Decentralized, trustless options are not abundant for anyone to swap ETH to BTC or BTC to DOT natively. The few alternatives in the market often involve wrapped assets, synthetics, or a cumbersome user experience. Therefore, naturally, the most convenient option for users is usually to rely on Centralized Exchanges (CEXs).
Chainflip promises to develop a cross-chain Automated Market Maker (AMM) to deliver a user experience similar to swapping assets on any CEX (e.g., Coinbase or Binance) but in a trustless and decentralized setup, with a Uniswap/like experience for native tokens across any blockchain.
To achieve its goal, Chainflip takes a middle-chain approach. At its core, Chainflip is a set of validators, multiple wallets that jointly hold assets (using Threshold Signature Schemes), a widely replicated database (State Chain) governed by a Proof-of-Stake consensus, Quoters (its interface between users and the State Chain), Liquidity Pools, and a network token (the Ethereum-native $FLIP).
Chainflip is currently under heavy development with the backing of a series of investors. It has been launched on its incentivized testnet Soundcheck.
Our researchers gave Chainflip a final rating of 57.40%. (Note: The tokenomics of $FLIP are not considered in this rating). The breakdown of this rating is available at the end of this report.
PRODUCT & COMPANY DESCRIPTION
Introduction to Chainflip
Chainflip is a Substrate-based protocol that facilitates automated cross-chain token swaps with an Automated Market Maker (AMM) model. The Chainflip network is secured via the ERC-20 token $FLIP. The swap fees (which range between 0.10% – 0.20%) charged by the protocol are used to buy back and burn FLIP tokens on its AMM. Liquidity providers also earn fees when people trade across pools (as happens in Uniswap).
The concept of Chainflip could be simplified by drawing an analogy to centralized exchanges (CEXs). Like a CEX, Chainflip connects chains by deploying wallets on each chain. Chainflip operates with a decentralized network of nodes, eliminating a centralized pool of assets. Chainflips’s protocol coordination is achieved via the State Chain, a widely accepted database, unlike a centralized database run by a CEX.
Salient features of the Chainflip protocol
- A standalone Proof-of-Stake (PoS) blockchain, based on Substrate framework.
- Funds are jointly held on external blockchains using Threshold Signature Schemes.
- Facilitates native trading across blockchains (eliminating the need for synthetic assets or specific tokens to pay ‘gas’ fees).
- Provides liquidity across every major blockchain.
- Users pay swap fees only for the blockchains they interacted with.
- Better user experience (Chainflip does not require users to download new wallets, software, or key backups).
Key components of the protocol
Vaults: Jointly managed cryptocurrency wallets controlled by Validators. The creation of vaults involves a decentralized signing scheme. Vaults are managed via a Threshold Signature Scheme.
Validators: Bonded nodes that perform several functions in the protocol and receive block rewards in return.
State Chain: A standalone blockchain based on the Substrate framework. It is a widely accepted database that updates the current state of vaults. The State Chain does not have a native token or wallets, unlike other blockchains.
Quoters: The interface between users and the State Chain.
Liquidity Pools: An abstraction consisting of a reserved portion of two vaults. A vault on a particular blockchain may be split among multiple Liquidity Pools.
Digital assets swapping is not a simple process, currently. Most decentralized exchanges (DEXs) support native tokens or wrapped tokens (usually ERC-20 tokens). As a result, for cross-chain native asset swaps, users are forced to use CEXs. Chainflip is attempting to improve the current status of the cross-chain swaps market. The project aims to facilitate decentralized, permissionless, and low-friction cross-chain swaps. It is noted that Chainflip is not the only player trying to improve the cross-chain token swapping user experience.
The Chainflip project has not published any scientific papers. However, the protocol implements primitives like Threshold Signatures described by Stinson and Strobl in their 2001 paper themed “Provably Secure Distributed Schnorr Signatures.” The project has published a detailed whitepaper and a lightpaper. Moreover, protocol developments are communicated via fortnightly blog posts. The Chainflip whitepaper has described potential threats (attack scenarios) present in its protocol, unlike many other projects. This description is essential for anyone to conceptualize the risks involved in the protocol.
Chainflip launched its incentivized testnet, Soundcheck Network, in December 2021. The network consists of approximately 82 validators and around 100 eligible active validators. The testnet has helped figure out bugs and other issues in the network.
Market: The market for cross-currency swaps is still dominated by CEXs. Data shows that over the 12 months ending January 2022, the total monthly average exchange volume on crypto-only CEXs was ~$1.22 trillion. In contrast, DEX-to-CEX spot trade volumes were merely 13.46% in January 2022. Interestingly, this ratio was below 1% up until May 2020. Moreover, most DEX volume is concentrated in the Ethereum ecosystem (ERC-20 tokens). However, options are minimal if one wants to swap certain pairs (e.g. Bitcoin for Ethereum) natively in a trustless and decentralized fashion. Therefore, it is believed that Chainflip’s addressable market is large and growing.
Crypto-only Exchange Volume (monthly). Source: theblockcrypto.com
Team: Chainflip is led by experienced co-founders and consists of a capable engineering team. The team is also growing, hiring talent across different skill levels.
Product: As it currently stands, Chainflip has not yet released its solution to the public. It is still at testnet stage, and the team is fixing the issues uncovered during tests. Therefore, it would take some time between the product having real users and now. Needless to say that there would be genuine strong demand for a borderless, trustless, open, decentralized cross-chain native asset swap solution provided the security risks are adequately mitigated.
Based on our understanding, there are several success factors for the project. These factors are listed below:
- Adequate funding and backing from multiple Venture Capital (VC) funds.
- The nature of the project’s mission can attract highly motivated and enthusiastic users, people, partners, and companies.
- The Substrate Framework is becoming increasingly popular, with a growing developer community and an interoperable ecosystem.
- Large and growing potential market.
- Experienced executive team.
MARKET CONDITIONS AND COMPETITION
The current status quo in the crypto market is that users either rely on CEXs to achieve cross-chain swaps of their tokens or expose themselves to some form of bridge infrastructure.
The blockchain bridging ecosystem consists of a variety of different players. These players offer different design trade-offs to the user.
An illustration of the blockchain bridging ecosystem. Source: 1kx Medium, Dmitriy Berenzon
In terms of usage, there is about $25.4 billion worth of Total Value Locked (TVL) on Ethereum bridges. The graph below shows the growth trends across different bridging solutions.
A major competitor, ThorChain, currently has $173.44 million in TVL ($368.19 million if you classify staking within its TVL). ThorChain has so far facilitated ~$1.8 billion worth of native on-chain swaps.
Building interoperability technology is not easy. Some of the most prominent DeFi exploits in the industry have been reported on cross-chain bridge protocols so far. For instance, ThorChain has had security incidents on multiple occasions. This article discusses security aspects in detail.
Ethereum bridges TVL over time. Source:@eliasimos via Dune Analytics
Chainflips’ closest contender is ThorChain. However, there are other competitors to Chainflip, as shown in the illustration below. There are also several upcoming cross-chain DeFi solutions and aggregators in the market (however, these platforms are not viewed as direct competitors to Chainflip, e.g., Emeris, Li-Finance, and LayerZero’s StarGate).
Types of bridges and competitive solutions in the market. Source: 1kx Medium, Dmitriy Berenzon.
How is the project different from its competitors?
Chainflip is not significantly different from its closest competitor, ThorChain, or other interoperability solution providers like Qredo. There are subtle differences in the tech primitives used in its design and how the protocol functions. For example,
- Chainflip is wallet agnostic.
- Chainflip relies on a larger validator count (initially 150).
- Its design is not burdensome on the native chains it supports (i.e., it does not demand native chains to implement any complex protocols or other changes, including infrastructure).
- It uses the Ed25519 signature algorithm for its Threshold Signature implementation (excluding networks like Bitcoin, Litecoin).
- Chainflip doesn’t rely on its network token to pair assets, instead relies on a widely adopted stablecoin (USDC).
- As described in the project’s website, Chainflip could be used without any additional software, specialized wallets, pre-deposits, pegged/wrapped tokens, synthetic assets, and collateral requirements for the users.
Chainflip is a middle-chain that coordinates cross-chain native asset swaps. Although a middle-chain approach is considered a significant improvement over a centralized or a federated system, it is argued that there are considerable security trade-offs in this approach.
Central to Chainflip’s design are its State Chain, Validators, Vaults, Quoters, Liquidity Pools, and the FLIP token.
The State Chain
Consensus on liquidity pools (current state), swaps, and vault balances are coordinated via the State Chain. The State Chain is a Substrate-based Proof-of-Stake blockchain. The State Chain accepts blocks and transactions based on a 2/3 majority of validators. Validators and Quoters can write mainly two types of transactions to the State Chain, namely:
- Witness Transactions; and
- Pool Balance Transfers.
Chainflip architecture. Source: Chainflip Whitepaper
A salient feature of Chainflip is that validators do not necessarily need to run full nodes for supported chains but simply running light nodes is sufficient. Consequently, validator hardware requirements could be kept comparatively low. This might be a critical feature to significantly reduce entry barriers for users wanting to run full nodes.
The validator selection process occurs in a bidding process. Only a superset of active validators could participate in individual vaults and have write access to the Chainflip State Chain. To bid for a slot in the validator superset, an operator must stake a minimum amount of FLIP tokens. During the bidding process, N nodes with the highest bids will be selected as the validator superset, subject to the preset limit (currently capped at 150) of validator slots in the superset. Excessive downtime by validators results in a penalty. At a minimum, an active validator must participate in notarizing the State Chain. There are two circumstances under which a new validator superset is selected:
- The percentage of offline validators in the current superset exceeds a safety threshold; and
- The superset has spent the lifetime limit of 28 days (practically 30 days).
Market dynamics of validator selection
- There are taking and collateralization requirements as validators.
- Excessive downtime is penalized.
- Staking requirements scale with platform growth.
Simply speaking, Vaults are cryptocurrency wallets controlled by a subset of randomly assigned validators representing the validator superset. Vaults are managed via Ed25519 and ECDSA (GG20) Threshold Signature Scheme for generation and signing. A process called ‘vault rotation’ takes place to replace an existing validator subset with a new subset under two circumstances:
- The percentage of offline validators in a current vault exceeds a safety threshold.
- A new validator superset is selected (which can only occur under two circumstances).
A new subset makes it necessary to create new vaults using the State Chain to conduct a vault creation ceremony. The newly created vault will receive the assets in the retiring vault (there is a transition period for the old vault to be decommissioned). A vault needs to be decommissioned before any stakes of the validators can be unstaked.
There are instances where some vaults are controlled by the entire superset rather than by a subset (consider the Vault 2 – Blockchain 2 – scenario in the above illustration). In the case of employing a subset, the selection of validators for the subset happens deterministically. As a result, it is difficult to influence the subset selection process and predict vault composition. This process is called ‘vault randomization.’ For vaults that encounter scaling limitations (e.g., Bitcoin), vault randomization is expected to act as a security measure.
Chainflip has chosen the USDC stablecoin as their denomination currency for different currency swap pairs (read this post for the rationale behind the decision). $USDC is currently the second-largest stablecoin based on total supply. In contrast, Chainflip’s main competitor ThorChain uses its native token as a denomination currency. The figure below shows that the dominant pair denomination currency on Centralized Exchanges is USDT.
Share of Trading Volume by Pair Denomination (CEXs). Source: theblockcrypto.com
According to Chainflip, most blockchains fall under one of three categories based on the signature schemes adopted to execute transactions.
As illustrated above, Chainflip implements a threshold signature scheme (i.e., Provably Secure Distributed Schnorr Signatures described by Stinson and Strobl) with EdDSA signatures (specifically Ed25519 and where there is native support). A blog post published in Certus One introducing the Wormhole Bridge discusses alternative signature schemes and their pros and cons, including Schnorr Threshold Signatures.
Where Ed25519 is supported within smart contracts, Chainflip will implement vaults as smart contracts. In comparison, composability within smart contracts allows Chainflip to achieve beneficial outcomes. However, smart contract vulnerabilities may pose threats. In the case of the Ethereum blockchain, it is noted that the EIP665 relating to Ed25519 signature verification is currently in a Stagnant status, and therefore the implementation of the scheme on the Ethereum network may not be feasible immediately.
On other blockchains that do not natively support Ed25519 or smart contracts to verify Ed25519 (for example, Bitcoin), threshold ECDSA signatures GG20 by Gennaro and Goldfeder are implemented.
Interestingly, implementing the Taproot upgrade on the Bitcoin blockchain makes introducing a Schnorr Signature algorithm feasible. As per Telegram conversations, it is understood that FROST: Flexible Round-Optimized Schnorr Threshold Signatures will be implemented. However, the team has not publicly discussed this subject.
The Chainflip protocol has not undergone any security audits yet. The project will likely complete security audits before the network’s public launch.
The project has published a milestone-based roadmap. The team has understandably decided not to commit to a time-bound roadmap.
Due to the sheer nature of the project, a time-bound roadmap could create unnecessary pressure on the developers. For instance, during the testnet phase, several issues have been identified and are being rectified. Such incidents could push timelines forward. Protocol hardening and security is always more important than rushing to meet a deadline in the eyes of the team.
Roadmap – Broader Milestones for Chainflip. Source: Chainflip
Chainflip is a team of over 25 experienced professionals from Australia and Europe. The team’s experience spans software and web development, software engineering, DevOps, blockchain (smart contracts, Dapps), research and communications, and Law. The team remains anonymous on the project website.
Simon Harman (CEO) is an advocate of digital privacy. He has co-authored the whitepapers for Loki (later rebranded to Oxen) and Session App (over 1 million installs on the Google Playstore). Simon functions as the CEO of Oxen as well. He obtained his Bachelor’s from RMIT University.
Tom Nash, CTO, is also the co-Founder & CTO at Flex Dapps. Previously, Tom had short stints as a Blockchain Consultant for TypeHuman and Blockchain Developer for WeTrustPlatform. Tom graduated from Lancaster Unversity with a BSc in Computer Software Engineering.
Chris McCabe (co-Founder) is also the Chief Operations Officer at Oxen and Session App. During 2016-2018, he spent time as a blockchain educator and consultant.
Alastair Holmes works as Protocol Research Engineer at Chainflip. He is experienced in software development using C++, CMake, Python, DirectX, Vulkan, VBA, and Rust. He obtained his MA in Computer Science from the University of Cambridge.
Chainflip has not appointed any advisors.
General Comments on the Team & Advisors
During our review period, we did not find evidence that the team members have taken part in any previous or current illegal projects or projects that were controversial.
LEGAL AND COMPLIANCE SPECIFICS
Chainflip Labs GmbH (originally Chainflip UG) is a Berling, Germany-based company. The company’s principal business is to hold and manage shareholdings and operate a software company and, in particular, develop and research distributed systems and blockchain technologies.
The company has office locations in Berlin, Budapest, and Melbourne.
Chainflip has raised over $9.5 million in funding from a series of venture funds. It is also a part of DeFi Alliance accelerator network.
Some of the project backers. Source: Chainflip
The project has not appointed any advisors. However, a team member is responsible for legal matters (they go by the alias AGENT VARYS), helping the team navigate the legal and regulatory landscapes.
As per Telegram conversations, the project is retaining the services of US legal advisors.
KYC & AML
Chainflip accepted KYC-completed participants to its incentivized testnet. The token launch of the project is also scheduled upon the launch of the validator network ‘Sandstorm.’ At this stage, the network layer will be decentralized and autonomous.
The users of Chainflip will not be subject to any KYC/AML checks.
The Chainflip’s FLIP token plays several roles in the network, hence should be classified as a Utility token.
- Staking and running validator nodes,
- Incentivize liquidity providers.
Chainflip has not announced its token offering yet.
Proposed Token Design
Chainflip’s network token, $FLIP, is based on Ethereum’s ERC-20 standard. $FLIP’s token design is similar to the Ethereum EIP-1559 implementation, which follows an inflationary (token emission) and deflationary (token burn) model. Therefore, the FLIP token supply will not be finite (the initial token supply will be 90 million $FLIP).
Vault collateralization and incentivizing good behavior
Token Emission: Validator operators stake FLIP tokens in return for block rewards. All nodes are paid the same rewards irrespective of the size of their stake. The network’s overall security depends on its collateral, which, in turn, will depend on the block reward yield (APY/APR). An essential variation of Chainflip’s staking mechanism is that it does not allow for delegation. The proposed validator rewards are:
- Sandstorm launch – 5%
- Ibiza release – 6%
- Berghain release – 7%
Slashing: Slashing is also implemented to discourage malicious behavior by validators. Theoretically, slashing may not be effective in thwarting malicious activity in the event the majority stake of $FLIP is less than the value of the assets held in respective vaults. Practically, any malicious actor would be indifferent to the attack decision if the assets locked in the vault were marginally higher than the value staked (or the collateral) by the majority nodes. However, if this gap is wide enough to offer an acceptable or attractive level of return over the stake, then validators are technically incentivized to conduct an attack. Therefore, this metric (locked value versus staked value in vaults, or simply, collateralization ratio) is a vital indicator for Chainflip liquidity providers to rationalize the risks they are taking. Innately, liquidity would be capped or be directly relational to the collateralization level of the network. In such a scenario, network growth would come from a high frequency of swaps reflected in the FLIP token price.
The swap fees charged on the Chainflip AMM are used to buy FLIP tokens from the USDC/FLIP pool. Swap fees are to be charged in USDC. Such FLIP tokens will automatically be burnt and removed from the total supply.
Chainflip does not bootstrap liquidity by using a typical yield farming mechanism. Instead, liquidity providers will be given $FLIP rewards (out of a rewards pool) based on how much liquidity provision fees they earned on the protocol (not merely for providing liquidity). This reward mechanism will eventually be scaled back.
It is noted that Chainflip may change its token model over time.
The Chainflip’s FLIP token plays several roles in the network, hence should be classified as a Utility token.
- Staking and running validator nodes,
- Incentivize liquidity providers.
SOCIAL MEDIA AND VIRALITY
Chainflip has an active social media presence across many channels.
Chainflip manages an active Twitter account. The channel has 14.9k followers.
Discord appears to be a popular venue for the community. Chainflip’s Telegram channel has 5.3k followers, and its Discord has 14.1k members. The management team actively participates in discussions on Telegram. For highly technical subjects, the community could contribute to its forum (Chainflip Governance Forum) discussions.
Chainflip has 190 followers on LinkedIn. The account is not active.
RISKS TO THE PROJECT
The following outlined list of risks is not an exhaustive one. Some risks may be minor/not materialize. However, as the protocol becomes larger, the presence of these risks may become more important.
- Shared custody of liquidity provider funds: Vaults could become attractive targets for malicious actors. There are several known attack situations like (a) Any party or parties acting in concert that controls t of N nodes, or any colluding nodes could potentially gain control of any vault, thereby putting user assets in danger, (b) an attacker with superminority (N – t + 1) controls could block valid transactions by stopping to sign transactions, (c) denial of service attacks, (d) slashing by a dishonest majority of the superset, (e) ransom or burning attack by a superminority. Chainflip tries to solve this situation with smart contract functions, i.e., via vault timeouts. It is noted that this functionality may not be available on non-smart contract platforms.
- Other attack scenarios: These could include smart contract vulnerabilities or bugs, security issues, or vulnerabilities on any supported networks (due to such networks being third-parties to Chainflip, these threats are primarily out of Chainflip’s control). Chainflip discussed its take on the subject in this blog post). Other scenarios that Chainflip needs to address are front-running, back-running and sandwich attacks, all theoretically possible in its network.
- Instances of off-chain governance: This is an unwarranted situation that could mainly arise when a dishonest majority of the superset slashes the stake of ¿honest nodes to circumvent the evidence of a theft within the State Chain. This issue would be resolved through an off-chain governance mechanism. It is worth mentioning that this risk is not an alarming one but rather an undesirable situation.
- Low collateralization: The network could stagnate if collateralization stays stagnant. Lower liquidity can discourage potential users from using the network to swap assets, negatively impacting network growth.
- Other general operational risks: This risk comes from operational circumstances like slower transactions signing, node outages, latency between nodes. It is expected that Chainflip’s built-in credit system would assist mitigate this risk. In the credit system, all nodes in the network start with a 0 credit score, and this score increases or decreases (could even be negative for underperformers) based on specific expected Key Performance Indicators (KPIs) like uptime, timely transactions signing, correct swap processing, maintaining the security of funds. Negative scores result in slashing at the point of unstaking.
- Absence of a treasury/insurance fund: Chainflip’s security model focuses on penalizing malicious behavior. However, there may be security risks emanating from other threats (smart contract exploits, a re-org on a supported chain, etc.)
- Vault scaling limitations: GG20-based vaults (e.g., Bitcoin) may not scale on the level of other vaults like Ethereum’s. Chainflip implements a vault randomization mechanism to mitigate this risk. Further, a future FROST signature scheme implementation could help scale.
- Stablecoin market developments: Chainflip’s currency pair denomination is based on the USDC stablecoin. Stablecoins are subject to discussions in the regulatory space. Any potential adverse developments could force the protocol to switch to a viable alternative in the future.
- Regulatory risks: This risk arises from the general uncertainty around the regulatory environment toward the crypto space. Therefore, this risk is common to most players in the industry.
Everything you see in this report is the aggregate result of an extensive research process carried out by a distributed team of researchers and crypto enthusiasts around the world. The process consists of 60 questions, divided into three phases. Researchers are required to answer these questions about a project while providing links or screenshots as evidence to support their answers. For every answer, they also provide a score from zero to ten. The average of their weighted ratings is detailed below.
Our researchers gave Chainflip a final rating of 57.40%.
This Report is for informational purposes only and/or all or any of its content thereof, should not, may not and will not be taken to constitute, either as a whole or in part, any investment advice or recommendation or similar, regulated, or authorized advice, and D-Core by producing, disseminating, giving away, or making available this Report does not, should not, may not and will not be taken to advise on investments, or carry out any similar activity, or any regulated activity or any other authorized activity. D-Core is not authorized by the Financial Conduct Authority or by any other competent EU or elsewhere or otherwise competent authority to carry out any regulated activities and/or any activities within the scope of these authorities’ competence.
D-Core excludes and disclaims all liability and/or responsibility whatsoever and/or howsoever caused, arising out of any actions, or omissions taken, or made by any authorized and/or other recipient of this Report in reliance on, or arising out of, or in connection with any or all content of this Report. Any authorized and/or other recipient of this Report acknowledges, accepts and agrees that they carry out their own independent research and act in their own sole risk in reading or using any or all information contained in this Report. In any event, recipients of this Report are urged to seek professional advice before making any potential investment decision in relation to the project described herein. Any authorized and/or other recipient of this Report accepts this Disclaimer in full. For the avoidance of doubt, this Disclaimer is binding against any recipient of this Report whatsoever.