Portal Bridge
Portal is a cross-chain bridge that lets anyone move assets (wrapped by Wormhole) across chains. Assets are locked on the source chain and minted on the destination chain.
- Documentation
- Auditors
- Please see our FAQ on experienced auditors
- Website
- Tags: Bridging
- TVL: $2.2B (Rank #13)
- TVL Ranking by Bridging: #0
- Blockchain: Ethereum, Fantom, Solana, Binance, Moonbeam, Terra, Near, Arbitrum, Avalanche, Polygon, Aptos, Optimism, Base, Celo, Sui, Oasis, Algorand, Klaytn, Aurora, Injective, Acala, Terra2, XPLA, Karura
- Chain TVL
- Ethereum: $1.47B
- Fantom: $520.88M
- Solana: $137.32M
- Binance: $52.69M
- Moonbeam: $15.5M
- Others: $53.94M
- Code reviewed by several experienced auditors including Trail of Bits and Kudelski
- Anonymous team reduces transparency
- One hack in a prior version of the protocol
- Core protocol launched in 2022; maturity over one year minimizes technical risk as smart contracts are well battle-tested
- Top 5% by total value locked reduces risk
- Multisig wallet controls protocol upgrades
- Multisig consists of at least 4 signers, which means the protocol is less susceptible to centralization risks
- No timelock exists or no information documented, which mean a malicious actor could approve upgrades without any delay
- Low voting power concentration reduces risk
- No death spiral concerns
- Externally verified bridge system that is reliant on an external set of validators who don`t have to post any collateral; users essentially have to put their trust in the reputation that all validators will act honestly
- Bridge messages are validated by an external third-party that usually comprises a limited multisig
- Portal locks assets on the origin chain and mints token receipts on the target chain (i.e. Solana). This increases liquidity on the target chain but is vulnerable to attacks as all locked assets live in one smart contract. If that smart contract is exploited, then the token receipts across other target blockchains would become worthless
How Portal bridge works
The Portal bridge is an application built on top of Wormhole. When users bridge tokens through Portal, the origin token gets locked in a smart contract on the source chain and a new Portal wrapped token gets minted on the destination chain. The user can then swap those wrapped tokens for the native tokens on the destination chain. The bridge uses special validator nodes called Guardians to enable cross-chain transfers. Any transfer on Portal must be validated by at least two-thirds of the Guardians, with each Guardian having an equal weight in the validation process. The Portal bridge charges a bridge fee for facilitating the cross-chain transfer of assets. This fee is minuscule at only about $0.0001 per transaction.
What are the role of Guardians?
The Guardian nodes continuously monitor the transfer activity on the bridge; when a transfer request is detected, the nodes verify the request, register it, and locks the sender's native tokens on the source chain. The Guardians then mint the same amount of native tokens on the destination chain. The network of Guardians consist of 19 trusted institutional staking service providers that have been actively involved in Solana staking.
Risks of using the Portal bridge
The Portal bridge is as secure as the trusted group of Guardians. These special validators are external to any blockchains which makes it risker and prone to centralization especially as the 19 validators are also validators for the Solana network. The bridge was previously exploited in February 2022 when a hacker was able to bypass the verification process by injecting a spoofed Guardian signature by generating a fake signature to drain 120K ETH on Ethereum and effectively making the WETH on Solana worthless.