Launch App

Sommelier Protocol Team Weekly Update #3

Welcome to the weekly Protocol team update on the Sommelier protocol upgrades! This is the third week of the Informal's audit and the team's delivery of upgrades to the Sommelier Gravity Bridge.


The orchestrator is a single binary that combines the Eth Signer, Oracle, and Relayer for ease of use by the Validator Operator. One issue that surfaced from Informal’s audit is handling of unsafe error in the Orchestrator.

Since the Orchestrator is built with Rust, there’s constant use of panic causing statements like unwrap(), panic!(), assert(), assert_eq(), and expect() for error handling. Although these methods are safe in most cases, there are some cases where it is not safe. For instance, the network errors or misbehavior/bugs in other Gravity Bridge components can invalidate these error handling statements, causing a panic.

The auditor classified into three categories some cases where panic causing statements can be invalidated. Let’s take a look at these categories and how the Sommelier protocol team resolved them.

Assertions that depend on other Gravity Bridge components

Assertions on components that depend on other components can be unsafe. For example, it is difficult to determine if the assertions are valid or invalid. These assertions will only be valid if the other bridge components behave correctly.

An example is an assertion to ensure that validator signature is valid. If there’s a bug that returns an invalid signature or a malicious validator attaches an invalid signature, this assertion will be invalid. To handle this better, the Sommelier protocol team has made sure that error from an invalid validator signature won’t cause a panic that’ll stop the other processes depending on it. Another case is a bug causing the invalidation of the assertion between the Cosmos valset nonce and Ethereum valset nonce causing a panic which can lead to validator slashing. The Sommelier protocol team has successfully put a medium in place to handle all of these errors safely.

Assertions in the initialization phases or in the client code

This is the second category where panic causing statements can be invalidated. Assertions in the initialization phase of a process or in the client side can throw an invalid panic.

For instance, while trying to get balance of a Cosmos address, a panic can occur due to error connection errors. Since this code is in the client side, a panic can cause the halting of the orchestrator and may lead to a panic occurs a long time after the Orchestrator has been started.

Vacuously true assertions

Although this third category has little or no effects on validator slashing or halting of the Orchestrator, it tries to keep the codebase clean and easy to manage.

For instance Vacuously true assertions are guaranteed to be safe due to the code structure. Keeping them in the codebase makes it difficult to inspect codes as developers spend time on false positives. The Sommelier protocol team has successfully removed vacuously true assertions from the gravity bridge to make managing the bridge easy.

To learn more about Sommelier, please visit

To use Sommelier, try the Pairings App at

To participate in the community, please join the Telegram group

To follow the project on Github, please star the project

More articles

This website does not constitute an offer to sell or a solicitation of interest to purchase any securities in any country or jurisdiction in which such offer or solicitation is not permitted by law. Nothing on this website is meant to be construed as investment advice and we do not provide investment advisory services, nor are we regulated or permitted to do so. This website is provided for convenience only. Sommelier does not manage any portfolios. You must make an independent judgment as to whether to add liquidity to portfolios.

Users of the Sommelier website should familiarize themselves with smart contracts to further consider the risks associated with smart contracts before adding liquidity to any portfolios.

Note that the website may change, and we are under no obligation to update or advise as to these changes. There is no guarantee that the Sommelier Mainnet, including any software, products or token use cases mentioned on the website, will be built, or offered by Sommelier. In particular, actual results and developments may be materially different from any forecast, opinion or expectation expressed in this website, or documents contained in it, and the past performance of any portfolio must not be relied on as a guide to its future performance.

To the extent permitted by law, the company and its directors, officers, employees, agents exclude all liability for any loss or damage arising from the use of, or reliance on, the material contained on this website whether or not caused by a negligent act or omission. The release, publication or distribution of this website and any materials herein may be restricted in some jurisdiction and therefore you must inform yourself of and observe any such restrictions.

© 2022 Sommelier by Bajanss OÜ –Maakri 36-50, Tallinn, Estonia 10145