Proposal

Whitelist the Wormhole bridge as a registered minter of alETH, alUSD, and ALCX on all L2 chains with the following rate limits (mint and burn):

Asset / Chain	Arbitrum	Optimism	All other L2s
alUSD	100,000 alUSD/24h	100,000 alUSD/24h	25,000 alUSD/24h
alETH	100 alETH/24h	100 alETH/24h	25 alETH/24h
ALCX	2,000 ALCX/24h	2,000 ALCX/24h	500 ALCX/24h

Context

History of Alchemix Bridging

In AIP-92 Alchemix upgraded its L2 alAssets and ALCX token to xERC20. The xERC20 integration means that Alchemix can whitelist any number of bridge providers to mint/burn alAssets, with rate limits. Everclear (prev Connext) was the first chosen bridge provider due to its security-first mindset. Everclear messaging uses canonical bridges directly to pass messages between L2 chains, minting/burning assets as needed to satisfy bridge requests. Because canonical bridges are used, no 3rd party needs to be trusted with funds. Because the use-case is bridge-specific, the bridge time is reduced from the typical 7 days down to 2-24 hours.

Good and Bad of Connext

There have been no security incidents with Connext, however some users complain about long bridge times. Previously Alchemix loaned out liquidity to a company acting as a bridge router that allowed for fast bridging up to a certain amount of liquidity, but that company is no longer doing router service.

Users require a way to fast-bridge that doesn’t require using Connext, meanwhile, Alchemix needs to ensure any additional risks introduced by fast-bridging are worthwhile and can be limited.

Goal of this Proposal

This proposal requests to whitelist Wormhole as another bridging provider - with lower rate limits than the Connext bridge. This means bridging within the new rate limits will typically occur much faster (10-15 minutes, with optional solver routing down to 5-15 seconds), while bridging beyond the new rate limits will still use the slower Connext routing.

A Note on Bridge Security

When using a bridge, you rely on something/someone to send a message between two chains. This means you are trusting up to THREE validator sets with your assets.

Example: You use Layer0 to bridge from Solana to Ethereum. You are now trusting Solana, Layer0, and Ethereum to all properly account for your assets - much more to trust than just Ethereum itself! No matter how secure Layer0, Ethereum, and Solana are, having to trust all 3 together is intrinsically less secure than only trusting one of them.

This is why Alchemix uses Connext and only deploys on Ethereum Layer 2 chains - because the Ethereum validator set is central to both Layer 2 chains and to the Connext messaging system. This is also why it is important to rate limit bridges - to avoid potential uncapped exploits.

How does Wormhole work?

Wormhole is an interoperability protocol consisting of onchain and offchain components that facilitate messages between chains. Wormhole relies on Guardians, or a set of distributed nodes that monitor state on several blockchains. Guardians are a decentralized network that are responsible for sending requested messages between chains. There are 19 Guardians in total, many of which are the largest and most widely-known validator companies in crypto.

More information can be found here: https://dao.rocketpool.net/t/reth-ntt-vibe-check/3298

If the Wormhole guardians were ever to be compromised, the risk would be unbacked alAsset minting on L2 chains up to the rate limit, until the Wormhole’s ability to mint is revoked.

Why Wormhole?

Wormhole has been chosen for a few reasons that all came together around the same time:

1. Wormhole is a messaging system meant to be used with mint-burn systems such as xERC20.
2. Moonwell, friends of Alchemix, have already developed an adapter that ties into the xERC20 system. Moonwell chose Wormhole due to more robust/easy to use APIs and relayers. There is also more flexibility to relay transactions to another chain, which could be beneficial in future v3 onchain governance.
3. There are current contributors at Wormhole that have worked with Alchemix (through other protocols) in the past, meaning Alchemix has confidence that support, if necessary, can be rendered quickly and efficiently.
4. Wormhole has developed NTT, which is along the same lines as xERC20 but more robust and is still being actively developed. NTT is a potential option to upgrade alAssets in the future. One feature of NTT is requiring multiple bridges to attest prior to minting assets onto a chain. This means that adding more bridging options doesn’t necessarily reduce security, unlike with xERC20. Thus it is easier to add more bridging routes for users while controlling security.
5. Other options in consideration are Axelar and Layer0. These could be added in the future and both have similarly proven messaging systems. Both require more work to integrate into xERC20, however.

A note on Wormhole’s past exploit

(Section written by Wormhole) Security is paramount to Wormhole. Following the incident, Wormhole performed an extensive re-audit of all its code, increased the level of audit coverage, and currently maintains large bug bounty programs. In total, Wormhole has undergone 29 third-party audits and continues to do so. All audits and final reports can be found in the security page of the GitHub Repo.

Architecturally, Wormhole introduced multiple defense in depth mechanisms to limit the impact of any potential future exploit. This included defense-in-depth measures like the Governor (daily notional rate limit of token transfers) and Global Accountant (cross chain accounting), along with an emergency playbook, a procedure on how guardians respond to an emergency situation; either shutting down their nodes or executing a contract upgrade to disable functionality, depending on the nature of the exploit.

Lastly, following industry best practices and in the ethos of the Ethereum community, all contracts are built in public and are open source.

• Guardian Dashboard: https://wormhole-foundation.github.io/wormhole-dashboard/#/?endpoint=Mainnet
• Bug bounty: Wormhole Bug Bounties | Immunefi
• Security overview: Cross-chain security | Wormhole

Voting Options

Voting is simple for/against/abstain. Voting “For” means whitelisting Wormhole to mint alUSD, alETH, and ALCX on integrated chains with the rate limits outlined in the first section of this proposal.