Evaluating Wormhole wrapped assets for listing

Does anyone in the community have any technical, qualitative or qualitative insights into the current status of the Wormhole wrapped assets post-exploit? Regarding the rather large bug bounty, it would be great if folks could point to any research/findings recently disclosed and help tease out what could be considered for listing on Jet Protocol.

https://decrypt.co/91962/crypto-bridge-wormhole-replenished-after-hack-320m-ethereum

As the DAO formation is completed with the appointed Governance Committee this type of work will be solicited through a sub-committee in short order but I wanted to get a conversation started about it now.

Thank you in advance for your attention!

4 Likes

Whilst the WH hack was one of the largest smart contract exploits in the past, I don’t think it revealed a fundamental weakness or attack vector that was previously unknown.

As laid out in the post-mortem, the SC failed to verify one of the signatures & allowed the attacker to mint 120k wETH. Most notably, it was not an exploit on the integrity of the bridge (no guardians were compromised) or the composition of the collateral token. Arguably, post exploit wh-based asset could be considered more secure than before due to the WH security roadmap & an implicit backing by Jump Crypto.

Looking at user adoption, solend currently shows deposits of 11.590 whETH & 10.690 soETH which indicates market participants don’t show a clear preference for either type of wrapped asset.


Going forward, wh-based asset could be utilized by providing the end-user with optionality in terms of using centralized sollet-wrapped asset vs. decentralized wh-wrapped assets (each with a different risk profile) or through the addition of new assets alltogether.

5 Likes

So the issue is not optionality per se- Sollet wrapped assets are going away as stated here: Migrating from Sollet. The Sollet wallet features a built-in… | by Project Serum | Mar, 2022 | Medium

The question is more so:

  • Does a WH wrapped asset warrant having a cap?
  • Are there any other bridged assets worth considering as well?
2 Likes

I think any asset should have a cap.

IMO Non solana native assets with different wrappers should be evaluated and analyzed by risk as distinct assets. Some of the fundamental risk is shared but technical and liquidity risk is distinct.

1 Like

Ah, good to see they finally follow through with the depreciation of erc20 sollet-wrapped assets.

I’d agree with all assets having a cap dependent on liquidity.

Not sure if there is any risk inherent in wh-wrapped asset that we don’t see in other assets too (eg. minting keys for SPL-native token or centralisation with sollet-wrapped BTC).

Are there any other bridged assets worth considering as well?

Not from my pov, as there is little or no organic usage for asset bridged assets via RenBridge or allbridge. (The latter is primarily used for on-/offboarding, assets are swapped to the solana native versions on a stableswap.)

3 Likes

The poster above (tmnxeq) summarized the specifics quite well, thank you!

To add further detail around steps being taken, the Wormhole code is being audited by multiple audit firms and we will be adding more over the course of this year. We already have one public audit report that can be found in the Wormhole GitHub repository, and we’ll be adding more as the other audits wrap up.

4 Likes