GIP-93: Should GnosisDAO support the integration of Hashi within Gnosis Chain’s Canonical Bridges?

GIP: 93
title: Should GnosisDAO support the integration of Hashi within Gnosis Chain's Canonical Bridges?
author: Cross-chain Interoperability Alliance, (alliance.ccia@gmail.com), (https://github.com/crosschain-alliance)
status: Draft
type: Funding
created: 2024-03-07
duration: 6 months
funding: $250,000 (50% in $ and 50% in 1y-timelocked GNO)

Category

Funding

Executive Summary:

This proposal presents a detailed plan for allocating funds towards integrating the Hashi protocol into Gnosis Chain’s canonical bridges from Ethereum, namely the xDAI Bridge and the AMB (on which the OmniBridge is built). The initiative emphasizes significantly enhancing the security and decentralization of these bridges. The integration aims to introduce advanced security measures, mitigate systemic risks, and ensure the Gnosis Chain ecosystem remains resilient against the evolving landscape of security threats. By fortifying the infrastructure with Hashi, we seek to establish a new standard for security and reliability in cross-chain transactions.
Hashi is an additive security framework, currently supporting 15+ General Message Passing bridges and ZK light clients. With its integration on Gnosis bridges we remove any reliance on one specific bridging mechanism and add the ability to define threshold based bridging (only when 2 of 3 bridges agree a bridge transaction is accepted) along with zero vendor lock-in capabilities by allowing easy replacement of any bridging mechanisms in the future.

This integration will make Gnosis Chain the only L1 with such strong bridge security guarantees. We anticipate that this effort will foster greater user confidence and will have a big positive impact on the Gnosis ecosystem.

Specification

The proposal outlines a multi-faceted approach, focusing on:

• Developing an Integration Plan and Reference implementation
  Tailoring Hashi’s protocol to enhance the security properties of the canonical bridges. This requires the writing of dedicated technical documents, specifications and the development of a reference implementation.

• Conducting Extensive Security Audits
  Partnering with leading blockchain security firms to conduct end-to-end audits, identifying and addressing potential vulnerabilities within the proposed integration framework.

• Executing the Migration
  Upgrading the existing canonical bridges with the new proposed integration framework. This will be done in strict cooperation with the existing team in charge of Gnosis Chain Bridges.

• Governance configuration
  The current Gnosis Bridges multisig (8 of 15) will be configured to set the thresholds and allowed oracles. In the future this governance can be also replaced and improved if needed.

Rationale

In an era where security breaches and exploits have become increasingly sophisticated, bolstering the security and decentralization of Gnosis Chain’s bridges is imperative. Currently, both bridges are secured by a decentralized but still permissioned and trusted set of validators. Although battle tested throughout the years, the Gnosis community and GnosisDAO have realized the need to move to a more trust minimized and future-proof setup.

This proposal is driven by the vision of creating a fortified, resilient infrastructure capable of withstanding current and future security challenges. The Gnosis Community has already shown in the past a strong commitment to these values by supporting similar efforts (i.e. GIP-57 and the addition of Succinct’s ZK Light Client as a Validator, among others) and by bringing to life the Hashi project itself.
This integration represents a strategic step forward in safeguarding assets and data, ensuring the Gnosis Chain remains a secure, trusted, and highly attractive platform for users and developers alike.

Lastly, Gnosis DAO has demonstrated in the past how important bridge security is to them. This proposal aims to implement previous research results and reap tangible benefits.

Budget

The budget is meticulously structured to cover all critical aspects of the integration process:

• Hashi Integration Design and Development: $60,000 allocated towards developing and implementing the Hashi integration.

• Security Audits and Migration Strategies: $90,000 dedicated to coordinating rigorous security audits and the formulation of robust mitigation strategies.

• Preparation and Execution of the Migration: $80,000 allocated to an in-depth study of the recommended configuration options and execution of the migration plan with the assistance of GnosisDAO.

• Monitoring the guarded launch and safeguards lifting: $20,000 dedicated to monitoring the initial launch with safeguards in place and securely lifting them after the initial guarded phase.

Milestones:

• Milestone 1: Hashi Integration Design and Implementation (Duration: 2 months)

  • Deliverables:

    • Development of a detailed security-centric design document and spec for Hashi’s integration with the 2 canonical bridges of Gnosis Chain.
    • Implementation of a reference code following the specifications.

  • Funding Allocation: $60,000

• Milestone 2: Security Audits and Migration Plan (Duration: 2 months)

  • Deliverables:

    • Completion of external security audits with documented findings and implemented fixes.
    • Development and launch of a Hashi explorer, a tool to oversee the validation progress of cross-chain transactions on Gnosis bridges.
    • Coordination on a possible Migration Plan as needed by Milestone 3.

  • Funding Allocation: $90,000

• Milestone 3: Preparation and Execution of the Migration of the Existing Bridges to the New Solution (Duration: 2 months)

  • Deliverables:

    • Case Study to present the recommended configuration options for Hashi.
    • Final coordination with the Gnosis Chain team on the Migration Plan execution.
    • Integration and coordination with all available oracle teams (the ones available on the Ethereum > Gnosis chain route from the total 17) and setup ZK light clients.
    • Execution of the migration on the Chiado testnet
    • Analysis of testnet outcomes
    • Execution of the migration for the Gnosis Chain’s canonical bridges.
    • Comprehensive report detailing the integration’s impact on security and decentralization metrics, including community feedback and usage statistics.

  • Funding Allocation: $80,000

• Milestone 4: Monitoring the guarded launch and safeguards lifting.

  • Deliverables:

    • Hashi as a validator on both Gnosis chain canonical bridges.
    • Monitoring of Hashi’s consistency with the current validator set.
    • Hashi as a mandatory validator.

  • Funding Allocation: $20,000

• Continued maintenance: Close to the end of the implementation of this proposal, a new proposal will be drafted covering the ongoing maintenance costs (Engineering, DevOps, and ZK Provers), expected to total $100,000-$150,000 per year. ZK prover costs cover the infrastructure costs (not gas), which currently are expected to decrease over time with the optimization work currently in progress by most ZK teams. Currently running just one Prover costs $60,000 / year.

The above pricing incorporates a significant discount due to the long and supportive relationship between Hashi and GnosisDAO.

Evaluation

Success will be evaluated based on the seamless integration of Hashi and the absence of significant downtimes during the coordinated migration process. Additionally, positive feedback from the Gnosis Chain community will serve as an indicator of the integration’s success and its impact on enhancing the ecosystem’s security posture.

Team

The Cross-chain Interoperability Alliance, the core development team of Hashi, comprises 3 people including 1 project manager and 2 blockchain engineers/security experts with a proven track record in developing cross-chain solutions and in pioneering stronger security guarantees in the space. The 3 team members have 4, 8 and 12 years of blockchain working experience respectively. This experience is critical in ensuring the successful execution of this proposal.

Conclusion

Through this proposal, we aim to significantly elevate the security and decentralization standards of the Gnosis Chain’s canonical bridges. The strategic integration of Hashi not only mitigates systemic risks but also positions Gnosis Chain as a leader in secure, decentralized cross-chain communications, all this while capitalizing on previous GnosisDAO’s investments.

Edit to the Proposal: Increased Funding Request

In recognition of the critical importance of comprehensive security measures for the successful integration of Hashi into Gnosis Chain’s canonical bridges, we have revised the funding request for this proposal.

The total requested funding is now increased to $250,000, with the additional $50,000 allocated specifically to cover the costs of extensive security audits. The audits are crucial for ensuring an end-to-end secure integration of Hashi.
This adjustment is made with the commitment to maintaining the highest standards of security and resilience within the Gnosis Chain ecosystem.

Phase 3 edit:

GnosisDAO Snapshot

https://snapshot.org/#/gnosis.eth/proposal/0x33484aae7734d8e184841964636de96e1a7d4fd8b4666f2bd3dee38175be38f3

It is great to follow the progress of the the Cross-chain Interoperability Alliance and see the implementation of Hashi as well as the important security improvements for Gnosis Chain and the wider Gnosis ecosystem.

I have been leading the Hashi round table discussions at DevConnect in Istanbul where it became obvious just how difficult a task it is to bring the various standards and players together but also how important it is in light of ever growing security exploits of legacy bridges. Here I also find it important to highlight that much of the second layer ripple effects of bridge security exploits are the key driving forces leading to censorship and centralization on Ethereum mainnet. Luckily, Gnosis Chain has been sparred from such exploits and their implications this far, and this proposal that I fully support is an important step to keep it that way.

A few questions on the proposal:

1. Audit costs are excluded.

The budget seems quite limited and especially the costs for security audits, bug bounties and security competitions are out of scope. Since audits and other security assessments are a cornerstone of such smart contract systems and are certainly going to be performed, where does the budget for those come from?

2. Legal setup & economic alignment

What is the legal setup (existing or planned) of the Cross-chain Interoperability Alliance and what are its goals? Is it a pure R&D entity, a public good building shop, a profit-seeking entity or something else? Depending on what its goals & legal setup are, it might make sense to discuss economic alignment with Gnosis DAO. E.g. if Hashi seeks to be a profit-generating entity and/or launch a token it might make sense to discuss an upside for Gnosis DAO, as is the case with other successful ventures such as Karpatkey, Safe or CowSwap.

Thank you @SCBuergel for your questions and support!

Audits and security are of utmost priority for us. We are in discussions with several security firms to request quotes for this work. The costs will not be covered by this proposal, as mentioned, and collectively with the Gnosis chain team we will decide the best way to proceed. All parties involved are fully aligned that the audits of the solution are top priority.

Regarding your second point, there is already economic alignment, as Gnosis is one of the main supporters of the Cross-chain Alliance. Initial discussions on how this will materialize in detail are underway, but they are still in very early stages. We will keep the community updated!

GIP-93 is live on Snapshot!
https://snapshot.org/#/gnosis.eth/proposal/0x33484aae7734d8e184841964636de96e1a7d4fd8b4666f2bd3dee38175be38f3

Hey hey Gnosis DAO fam!

At the end of this comment you will find the deliverable of Milestone 1, a detailed design document and specification for the integration of Hashi into Gnosis Chain’s canonical bridges.

TLDR;
This document includes technical documentation for AMB and xDAI integration, a reference implementation, and a suggested initial oracle setup along with benchmarks. The oracle setup is subject to change based on findings during the testnet phase.

We are continuing work on Milestone 2, which includes conducting external security audits, developing the Hashi Explorer, and coordinating the migration plan.

Stay tuned for further updates!

Cross-chain Alliance team

Document link:

GIP-93 - Hashi - Gnosis Chain Bridges integration - Milestone 1

Payment linked to the completion of the first milestone should be made to the following on-chain address (on the Ethereum network): 0x76B3D9d42de0fEB83D20166c685DAFE971060dAf

Hey hey Gnosis DAO fam!

We have just officially completed Milestone 2.

Tl;dr:

• The codebase has been finalized.

  • AMB: GitHub - crosschain-alliance/tokenbridge-contracts: Smart contracts for TokenBridge
  • XDAI: GitHub - crosschain-alliance/tokenbridge-contracts at feat/hashi-integration-xdai-bridge

• Three security audits have been conducted by three external independent auditors. The results of the audits can be found at this link: Audit report | hashi.
  All findings have been addressed.

• The Hashi Explorer, used to oversee the validation progress of cross-chain transactions on Gnosis Bridges, is live. Preview: http://hashi-explorer.uk.to/ .

The next step involves the execution of the migration of the testnet bridges to Hashi, including the recommended configuration options, integration and coordination with the available oracles and setup of ZK light clients.

Stay tuned for further updates!

Cross-chain Alliance team

Payment linked to the completion of the second milestone should be made to the following on-chain address (on the Ethereum network): 0x76B3D9d42de0fEB83D20166c685DAFE971060dAf

Hey hey Gnosis DAO fam!

We’re thrilled to announce the completion of Milestone 3!

TL;DR: During this milestone, we prepared to migrate the existing bridges to the new Hashi setup. This involved finalizing the oracle configuration, conducting thorough testing on the testnet, and analyzing the impact of the integration on security and decentralization.

What We Accomplished in Milestone 3:

• Final Oracle Configuration:
  We have determined the set for the initial phase, with LayerZero, Sygma and DendrETH as oracles. This configuration is documented and ready for deployment.

• Testnet Migration:
  We executed the migration on the Chiado testnet, simulating the mainnet environment. The testnet phase involved various scenarios to ensure the integration works seamlessly, covering cases for the Arbitrary Message Bridge (AMB/Omnibridge) and the xDAI Bridge.

• Impact Analysis:
  We assessed the effect of the integration on the security and decentralization of Gnosis Chain.

All this information, including the final oracle set, testnet results, and impact analysis, can be found in the document below.

Hashi Integration - Configuration, Testing, and Impact Analysis (1).pdf - Google Drive

Next Steps:
Today, we are migrating to the new setup with the pilot phase configuration, where Hashi will be activated as an optional validator. This phased rollout is designed to ensure a secure and smooth transition.

In the next steps, we will proceed to the rollout phase, where Hashi will become a mandatory validator, followed by the final phase, which involves decommissioning the legacy validator set to fully transition to Hashi’s enhanced security model.

Stay tuned for further updates as we move through the next phases!

Cross-chain Alliance team

Payment linked to the completion of the third milestone should be made to the following on-chain address (on the Ethereum network): 0x76B3D9d42de0fEB83D20166c685DAFE971060dAf