Gnosis co-founder Martin Köppelmann flagged potential security issues in a proposal discussion on Gnosis’ governance forums.
The co-founder of privacy-focussed Ethereum sidechain Gnosis, Martin Köppelmann, has proposed plans to reduce external dependencies and increase the security of GNO tokens on Ethereum and Gnosis.
In a preliminary discussion on the Gnosis governance forums, Köppelmann said that while GNO was initially minted on Ethereum, the GNO tokens comes from a bridge contract and represent a claim against GNO on Ethereum – which may open up potential security issues for the tokens if “unexpected events could lead to a difference between the two.”
Köppelmann cited bridge risks as a key factor in his proposal. “Currently, the bridge has the right to mint unlimited GNO tokens on Gnosis,” he wrote. “Of course, it is only supposed to mint GNO tokens on Gnosis if an equivalent amount has been locked on Ethereum (and that should be limited), but bridges are unfortunately still a potential source of hacks and bugs and thus are a risk.”
“Every bridge bug is very dangerous in any case but as GNO is relevant for the consensus of the chain it is especially true for GNO,” Köppelmann added.
Bridges refer to blockchain-based tools that transfer tokens between different blockchain networks. But this important software became a major security risk last year as exploiters managed to find weak points that led to $2 billion lost or stolen from cross-chain bridges, as CoinDesk reported.
Another focal point of discussion is the 10 million supply of GNO tokens on Ethereum. Köppelmann said that 7 million of these tokens are supposed to be burned, there is currently no way for this to be “enforced by code” – or automatically by a smart contract if predetermined conditions are met.
“Changing the “source of truth” for GNO to Gnosis chain would give us the opportunity to enforce the DAO vote in code,” Köppelmann noted.
The proposed solutions include increasing the supply of GNO on Gnosis to 3 million, removing the bridge’s right to mint new GNO, and creating a separate system contract to mint new GNO if withdrawals from the Ethereum blockchain occur.
“In practice, those changes should not affect the GNO token on Ethereum or the GNO token on Gnosis. However – those changes are meant to reduce external dependencies of Gnosis Chain and thus make it more resilient and secure,” the preliminary discussion concluded.