L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our Discord to suggest improvements!

SummaryValue LockedRisk summaryTechnologyPermissionsSmart contracts

Eclipse logoEclipse

About

Eclipse is a sidechain powered by the Solana Virtual Machine (SVM).

  • Total value locked
  • Destination
    Eclipse
  • Validated by
    Third Party
  • Type
    Token Bridge

    • About

    Eclipse is a sidechain powered by the Solana Virtual Machine (SVM).

    Value Locked
    Risk summary

    Funds can be stolen if

    1. the Treasury owner decides to transfer the funds locked on L1,
    2. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Users can be censored if

    1. the bridge operators decide not to mint tokens after observing a deposit (CRITICAL).
    Technology

    Principle of Operation

    Eclipse implements a custom deposit-only bridge. There is no functionality to withdraw assets back to Ethereum.

    1. EtherBridge.sol - Etherscan source code, deposit() function, no withdraw function
    2. Mailbox.sol - Etherscan source code, receiveMessage() function calls EtherBridge

    Third party validation

    Deposits are processed by the bridge operators on the Eclipse side. There is no mechanism to send messages back to Ethereum.

    • Users can be censored if the bridge operators decide not to mint tokens after observing a deposit (CRITICAL).

    • Funds can be stolen if the Treasury owner decides to transfer the funds locked on L1.

    1. Treasury.sol - Etherscan source code, emergencyWithdraw() function
    Permissions

    The system uses the following set of permissioned addresses:

    AuthorityMultisig 0x4720…64E0

    This is a Gnosis Safe with 1 / 2 threshold. Can pause and upgrade the EtherBridge and Mailbox contracts.

    AuthorityMultisig participants (2) 0xF48C…46FA0xAFa4…8695

    Those are the participants of the AuthorityMultisig.

    TreasuryOwner 0x7B2c…0efC

    This is a Gnosis Safe with 3 / 5 threshold. Can upgrade and transfer funds from the Treasury.

    TreasuryOwner participants (5) 0xd061…cDb50x0706…8Fed0xDecF…96860xEe05…82D90x3392…C080

    Those are the participants of the TreasuryOwner.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    EtherBridge 0x83cB…0fd1Implementation (Upgradable)Admin

    Entry point to deposit ETH. It is registered as a module in the Mailbox contract.

    Mailbox 0xb23B…968dImplementation (Upgradable)Admin

    Contract receiving messages from registered modules to send to Eclipse. It doesn’t have any functionality to send messages back to Ethereum.

    Treasury 0xD7E4…E644Implementation (Upgradable)Admin

    Holds the funds locked on Ethereum. This contract stores the following tokens: ETH.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).