Bridge rate-limiter / chain-pause as positive mitigant
Axelar Network's assessment for RD-F-185 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Confirmed positive mitigant. (1) Gateway setTokenMintLimits() implements per-token per-6h transfer rate caps (mintLimits) set by the Multisig mintLimiter — documented in Axelar security docs: 'gateways have a rate limiting function, putting a cap on how much of each asset can be transferred in a given time interval.' (2) Cosmos chain has governance-triggered emergency capability: governance proposal 256 disabled the auto-deregistration mechanism that was the attack vector in the 2024 vulnerability disclosure, demonstrating chain-level governance rapid response. (3) Validator quorum can disconnect compromised chains via governance vote. NOTE: ITS setPauseStatus() by single EOA is a negative factor (F027/F041), not counted here. The gateway-level controls are the positive mitigants for this factor.
Sources #
- DocsAxelar Security Model — DocsAxelar security docs: gateways have rate limiting function, cap on asset transfer per time intervalretrieved 2026-05-17
- Axelar Network Vulnerability Disclosure — marcohextor.comGovernance proposal 256: auto-deregistration disabled via on-chain governance vote — chain-pause capability demonstratedretrieved 2026-05-17
- Axelar Governance Explained — BlogAxelar governance explained: rate limits, chain disconnection via governance are documented security controlsretrieved 2026-05-17
Methodology #
Determine whether the bridge implements a per-window outflow rate-limiter (and at what cap), and whether the protocol team can trigger a chain-level or validator-set emergency pause.
See the full factor methodology and distribution across all protocols →