Give a user who supplies liquidity control over which chains those funds may move to.
When supplying liquidity, the user (LP) selects a set of chains that are eligible to draw on that liquidity for bridge transactions. If the LP does not select chain X, then the LP’s funds will not be used in bridge transactions from chain X.
Just as a bad stablecoin can contaminate a DEX pool with multiple stablecoins, a low-security chain can contaminate a bridge pool that supports that chain. The risk to LP funds is determined by the weakest chain(s) in the pool. An LP’s funds are safe only if all chains remain secure; if just one chain is exploited then all funds in the pool are lost.
For example, if the native bridge contract for chain X is exploited, then non-native assets on X become worthless. They will be bridged out using cBridge until all cBridge liquidity on other chains is exhausted, leaving cBridge LPs holding 100% worthless assets on chain X.
Currently, USDC is supported on 11 chains, including some rather obscure ones with much lower security than the others. An exploit on any one chain puts the entire USDC pool at risk.
When an LP supplies or manages liquidity, allow them to enable/disable each supported chain. If a chain is disabled, the LP’s asset claims will not move to that chain (and thus will not be used to execute user bridge transactions outbound from that chain).
LPs should be able to restrict where their assets may go
- Yes, let’s do it
- Good point but there is a better way to handle it
- No, this is not the way