Skip to main content
deBridge is designed with security as a foundational principle, not an afterthought. This page provides an overview of the security model across deBridge products. deBridge has settled over $20 Billion in transfer volume with zero security incidents.

Security Pillars

0-TVL Architecture

Traditional bridges have lost over $2 billion to hacks targeting locked liquidity. deBridge eliminates this attack surface entirely. Smart contracts act as pipes, not pools — funds pass through them briefly on a per-order basis, and there is no shared liquidity sitting in contracts for attackers to target.
  • No shared liquidity pools: No honeypot to attack
  • Per-order isolation: Each trade is independent — no systemic risk
  • Solvers provide liquidity on-demand from their own capital
  • Native tokens: Users receive real assets, not wrapped representations

Cancellation & Fund Recovery

Unfulfilled orders can always be cancelled — users are never locked out of their funds. Cancellation is initiated on the destination chain and unlocks tokens on source in full, including all fees. Auto-cancellations can handle this automatically after a set timeout (typically 5–15 minutes). See cancelling an order for the full flow and execution model for how orders work.

Product-Specific Security

deBridge Liquidity Network (DLN) Security

  • Order determinism: Order ID computed from parameters, tamper-proof
  • Guaranteed rates: Quoted rate is locked — no slippage
  • Cancellation rights: Users can cancel unfulfilled orders
DLN is built on top of the deBridge Messaging Protocol and inherits its security model, including multi-validator consensus and economic security guarantees.

deBridge Messaging Protocol (DMP) Security

The messaging protocol uses a decentralized validator network:
  • Multi-validator consensus: Messages require threshold signatures
  • Decentralized storage: Signatures stored on Arweave
  • Trustless claiming: Anyone can claim with valid signatures
For detailed DMP security, see DMP Security.

Comparison to Traditional Bridges

RiskTraditional BridgesdeBridge
Locked asset theftHigh (TVL honeypot)Eliminated (0-TVL)
Wrapped token depeggingPossibleN/A (native tokens)
Validator key compromiseSingle point of failureThreshold required
Smart contract bugsAffects all usersIsolated per trade
Funds stuck in escrowCommonMitigated (cancellation + auto-cancellation)

Audits

deBridge smart contracts are audited by leading security firms:
  • Halborn
  • Neodyme
  • Zokyo
Audit reports are available in the deBridge Security repository.

Bug Bounty

deBridge maintains an active bug bounty program on Immunefi for responsible disclosure of security vulnerabilities.

Security Resources