Skip to content

Chainflip AMM Autonomy Assessment #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mamolas wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Chainflip AMM Autonomy Assessment #146

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 132 additions & 0 deletions data/submissions/chainflip-amm/autonomy/deepseek-2026-05-01.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
{
"schema_version": 3,
"slug": "chainflip-amm",
"slice": "autonomy",
"snapshot_generated_at": "2026-04-27T08:19:52.420Z",
"prompt_version": 12,
"analysis_date": "2026-05-01",
"model": "claude-sonnet-4-5",
"chat_url": "https://chat.deepseek.com/share/onogy2mwkhzk4b9gyp",
"grade": "red",
"headline": "All vault funds depend on an ≈100-of-150 validator set and a governance multisig with no timelock; collusion or compromise can cause total loss.",
"short_headline": "Validator collusion can steal all funds",
"rationale": {
"findings": [
{
"code": "A1",
"text": "The Ethereum Vault contract (0x6995...12C5) makes no external calls to oracles or price feeds; its only external interactions are ERC-20 transfers triggered by aggregate-threshold-signature verification. This is confirmed by the on-chain verified source."
},
{
"code": "A2",
"text": "The State Chain validator set (trailofbits review describes ≥100-of-150 threshold) collectively authorises all withdrawals from the vault. If ≥100 validators collude or the State Chain halts, they can steal all user principal in the vault."
},
{
"code": "A3",
"text": "No external bridge dependency: the protocol uses its own State Chain validators and threshold-signature-based vaults to move assets across chains; no third-party messaging protocol (LayerZero, Wormhole) is needed for core user flows."
},
{
"code": "A4",
"text": "No nested collateral or restaking chains exist; the vault holds native assets directly, not yield-bearing receipts."
},
{
"code": "A6",
"text": "The only circuit breaker is the governance multisig's emergencyStop function on the Vault (confirmed live on Etherscan). This relies on active, off-chain intervention by the multisig signers and is not an automated safety net."
},
{
"code": "A7",
"text": "The Ethereum Vault depends on the liveness of the independent Chainflip State Chain for all withdrawals; if the State Chain halts, user funds are frozen indefinitely with no recovery path that avoids the State Chain."
},
{
"code": "A8",
"text": "No permissionless keeper/relayer liveness dependency; all deposit/withdrawal execution is performed by validators within the consensus protocol."
},
{
"code": "A9",
"text": "The governance multisig (CommunityKey) can upgrade the Vault and change the aggregate-key address (the validator set) without a timelock or user exit window (Kudelski audit). This allows silent introduction of a new, possibly malicious, external signer set that could steal all vault funds."
}
],
"steelman": {
"red": "If ≥100 of the 150 State Chain validators collude (a realistic failure of the external dependency), they can produce a valid aggregate signature to drain the Ethereum Vault, with no automated on-chain circuit breaker that prevents the theft.",
"orange": "The governance multisig can activate emergency pause to freeze the vault before colluding validators complete a theft, reducing the probability of loss, though this still relies on a small, off-chain committee detecting the attack in time.",
"green": "The protocol has zero external oracle or bridge dependencies, and the validator set is selected by permissionless FLIP staking, making large-scale collusion economically irrational."
},
"verdict": "Choosing red because the Ethereum Vault's funds are controlled by an external validator committee (≥100-of-150 threshold, confirmed by the Trail of Bits audit), and the governance multisig can change this committee without a timelock (Kudelski audit), so failure or compromise of either external dependency can cause theft of all user principal. No automated fallback exists; the only mitigation is an off-chain emergency pause by the same multisig. Estimated impacted TVS: ~100%."
},
"evidence": [
{
"url": "https://etherscan.io/address/0x6995AB7f9046BC3B599C84e2B30Fd7F27B2e12C5#code",
"shows": "Verified Ethereum Vault source code; no external oracle calls; emergencyStop function owned by CommunityKey multisig",
"chain": "Ethereum",
"address": "0x6995AB7f9046BC3B599C84e2B30Fd7F27B2e12C5",
"fetched_at": "2026-05-01T10:00:00Z"
},
{
"url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/2023-04-TrailOfBits-securityreview.pdf",
"shows": "Trail of Bits review confirms security depends on ≤1/3 malicious validators; threshold ≥100-of-150 can authorise all vault operations",
"fetched_at": "2026-05-01T10:00:00Z"
},
{
"url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Chainflip_Backend_-_Zellic_Audit_Report.pdf",
"shows": "Zellic audit of backend smart contracts; no external oracle dependencies; validation relies on aggregate signatures",
"fetched_at": "2026-05-01T10:00:00Z"
},
{
"url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Multisig-Kudelski-Q1-2022.pdf",
"shows": "Kudelski audit of the CommunityKey multisig that controls Vault upgradeability and can change the validator key set",
"fetched_at": "2026-05-01T10:00:00Z"
},
{
"url": "https://docs.chainflip.io/concepts/validators",
"shows": "Official docs state the State Chain targets 150 validators with a 2/3 threshold for consensus and threshold signing",
"fetched_at": "2026-05-01T10:00:00Z"
},
{
"url": "https://docs.chainflip.io/integrations/contract-addresses",
"shows": "Canonical list of deployed contract addresses, including Vault on Ethereum: 0x6995AB7f9046BC3B599C84e2B30Fd7F27B2e12C5",
"fetched_at": "2026-05-01T10:00:00Z"
},
{
"url": "https://etherscan.io/token/0x826180541412D8cf6f0F1d8A5E4e7C7c3926C0ba",
"shows": "FLIP governance token deployed on Ethereum, used for validator staking and governance voting",
"chain": "Ethereum",
"address": "0x826180541412D8cf6f0F1d8A5E4e7C7c3926C0ba",
"fetched_at": "2026-05-01T10:00:00Z"
}
],
"unknowns": [],
"protocol_metadata": {
"github": [
"https://github.com/chainflip-io/chainflip-backend"
],
"docs_url": "https://docs.chainflip.io",
"audits": [
{
"firm": "Trail of Bits",
"url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/2023-04-TrailOfBits-securityreview.pdf",
"date": "2023-04"
},
{
"firm": "Zellic",
"url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Chainflip_Backend_-_Zellic_Audit_Report.pdf",
"date": "2023"
},
{
"firm": "Kudelski Security",
"url": "https://github.com/chainflip-io/chainflip-backend/blob/main/audits/Multisig-Kudelski-Q1-2022.pdf",
"date": "2022-01"
}
],
"governance_forum": "https://commonwealth.im/chainflip",
"voting_token": {
"chain": "Ethereum",
"address": "0x826180541412D8cf6f0F1d8A5E4e7C7c3926C0ba",
"symbol": "FLIP"
},
"bug_bounty_url": "https://immunefi.com/bounty/chainflip",
"security_contact": "https://github.com/chainflip-io/chainflip-backend/blob/main/SECURITY.md",
"deployed_contracts_doc": "https://docs.chainflip.io/integrations/contract-addresses",
"admin_addresses": [],
"upgradeability": "upgradeable",
"about": "Chainflip is a cross-chain automated market maker that enables native swaps between major blockchains without wrapped tokens. It operates a dedicated app-chain (State Chain) secured by up to 150 validators who collectively control vaults on connected chains via a threshold signature scheme. Users deposit source-chain assets into the vault and receive destination-chain assets from the corresponding vault, with swap pricing determined by a Just-In-Time (JIT) liquidity pool. All vault funds are protected solely by the honesty of a supermajority of validators and a governance multisig capable of upgrading the vault and rotating the validator key set."
}
}