One week after The Defiant reported on questions about the management of user funds in Multichain, the bridging platform pointed toward a blog post published on Sept. 29.
Its main message: user funds are safe.
Researchers at L2BEAT found that user funds were moved from an escrow address in Multichain in order to provide liquidity elsewhere in the network. The practice raised concerns about users’ ability to locate and withdraw those funds in a timely manner, according to the researchers and an independent security expert.
Multichain, the No. 2 bridge protocol with $1.5B in total value locked, did not return The Defiant’s requests for comment prior to publication and addressed the report on Twitter shortly afterwards.
“We use the shared liquidity tool to balance the liquidity automatically,” Multichain said. “Cross-chain transactions are all secured by MPC [multi-party computation] network. There is no security risk regarding the cross-chain mechanism.”
The response included a link to a blog post published Sept. 29, which includes an explanation of the “shared liquidity tool.”
“When a user bridge assets from chain A to chain B, the user’s assets on Chain A will be sent to the escrowed pool on Chain A, then the escrowed assets on chain B will be send to the user or the assets will be minted for the user,” the post reads. “Then the user can bridge the asset directly from Chain B to Chain C without going back to Chain A. The deposit or escrow addresses in Multichain protocol are on multi-chains. How the assets are located depends on how users use Multichain protocol.”
Using the example of Dai, a stablecoin, on the Fantom blockchain, Multichain said all the Dai on Fantom was backed by Dai on several other chains: Optimism, Cronos, BNB, Polygon, Arbitrum, Avalanche and Ethereum.
Movement of funds is automatic and approved by an independent, distributed network of validators, the post continues.
Nevertheless, users must still trust that Multichain is managing the liquidity effectively, according to Michael Lewellen, head of solutions at security firm Open Zeppelin.
Multichain is built such that a single key for signing transactions is shared across multiple locations.
“That’s certainly better than it being a single key in one location,” Lewellen told The Defiant. “However, it means less transparency for the community on how that multi-sig is managed and it doesn’t really change the core issue which is that Multichain as an entity is being entirely trusted to manage the liquidity effectively.”
Lewellen pushed back against Multichain’s assertion there is “no security risk.”
“They are the security risk,” he said. “That’s fine if users are okay with trusting Multichain and that’s how several other centralized bridges operate. However, the way that Multichain does this is less transparent than most due to the strange way they are managing liquidity that makes it hard to tell bridged assets are fully collateralized.”
Criticism of their novel approach was to be expected, according to Tung Dinh, Multichain’s head of business development.
“The terminology/methodology is an innovation and [we were] expecting controversy,” Dinh said. “That said all Dai can be audited by look[ing] at router contracts.”
Updated on Nov. 3 to add comments by Tung Dinh of Multichain and Michael Lewellen at Open Zeppelin.