Crypto Bridge Wars Heat Up as UniSwap Searches for Provider
Nomad founder James Prestwich accused cross-chain crypto bridge protocol LayerZero of building and using a backdoor.
Last year the stablecoins went to war. This year, it’s the cross-chain bridges. Nomad founder James Prestwich accused cross-chain crypto bridge protocol LayerZero of building and using a backdoor. The timing of these accusations is suspect, because leading decentralized exchange (DEX) UniSwap is choosing its official bridge provider as it rolls out a DEX on Binance's BNB Chain.
Nomad is a crypto bridge best known for being hacked for $190M by hundreds of strangers last summer. LayerZero is a protocol used to make cross-chain crypto bridges, and the largest bridge operating on it is Stargate, which has $378M TVL.
UniSwap's new BNB Chain DEX is expected to have a $1B TVL, so UniSwap's official bridge between Ethereum and BNB Chain should generate a lot of fee income.
Prestwich is making two accusations and an assumption in his Substack article:
First, Prestwich is specifically saying that LayerZero built backdoors into two of its main smart contracts, and that “these vulnerabilities allow the LayerZero MultiSig to exploit user applications by passing arbitrary messages to the application without Relayer or Oracle sign-off.” Since LayerZero is software for building crypto bridges, the messages it's sending can be used to move and even create or destroy funds.
Second, Prestwich believes the LayerZero team is using the backdoors.
Finally, Prestwich assumes that since LayerZero publicly denies the backdoors exist, they must be using it for bad stuff. His thinking is that smart contract hackers would already know about these vulnerabilities, so going public wouldn't increase the risk of being hacked. Instead, Prestwich believes that if the backdoors were made public, Stargate would force LayerZero to fix the vulnerabilities.
It seems like LayerZero is operating a couple backdoors in its smart contracts, and that could be enough for UniSwap to stay away. UniSwap has $3.8B in TVL and is looking to add another $1B. That's a lot of money to protect.
What's funny about all of this is that it’s Nomad's founder calling out LayerZero. Nomad got hacked for $190M by a bunch of random internet strangers. If I were in UniSwap’s position, I’d strongly consider developing my own bridge internally instead of adopting a partner.