Ethereum to Supra Security

SupraNova is designed not just for operational efficiency, but also for deep, protocol-level security through its modular components like HyperNovaCore, Relayers, and Committee Updates. It actively addresses several major risk factors that traditional bridges often fail to solve.

Each component plays a distinct role in minimizing attack surface, validating cryptographic proofs, and to maintain liveness under adversarial conditions.

Long-Range Attack Risks

A potential vulnerability in trustless bridges using the Sync Committee model is the possibility of a long-range attack:

• A malicious Sync Committee could collude to forge signatures on a fake block.
• If unchecked, this could allow them to fool external chains like Supra into believing invalid transactions are real.

Protocol Response:

• SupraNova requires more than 90% of Sync Committee members to sign a block for it to be considered valid.
• Even if signatures are forged, the fork would not be accepted unless justified by Ethereum’s fork choice rule(LMD-Ghost).
• The probability of randomly selecting a colluding majority is astronomically low (studied by Succinct , Snowfork, T3rn , etc.).
• Even if a malicious Sync Committee existed, they could not fork Ethereum itself , only mislead a bridge verifier if the bridge does not validate correctly.
• HyperNovaCore on-chain verifier checks proof authenticity and threshold participation before accepting any event.

Security Insight:

• Ethereum’s primary consensus remains intact even if a Sync Committee misbehaves.
• SupraNova’s HyperNovaCore piggybacks on Ethereum’s finality guarantees by verifying Sync Committee signatures and ancestry root on-chain.

Liveness Threats: Missing Sync Committee Signatures

Sometimes, an Ethereum block may have:

• Very low Sync Committee participation
• No signatures at all
• Delay in event availability

This could disrupt timely proof verification.

Protocol Response:

• If the bridge event’s block lacks signatures, Relayers submit Ancestry Proofs; to trace back to a recent block that is signed with more than the threshold number of Sync Committee members. HyperNovaCore validates them to maintain liveness.
• Supra’s verifier can validate bridge events indirectly through a valid child block, maintaining liveness even during Ethereum anomalies.

Relayer Safety: What if Relayers Misbehave?

• The relayer is permissionless.
• Anyone can pick up events and submit proofs.

Possible issues:

• A relayer could submit incomplete proofs
• A relayer could submit tampered proofs

Protocol Response:

• The on-chain HyperNovaCore verifier rejects any invalid or incomplete submission. No service level bridge minting of assets can occur unless full proof validation passes on-chain.
• Invalid proofs are rejected;at worst, relayers incur gas cost without affecting protocol state.
• Relayer rewards are structured such that relayers have economic incentives to behave correctly, but even if they don’t behave correctly no safety violation can happen

Committee Updater Safety

• Ethereum’s Sync Committee rotates every ~27 hours.

If the public keys are not updated on Supra:

• New blocks cannot be verified
• Bridge operations stall
• This would also prevent the verifier from recognizing new finalized blocks, effectively pausing new bridge actions.

Protocol Response:

• Committee Updaters are funded through protocol-collected fees and operate independently to refresh Sync Committee public keys on Supra approximately every 27 hours.
• This automation maintains decentralization and system continuity.
• If an updater becomes inactive, others can be permissionlessly added to resume key publishing and restore liveness.

Summary of Security Layers