EvoDeFi bridge: assets are not backed ont-to-one onchain; unsafe to use
EvoDefi minted $83mn USDT and $33mn USDC on Oasis Emerald, but the tokens locked onchain on Arbitrum, Avalanche, BSC, Polygon, Fantom, Heco, Ethereum, Cronos, Gnosis, Optimism, OKEX, Harmony, Moonriver under the bridge contract 0x9983d8cdeaf7872501628229d311e2f7df396add is $10.6mn USDT and $10.2mn USDC, so there is over $72mn USDT and $23mn USDC gap.
This indicates that evo defi is minting stables on chains with no asset backing it on an origin chain. Essentially they are printing worthless money.
A Verilog audit (https://hackmd.io/@verilog/evo-defi-analysis) on the EvoDefi bridge revealed critical flaws in their contracts, including a backdoor admin take function that would allow them to drain funds from the bridge. While this function has since been removed, the bridge contracts still have security issues. The contracts are governed by an EOA, which can use the setSigner function to give access to all contract funds. So if the EOA gets taken maliciously, or if the team itself is malicious, all those funds can be compromised.
EvoDefi dismisses concerns and bans anyone from their channels who inquire about these issues.