You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 60+ reports (including this one) and complete industry-leading analysis on the top crypto assets. 

Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:

• Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
• Early access to future CORE ratings: Being early is sometimes just as important as being right!
• Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
• CORE report Audio playback: Don’t want to read? No problem! Listen on the go.

Original Wormhole

Overview

Solana is an L1 smart contract protocol developed to enhance network scalability and performance. The Solana ecosystem is supported by its native cryptocurrency, SOL, an SPL token that operates similarly to the well-known Ethereum ERC-20 tokens. The Solana-Wormhole Bridge is the Wormhole connector between the Solana blockchain and the Ethereum blockchain. Additionally, as of June 2022, Wormhole now (again) supports the Terra ecosystem and LUNA 2.0.

Wormhole is a third-party bridge with an external validation design. Wormhole holds the ability to serve as an information portal between six EVM chains plus Solana, Oasis and Kusama’s Karura. Functionality on top of this information transfer includes:

• A token bridge that lets users seamlessly bridge wrapped assets between supported chains
• An NFT bridge that transfers ERC-721 and SPL NFTs between Ethereum, Binance Smart Chain, Polygon, Avalanche, Oasis, Fantom, and Solana

Wormhole operates in the following three-step process:

1. Provide ETH to the Wormhole portal
2. Wormhole locks ETH in a smart contract
3. Wormhole gives you freshly minted ‘wETH’ on the new chain; in this case, Solana

Effectively, each wETH is a promise to pay back ETH on the original chain. Through this mechanism, the new token of wETH has a 1:1 peg to ETH, backed by the ETH pool locked in the smart contract.

Wormhole functionality can be broken down further:

• The Core Layer is the layer on which all of the contracts, and thus the entire bridge, is built
• The Core Contracts, which live on the destination chain, allow Wormhole to send the details of transactions back and forth between the Ethereum, Solana, and Terra networks
• Guardians validate all transactions by providing a signature. The guardians are largely centralized validator companies such as Chorus One and Certus One

Technology

Wormhole’s security and performance rely on 19 known “Guardians” that monitor the state across the connected chains and are responsible for signing messages. Guardians (generally) have a vested financial interest in the connected blockchain ecosystems (and Wormhole specifically) and are trusted not to collude against the users. Because of this, Guardians don’t have to stake any bond to operate in the network. Wormhole is essentially a KYCed proof-of-authority system in which validators run a full node of each connected chain. 

By running a node on every chain, Wormhole’s Guardians can observe and verify the state across the connected chains via a Core Contract. Each Guardian first works independently to collect and sign transactions before combining their signatures with other Guardians. Once enough signatures have been collected, a multisig is formed, proving two-thirds plus consensus among the Guardians and relayed to the destination chain’s Core Contract.

Guardian signatures are what the core contracts look for when relaying information back to the chain. Based on these build mechanics, there’s a massive amount of trust in the Guardians to act honestly and not fail to validate transactions.

Wormhole also runs several other critical crypto applications, including Pyth oracle, which uses Wormhole to send on-chain price data from Solana to other various blockchains. The reverse wouldn’t be practical given the differences in block time.

Security/Trust Assumptions/Hack

Wormhole relies on the security of its 19 Guardians to sign off on transactions rather than the underlying blockchains. Even worse, the Guardian security guarantees suffer from several other aspects:

• No bonded stake (simply their reputation on the line)
• Limited validator set (19)
• Centralized (PoA KYC’d validators, as opposed to decentralized and permissionless) 

Source

Unfortunately, in February 2022, the Solana ecosystem was shaken by a major hack in the Wormhole bridge. The hacker(s) were able to steal ~120,000 ETH (~$300 million) due to a smart contract bug on the bridge’s Solana side. 

Essentially, the attacker was able to mint 120,000 Wormhole ETH on Solana, bypass the bridge “Guardians” in place, and withdraw it back to Ethereum. As the crypto ecosystem becomes more fully built out and users want to use multiple chains, bridges will become vitally important. Bridges are a security liability and a honeypot for hackers. 

The code vulnerability has since been patched, and Wormhole, with help from well-funded backers, was able to reimburse all of the missing ETH on the Solana chain. You can find a detailed breakdown here.  

Following that attack, Wormhole also awarded $10 million to a different white-hat hacker who discovered another vulnerability in their bridge contract in conjunction with Immunefi. Wormhole looked to improve security by completing audits conducted by industry-leading auditing firms. In addition, Wormhole is being developed in the open with ongoing transparent commits/developer activity, while also requiring 3+ entities (the original developer and two independent reviewers) to integrate code.

$W Token

Wormhole has been adopted by over 200 applications across 30 chains, including notable projects like Uniswap, Circle, and Lido, among others, handling upwards of 950 million multichain messages. The development and evolution of Wormhole are spearheaded by a coalition of decentralized teams dedicated to various facets such as security, engineering, and community engagement. This collaborative effort involves entities like the Wormhole Foundation, Wormhole Labs, xLabs, and several others including Wormhole China and Zpoken, contributing to a wide range of functions from ZK engineering to ecosystem growth.

In its journey toward greater decentralization, Wormhole has introduced its native token, denoted as W, outlining the tokenomics behind its distribution, strategic stakeholder allocation, and utility both now and in the future. The introduction of W, with a maximum supply of 10 billion and an initial circulating supply of 1.8 billion, is a pivotal move toward solidifying Wormhole’s vision for a decentralized, permissionless future. The token will be available in both ERC20 and SPL formats, with a significant portion of its total supply initially locked and set to be released over a four-year period, ensuring a structured integration into the ecosystem.