Component: Multichain bridge backend

Description

The multichain bridge backend is the application that handles all operations for the admin and user front ends. Aside from handling the input coming in from the two front ends, it is also responsible for the bridging logic. Various crawlers are set up to retrieve the on-chain state, database entries, and job queues to bridge the user's ETH to WETH or WETH to ETH.

Invariants

• A user should not be able to bypass the daily limit of tokens to bridge.

• User-controlled data should be handled securely.

• The admin API must enforce strict authentication to ensure that only authorized users can access its functionalities.

• Crawlers should function properly.

Test coverage

While some limited test coverage is present, not everything is covered by a test case.

Attack surface

The attack surface is mainly code that directly handles user-controlled input — for example, the admin API, which is secured by requiring a valid JWT, which is only obtained by logging in with a valid admin wallet. The user front-end output is extremely limited, and most values are not directly controlled by the user.

Nonetheless, some of the controllable values are inserted into a database, which may lead to SQL injection if the input is handled improperly. No cases of insecure data handling relating to SQL operations were found.

The check dealing with the daily quota happens after a user has already made the deposit. It is coded in such a way that funds may get stuck, if a user makes a deposit that exceeds the currently configured daily quota, which has been detailed in Finding ref↗.

The crawler setup was mainly investigated via static analysis and some limited dynamic testing. Due to time constraints, it was not possible to get a fully working setup using the commit agreed upon for the audit.