How Does Celer Network Work?

SGN: State Guardian Network using Tendermint BFT consensus to route cross-chain messages for cBridge and Celer IM

SGN is a PoS blockchain built on Tendermint, staking CELR tokens for economic security. Validators reach BFT consensus on cross-chain message validity. Standard Tendermint model but applied to cross-chain messaging, inheriting 2/3 compromise threshold risk.

cBridge: pool-based asset bridge where liquidity providers deposit assets on each chain, enabling cross-chain transfers via SGN-routed messages

Standard liquidity pool model for bridges. LPs provide assets on source and destination chains; SGN validators approve transfer messages. LPs earn 50% of fees but face full loss exposure if SGN is compromised and approves fraudulent transfers.

Celer IM: generalized message passing framework enabling arbitrary cross-chain data and function calls via SGN routing

Celer IM extends cBridge's message routing to arbitrary data and smart contract calls. Enables cross-chain dApps but expands attack surface: any dApp using Celer IM inherits SGN's security assumptions.

Optimistic rollup protection: optional delay buffer for critical messages with independent watchtower validation before execution

Celer IM allows dApps to inject a delay buffer for high-risk operations and run independent watchtowers to validate SGN messages. If inconsistency is detected, message is blocked. Novel defense-in-depth approach but requires dApps to operate their own infrastructure, which may fail or be compromised.

CELR token: staking asset for SGN validators and governance token for protocol parameters

Standard dual-purpose token: staked for validator participation (economic security) and used for governance (fee structures, supported chains, parameter changes). Validators face slashing if they misbehave, but slashing may not cover stolen assets if economic attack is profitable.

50/50 fee split: cBridge fees divided equally between SGN validators/stakers and liquidity providers

Aligns incentives between security providers (SGN validators) and liquidity providers. Standard revenue sharing model. If fees are insufficient, validators may be economically rational to attack the bridge rather than protect it.

50+ chain support: cBridge and Celer IM support 40+ blockchains and L2 rollups, aggregating cross-chain liquidity

Celer's broad chain coverage is operationally novel, requiring SGN to maintain light clients or RPC connections to 50+ chains. This increases operational complexity and attack surface (any chain-specific RPC exploit could feed malicious data to SGN).

If total staked CELR value is less than cBridge TVL or potential profit from manipulating high-value dApps, validators can profitably collude to attack the bridge. BFT consensus only works if honest behavior is economically dominant.

LPs deposit assets trusting SGN to only approve legitimate transfers. If SGN is compromised, validators can forge transfer approvals, draining LP assets. LPs have no recourse; their funds are custodied by SGN consensus.

Optimistic security only works if watchtowers are online, correctly implemented, and not compromised. If watchtower fails, malicious SGN messages execute without detection, bypassing the defense layer entirely.

SGN must maintain connectivity and state validation for 50+ chains. Compromised RPC endpoints or light client bugs on any chain could feed malicious data to SGN, causing validators to approve fraudulent cross-chain messages.

Celer IM enables arbitrary cross-chain function calls. If a dApp's cross-chain message handler has vulnerabilities (reentrancy, access control flaws), attackers can exploit it via Celer IM, even if SGN operates honestly.