Today, we’re expanding our knowledge of cross-chain protocols by learning more about Allbridge.
This article examines the design, security, and trust assumptions of Allbridge, highlighting its unique features and tradeoffs by thoroughly analysing its architecture.
Here, we will cover the following:
Allbridge — An Overview
Product Offerings
Network Effects
Security Check
How It Works — Transaction Lifecycle
Trust Assumptions & Tradeoffs
Risk Analysis: Architecture Design & Security Considerations
Community & Resources
Let’s dive in!
Launched in July 2021, Allbridge is a blockchain bridge that started within the Solana ecosystem. It was originally named Solbridge as its focus at launch was to expand Solana’s presence in the ecosystem by connecting it with other chains. Over time, the protocol expanded its scope beyond Solana and rebranded to Allbridge.
Allbridge Classic is the first iteration of Allbridge. It enables asset transfers across 20 chains, including both EVM and non-EVM chains like Solana and Stellar. This version of the protocol has been responsible for handling the majority of Allbridge's volume.
In June 2022, Allbridge launched Allbridge Core, a new-age bridging platform focusing on cross-chain stablecoin swaps. This new version addresses the pain points of the legacy version, particularly the multi-step, time consuming process of bridging tokens via an Allbridge-wrapped implementation and then swapping them into the desired asset.
Allbridge Core simplifies the bridging experience by focusing on stablecoin swaps. Since most bridging activity involves stablecoins, Allbridge Core is able to cater to most user demands while keeping the product simple and lightweight. Presently, Allbridge Core features 11 liquidity pools, enabling stablecoin swaps across 7 chains.
Additionally, Allbridge Core introduces unique features, such as:
Support for multiple messaging protocols – In addition to supporting cross-chain message transfer via Allbridge, Allbridge Core also supports other messaging protocols like Wormhole. This integration enables it to support unique chains available through Wormhole and provides an alternative/fallback option for chains already supported by Allbridge.
Furthermore, Allbridge Core has recently integrated Circle’s Cross-Chain Transfer Protocol (CCTP). This addition enables Allbridge Core to support USDC transfers across CCTP-supported chains without the need for maintaining liquidity pools on these chains. Moreover, users can choose from three different messaging protocols, each offering varying transfer fees and times.
Currently, CCTP support is only available on EVM chains. However, this will change soon as CCTP already supports Solana on devnet and is set to launch on mainnet in the near future.
Extra gas on the destination chain – This feature addresses users' ‘cold start’ issue when bridging assets to a new chain. With this, users can simply bridge some extra funds to pay for gas on the destination chain with this feature.
The ‘extra gas’ feature is slowly becoming a standard in the multi-chain ecosystem. For instance, in the Solana ecosystem, Phantom uses it as the ‘Refuel’ function for their ‘Cross-Chain Swapper’, via the LI.FI integration that uses Allbridge Core under the hood.
Beyond user-facing products like Allbridge Classic and Allbridge Core, Allbridge offers a white-label bridging solution called Allbridge BaaS. This allows projects to use Allbridge’s cross-chain messaging functions and launch a bridge setup specifically for their token. Allbridge charges a one-time fee of $20K for setting up this bridge.
From original product focus on Solana to winning Solana hackathons in 2021, Allbridge’s roots are deeply tied to the Solana ecosystem. This emphasis on Solana has proven advantageous, as Solana remains the most active chain on Allbridge. Since its launch, Allbridge Classic has seen over $1.45 billion in volume from almost 200,000 transactions on Solana, generating $550K in fees on Allbridge Classic alone.
Other major ecosystems contributing to Allbridge’s growth include common names across all bridging platforms, like Ethereum, Avalanche, BNB Chain, and Polygon. Interestingly in the case of Allbridge Core, Tron network is an ecosystem that has seen significant traction.
Notably, popular Layer 2 solutions like Arbitrum and Optimism, which usually dominate EVM-focused bridge statistics, are absent from this list. It is also worth mentioning that Allbridge doesn't support several major and emerging Layer 2s, such as Base, zkSync, and Linea, with only USDC on Arbitrum being supported on Allbridge Core.
Recently, Allbridge Core was integrated by LI.FI, gaining access to LI.FI’s distribution of over 120 protocols for cross-chain swaps. Additionally, Allbridge is currently the sole bridge provider for EVM <> Solana transactions in Phantom's Cross-Chain Swapper feature. This exclusivity allows Allbridge to benefit from high transaction volumes until other bridge providers are added.
Moreover, Allbridge presented the testnet demo of the CCTP integration at Breakpoint 2023. This strategic partnership with Circle as launch partners for CCTP on Solana will also be beneficial for the protocol as CCTP launches on Solana later in March.
In February, Solana support was also enabled on Jumper, with routes facilitated via Allbridge. Similar to Phantom’s Cross-Chain Swapper, Allbridge is currently the sole bridging solution in Jumper’s Solana support and thus wins all the order flow to/from Solana and EVM chains on Jumper.
Audits – Allbridge’s architecture has been audited 5 times. By Hacken in September 2021 (Audit score - 10), by Kudelski Security in May 2022, by Cossack Labs in September 2022), by Hacken in Feb 2022 (Audit score - 9.8), and by CoinFabric in July 2023.
Bounty – Allbridge has an open bounty on HackenProof with rewards ranging from $100 - $4,000.
Security breach – In April 2023, Allbridge Core faced a security breach due to a flash loan exploit on the BNB chain, resulting in a loss of $650K. Attackers exploited a logic flaw in the withdrawal function, manipulating swap prices in the pool.
The Allbridge team recovered ‘most of the stolen funds’ and compensated the shortfall, reimbursing affected users who completed an application form. Post-attack, the protocol relaunched with the following fixes and security features:
Fixing the liquidity calculation on deposits and withdrawals – extensive testing was conducted.
Introduction of Rebalancer Authority via special accounts – this tool will allow the team to rebalance pools in extreme circumstances and emergencies by using the bridge without paying fees.
An automatic shutdown feature for extreme pool imbalances, like a stablecoin losing its peg.
Ability to manually shutdown the bridge to improve reaction time in case of unexpected issues.
A public repository that highlights the team’s efforts to become more open source and invite white hat research to review the bridge’s contracts.
According to L2BEAT, Allbridge Core ‘contains a number of core, unverified smart contracts’ which can put the user’s funds at risk in case they contain malicious code.
It's important to note that following the security breach incident, Allbridge Core's contracts were redeployed. The main contracts have now been verified. Additionally, the contracts of Allbridge Classic are also verified.
However, the L2BEAT team has noted that certain bridge contracts remain unverified. The Allbridge team explains this as a complication arising from an overlap of the older Core contracts, which were in place before the security incident, and the contracts associated with Allbridge Classic. Steps are being actively taken by Allbridge to address and clarify this discrepancy on the L2BEAT website, ensuring a clearer and more transparent understanding for everyone.
Note: this section of the deep dive will be updated as new developments occur.
Here’s how assets are transferred from the source chain to destination chain via Allbridge Core’s architecture:
Step 1: Users send assets to the liquidity pool on the source chain, where they are locked.
Step 2: These assets are swapped into Virtual Tokens (VT) which represent their dollar value.
For example, when a user sends 100 USDC, the amount is converted into VT based on the current exchange rate of VT to USDC.
Step 3: The Virtual Tokens with the transaction information are transferred to the destination chain via the chosen messaging protocol.
The validators of the messaging protocol verify that the funds have been locked on the source chain and swapped accurately into ‘Virtual Tokens’.
Step 4: The message arrives on the destination chain and triggers the smart contract.
Step 5: The smart contract swaps the Virtual Tokens to the desired tokens from the liquidity pool on the destination chain and sends them to the user’s address.
While this might seem like different steps on different chains, it all happens in one click for the user.
Allbridge Classic supports a broader range of tokens, like aeUSDC (Allbridge Ethereum Wrapped USDC), which are minted by the bridge.
Here’s how assets are transferred from the source chain to destination chain via Allbridge Classic’s architecture:
Step 1: Users send funds to Allbridge’s smart contract on the source chain.
At this step, users can send two types of assets:
1) Native assets – in this case, the assets are locked in a liquidity pool on the source chain.
2) Wrapped assets – in this case, the assets are burned by the smart contract on the source chain.
Step 2: A transaction record is created, prompting a validation request to the Allbridge validators.
Step 3: Validators verify the locking of funds on the source chain.
Step 4: Once verified, validators issue a signature to the user.
Step 5: The user then forwards this signature to the smart contract on the destination chain.
Step 6: The funds are transferred to the user. The process varies depending on the type of asset that the user is expected to receive on the destination chain.
For example, if it’s:
1) Native assets – the assets are unlocked from the destination chain’s smart contract and transferred to the user's wallet.
2) Wrapped assets – the assets are minted by the smart contract on the destination chain and transferred to the user’s wallet.
Here’s a list of notable trust assumptions and tradeoffs made by Allbridge:
External verification by a set of validators – Allbridge relies on third-party validators to verify the user’s transactions, depending on the underlying messaging bridge used (Allbridge or Wormhole or CCTP).
Small validator set – Allbridge’s validator set consists of only 2 validators. The two validators can potentially collude to pass malicious messages and steal users’ funds.
Censorship risk – a single validator in Allbridge’s validator set can censor messages.
Permissioned validator set – the validators operating in the system are run and/or chosen by the Allbridge team.
No slashing mechanisms – there are currently no slashing penalties imposed on validators to disincentivize them from colluding or censoring.
The Allbridge team can censor users – while special accounts will give the Allbridge team more control to react promptly in case of emergencies, it can also be misused to wrongly censor user deposits, withdrawals and swaps.
You can learn more about Allbridge through the following:
You can stay updated about its community by following them on:
Enjoyed reading our research? To learn more about us:
Disclaimer: This article is only meant for informational purposes. The projects mentioned in the article are our partners, but we encourage you to do your due diligence before using or buying tokens of any protocol mentioned. This is not financial advice.