diff --git a/data/submissions/chainflip-amm/autonomy/deepseek-2026-05-01.json b/data/submissions/chainflip-amm/autonomy/deepseek-2026-05-01.json new file mode 100644 index 0000000000..273dd8bf0b --- /dev/null +++ b/data/submissions/chainflip-amm/autonomy/deepseek-2026-05-01.json @@ -0,0 +1,132 @@ +{ + "schema_version": 3, + "slug": "chainflip-amm", + "slice": "autonomy", + "snapshot_generated_at": "2026-04-27T08:19:52.420Z", + "prompt_version": 12, + "analysis_date": "2026-05-01", + "model": "claude-sonnet-4-5", + "chat_url": "https://chat.deepseek.com/share/onogy2mwkhzk4b9gyp", + "grade": "red", + "headline": "All vault funds depend on an ≈100-of-150 validator set and a governance multisig with no timelock; collusion or compromise can cause total loss.", + "short_headline": "Validator collusion can steal all funds", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "The Ethereum Vault contract (0x6995...12C5) makes no external calls to oracles or price feeds; its only external interactions are ERC-20 transfers triggered by aggregate-threshold-signature verification. This is confirmed by the on-chain verified source." + }, + { + "code": "A2", + "text": "The State Chain validator set (trailofbits review describes ≥100-of-150 threshold) collectively authorises all withdrawals from the vault. If ≥100 validators collude or the State Chain halts, they can steal all user principal in the vault." + }, + { + "code": "A3", + "text": "No external bridge dependency: the protocol uses its own State Chain validators and threshold-signature-based vaults to move assets across chains; no third-party messaging protocol (LayerZero, Wormhole) is needed for core user flows." + }, + { + "code": "A4", + "text": "No nested collateral or restaking chains exist; the vault holds native assets directly, not yield-bearing receipts." + }, + { + "code": "A6", + "text": "The only circuit breaker is the governance multisig's emergencyStop function on the Vault (confirmed live on Etherscan). This relies on active, off-chain intervention by the multisig signers and is not an automated safety net." + }, + { + "code": "A7", + "text": "The Ethereum Vault depends on the liveness of the independent Chainflip State Chain for all withdrawals; if the State Chain halts, user funds are frozen indefinitely with no recovery path that avoids the State Chain." + }, + { + "code": "A8", + "text": "No permissionless keeper/relayer liveness dependency; all deposit/withdrawal execution is performed by validators within the consensus protocol." + }, + { + "code": "A9", + "text": "The governance multisig (CommunityKey) can upgrade the Vault and change the aggregate-key address (the validator set) without a timelock or user exit window (Kudelski audit). This allows silent introduction of a new, possibly malicious, external signer set that could steal all vault funds." + } + ], + "steelman": { + "red": "If ≥100 of the 150 State Chain validators collude (a realistic failure of the external dependency), they can produce a valid aggregate signature to drain the Ethereum Vault, with no automated on-chain circuit breaker that prevents the theft.", + "orange": "The governance multisig can activate emergency pause to freeze the vault before colluding validators complete a theft, reducing the probability of loss, though this still relies on a small, off-chain committee detecting the attack in time.", + "green": "The protocol has zero external oracle or bridge dependencies, and the validator set is selected by permissionless FLIP staking, making large-scale collusion economically irrational." + }, + "verdict": "Choosing red because the Ethereum Vault's funds are controlled by an external validator committee (≥100-of-150 threshold, confirmed by the Trail of Bits audit), and the governance multisig can change this committee without a timelock (Kudelski audit), so failure or compromise of either external dependency can cause theft of all user principal. No automated fallback exists; the only mitigation is an off-chain emergency pause by the same multisig. Estimated impacted TVS: ~100%." + }, + "evidence": [ + { + "url": "https://etherscan.io/address/0x6995AB7f9046BC3B599C84e2B30Fd7F27B2e12C5#code", + "shows": "Verified Ethereum Vault source code; no external oracle calls; emergencyStop function owned by CommunityKey multisig", + "chain": "Ethereum", + "address": "0x6995AB7f9046BC3B599C84e2B30Fd7F27B2e12C5", + "fetched_at": "2026-05-01T10:00:00Z" + }, + { + "url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/2023-04-TrailOfBits-securityreview.pdf", + "shows": "Trail of Bits review confirms security depends on ≤1/3 malicious validators; threshold ≥100-of-150 can authorise all vault operations", + "fetched_at": "2026-05-01T10:00:00Z" + }, + { + "url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Chainflip_Backend_-_Zellic_Audit_Report.pdf", + "shows": "Zellic audit of backend smart contracts; no external oracle dependencies; validation relies on aggregate signatures", + "fetched_at": "2026-05-01T10:00:00Z" + }, + { + "url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Multisig-Kudelski-Q1-2022.pdf", + "shows": "Kudelski audit of the CommunityKey multisig that controls Vault upgradeability and can change the validator key set", + "fetched_at": "2026-05-01T10:00:00Z" + }, + { + "url": "https://docs.chainflip.io/concepts/validators", + "shows": "Official docs state the State Chain targets 150 validators with a 2/3 threshold for consensus and threshold signing", + "fetched_at": "2026-05-01T10:00:00Z" + }, + { + "url": "https://docs.chainflip.io/integrations/contract-addresses", + "shows": "Canonical list of deployed contract addresses, including Vault on Ethereum: 0x6995AB7f9046BC3B599C84e2B30Fd7F27B2e12C5", + "fetched_at": "2026-05-01T10:00:00Z" + }, + { + "url": "https://etherscan.io/token/0x826180541412D8cf6f0F1d8A5E4e7C7c3926C0ba", + "shows": "FLIP governance token deployed on Ethereum, used for validator staking and governance voting", + "chain": "Ethereum", + "address": "0x826180541412D8cf6f0F1d8A5E4e7C7c3926C0ba", + "fetched_at": "2026-05-01T10:00:00Z" + } + ], + "unknowns": [], + "protocol_metadata": { + "github": [ + "https://github.com/chainflip-io/chainflip-backend" + ], + "docs_url": "https://docs.chainflip.io", + "audits": [ + { + "firm": "Trail of Bits", + "url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/2023-04-TrailOfBits-securityreview.pdf", + "date": "2023-04" + }, + { + "firm": "Zellic", + "url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Chainflip_Backend_-_Zellic_Audit_Report.pdf", + "date": "2023" + }, + { + "firm": "Kudelski Security", + "url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Multisig-Kudelski-Q1-2022.pdf", + "date": "2022-01" + } + ], + "governance_forum": "https://commonwealth.im/chainflip", + "voting_token": { + "chain": "Ethereum", + "address": "0x826180541412D8cf6f0F1d8A5E4e7C7c3926C0ba", + "symbol": "FLIP" + }, + "bug_bounty_url": "https://immunefi.com/bounty/chainflip", + "security_contact": "https://github.com/chainflip-io/chainflip-backend/blob/main/SECURITY.md", + "deployed_contracts_doc": "https://docs.chainflip.io/integrations/contract-addresses", + "admin_addresses": [], + "upgradeability": "upgradeable", + "about": "Chainflip is a cross-chain automated market maker that enables native swaps between major blockchains without wrapped tokens. It operates a dedicated app-chain (State Chain) secured by up to 150 validators who collectively control vaults on connected chains via a threshold signature scheme. Users deposit source-chain assets into the vault and receive destination-chain assets from the corresponding vault, with swap pricing determined by a Just-In-Time (JIT) liquidity pool. All vault funds are protected solely by the honesty of a supermajority of validators and a governance multisig capable of upgrading the vault and rotating the validator key set." + } +}