisms “act as a backbone for protocol security”. However, these mechanisms, which are essential to the protocol’s cryptoeconomic security guarantees, have not yet been fully implemented and appear to be a work in progress. In the interim, the protocol relies on a Proof-of-Authority model that depends on the trustworthiness of its validator set.

Since the security properties of deBridge will significantly change once its core security features are complete, an assessment of the protocol's suitability will have to occur after that event. The Committee has thus concluded that deBridge does not currently meet the requirements for the Uniswap DAO’s cross-chain governance use case.

We understand that the deBridge team is actively working towards finalizing the core mechanisms of the protocol and look forward to seeing its continued progress.

Risks and Concerns

Other concerns surrounding deBridge include:

1. Project maturity: While the deBridge protocol appears to be on the right track, much of the discussion and documentation provided is focused on a desired future state rather than the current implementation.
2. deBridge Governance: Updates to contracts and security parameters are controlled by “deBridge Governance”, which is currently the company itself.
3. Low bug bounty: deBridge offers a relatively low bug bounty of $200K. In comparison, the bounties of other assessed bridges range from $2M-$15M.

Next Steps

The Committee suggests that Uniswap reassess deBridge after the protocol has fully transitioned into its planned Proof-of-Stake upgrade, and has been in production for a sufficient period of time.