add electron bridge vulnerabilities

[codingshot]

Garvit | Electron
Posting this thread to address the security concerns raised on Electron Bridge.

1/3
Yes, we are aware of the issue, and we had taken necessary precautions to mitigate this before the launch of the bridge itself. This vulnerability is not exploitable on the bridge right now.

https://twitter.com/garvitgoel03/status/1670351793870761985?s=46&t=w1K-2akWm132Lj7mGi5p2g

Maksym Zavershynskyi (nearmax.near) ⋈
@weikengchen @nearprotocol @labs_electron That's why @NEARDevHub is looking to publicly audit these circuits and determine the next course of actions https://t.co/dhh6K0r4Qw . To clarify, @wormholecrypto 's NEAR<>ETH ZK bridge is based on entirely different circuits developed by @ZpokenWeb3 .

https://twitter.com/mzavershynskyi/status/1670197415994101760?s=46&t=w1K-2akWm132Lj7mGi5p2g

Weikeng Chen
"Electron Labs' bridge between NEAR and Ethereum is vulnerable. Zk circuits used for the NEAR light client are incomplete and severely under-constrained. It is possible to create valid proofs for invalid set of signatures. User funds are at risk!" @nearprotocol? @labs_electron?

https://twitter.com/weikengchen/status/1670163273759735808?s=46&t=w1K-2akWm132Lj7mGi5p2g

https://twitter.com/rahul__ghangas/status/1666366824395739136?s=46&t=w1K-2akWm132Lj7mGi5p2g