{ "chain_slug": "axelar", "name": "Axelar", "scorecard_profile": "L1", "evaluated_at": "2026-04-18", "evaluator": "layerqu-v2-scoring-agent-1", "v1_reference": "chainscreen-v1-archive", "dimensions": { "1_cryptographic_exposure": { "weight": 0.15, "score": 28, "sub_scores": { "1a_primitive_inventory": { "score": 12, "primitives_named": [ "Ed25519 (CometBFT consensus)", "ECDSA secp256k1 (Cosmos SDK accounts)", "TSS / threshold ECDSA (cross-chain attestations)", "SHA-256" ], "evidence": [ "https://genfinity.io/2025/09/17/axelar-network-deep-dive-2025/" ], "note": "Threshold signatures for cross-chain bridging is defining feature." }, "1b_shor_grover_pq_tag": { "score": 12, "tags": { "Ed25519": "Shor-break", "ECDSA secp256k1 TSS": "Shor-break", "SHA-256": "Grover-weaken-128bit" }, "evidence": [ "https://axelar.network" ] }, "1c_algorithm_family_diversity": { "score": 0, "families_represented": 0, "families": [], "note": "No PQC families" }, "1d_nist_security_category": { "score": 0, "mappings": {}, "note": "No NIST PQC" }, "1e_implementation_quality": { "score": 4, "formal_verification": "cross-chain halt vulnerability disclosed (Marco Hextor) and fixed — signals incomplete formal verification coverage", "constant_time": "standard", "libraries": [ "tss-lib", "cosmos-sdk" ], "evidence": [ "https://marcohextor.com/axelar-network-cross-chain-halt-vulnerability/" ] } }, "total_artifacts": 2 }, "2_hndl_exposure": { "weight": 0.1, "score": 25, "sub_scores": { "2a_active_key_exposure": { "score": 6, "note": "75 validators, threshold signing keys persistent. Cross-chain attestations exposed." }, "2b_cold_key_exposure": { "score": 6, "note": "Mainnet since 2022. Modest cold exposure." }, "2c_signature_longterm_validity": { "score": 6, "note": "TSS ECDSA sigs for cross-chain attestations forgeable post-Shor — downstream chains would accept forged 'Axelar' attestations." }, "2d_encryption_confidentiality": { "score": 7, "note": "Standard TLS; TSS protocol uses x25519 — Shor-vulnerable." } }, "total_artifacts": 1 }, "3_metadata_privacy_exposure": { "weight": 0.13, "score": 22, "sub_scores": { "3a_tx_graph_visibility": { "score": 5, "note": "Pseudonymous cross-chain messages publicly visible." }, "3b_rpc_mempool_concentration": { "score": 5, "note": "Cosmos RPC concentration." }, "3c_cross_chain_bridge_correlation": { "score": 6, "note": "Axelar itself is the bridge layer; all flows visible to passive observer." }, "3d_retroactive_deanon_risk": { "score": 6, "note": "TSS ECDSA broken post-Shor means attacker can forge historical attestations for all 60+ chains Axelar bridges to." } }, "total_artifacts": 1 }, "4_migration_architecture": { "weight": 0.1, "score": 40, "sub_scores": { "4a_crypto_agility": { "score": 10, "note": "Cosmos SDK supports adding sig types via module. TSS migration non-trivial (coordinate across 75 validators + 60+ destination chains)." }, "4b_account_abstraction_key_rotation": { "score": 8, "note": "Standard Cosmos AuthZ/multisig." }, "4c_hard_fork_track_record": { "score": 12, "note": "Smooth Cosmos SDK upgrades. Cross-chain halt vulnerability handled via responsible disclosure." }, "4d_hybrid_deployment_readiness": { "score": 10, "note": "Hybrid threshold signing (classical ECDSA + PQC) would require protocol-level redesign — architecturally possible but substantial." } }, "total_artifacts": 2 }, "5_deployment_execution": { "weight": 0.22, "score": 2, "sub_scores": { "5a_mainnet_pqc_pct": { "score": 0, "mainnet_pqc_pct": 0, "evidence": [], "note": "no public artifact found" }, "5b_pqc_code_in_client": { "score": 0, "note": "no PQC in Axelar Core" }, "5c_validator_pqc_adoption": { "score": 0, "note": "75 validators, no PQC TSS keys" }, "5d_published_milestones_count": { "score": 0, "count": 0, "note": "no PQC milestones" }, "5e_pqc_washing_delta": { "score": 2, "ratio": 1, "note": "No PQC announcements" } }, "total_artifacts": 0 }, "6_supply_chain_vendor_readiness": { "weight": 0.22, "score": 5, "sub_scores": { "6a_wallet": { "score": 2, "top3": [ "Keplr", "Leap", "Ledger HW" ], "pqc_roadmap_count": 0, "evidence": [] }, "6b_bridge": { "score": 1, "top3": [ "Axelar is a bridge", "Wormhole", "LayerZero" ], "pqc_roadmap_count": 0, "evidence": [] }, "6c_custodian": { "score": 1, "top3": [ "Coinbase Custody", "BitGo", "Fireblocks" ], "pqc_roadmap_count": 0, "evidence": [] }, "6d_rpc_hsm": { "score": 1, "top3": [ "Polkachu", "BlockPi", "Axelar RPC" ], "pqc_roadmap_count": 0, "evidence": [] } }, "total_artifacts": 1 }, "7_governance_coordination": { "weight": 0.08, "score": 45, "sub_scores": { "7a_validator_stake_distribution": { "score": 10, "note": "75 validators, top 10 ~40%." }, "7b_upgrade_cadence_under_pressure": { "score": 12, "note": "Cross-chain halt vulnerability handled; Cosmos SDK upgrades smooth." }, "7c_named_coordination_lead": { "score": 13, "note": "Axelar Foundation + Interop Labs (Sergey Gorbunov, Georgios Vlachos)." }, "7d_adversarial_coordination_precedent": { "score": 10, "note": "Responsible disclosure + fix demonstrates security coordination capability." } }, "total_artifacts": 2 } }, "gates": { "hybrid_deployment": "FAIL", "evidence_reconstruction": "PASS", "primitive_naming": "PASS" }, "caps_applied": [ "mosca_cap_60", "sutor_stage_cap_2", "casado_stage_cap_3", "preskill_half_dim2_dim3_dim5_dim6", "hybrid_gate_fail_cap_60" ], "qri": { "raw": 15, "after_caps": 15, "ci_plus_minus": 15, "band": 2, "band_name": "Acknowledged" }, "migration_stage": 0, "mosca_inequality": { "X_signature_shelf_life_years": "10+ (cross-chain attestations valid for long periods; TSS keys are long-lived)", "Y_migration_time_years_range": "10-15", "Z_10pct_year": 2036, "Z_50pct_year": 2041, "danger_zone_at_50pct": true }, "four_scenario_grid": { "quantum_never": { "value_preserved_pct": 100, "privacy_preserved_pct": 100 }, "arrives_suddenly_pre_migration": { "value_preserved_pct": 10, "privacy_preserved_pct": 5 }, "arrives_slowly_post_migration": { "value_preserved_pct": 75, "privacy_preserved_pct": 65 }, "arrives_slowly_mid_migration": { "value_preserved_pct": 40, "privacy_preserved_pct": 25 } }, "burn_vs_rescue_policy": "undeclared", "pqc_washing_ratio": 1, "vendor_tile_summary": { "wallet": { "top3": [ "Keplr", "Leap", "Ledger HW" ], "pqc_roadmap_count": 0 }, "bridge": { "top3": [ "Axelar (self)", "Wormhole", "LayerZero" ], "pqc_roadmap_count": 0 }, "custodian": { "top3": [ "Coinbase Custody", "BitGo", "Fireblocks" ], "pqc_roadmap_count": 0 }, "rpc_hsm": { "top3": [ "Polkachu", "BlockPi", "Axelar RPC" ], "pqc_roadmap_count": 0 } }, "narrative_summary": "Axelar is a cross-chain bridge using CometBFT Ed25519 consensus and TSS ECDSA for cross-chain attestations. Systemic quantum risk: broken threshold signatures would allow forged attestations across all 60+ destination chains. No PQC roadmap. TSS-PQC is an open research problem — no production-grade protocols exist.", "evaluator_notes": "Axelar's role as bridge amplifies risk — every downstream chain relies on its TSS security. TSS + PQC is significantly harder than straight-sig PQC (fewer NIST-ready protocols). Band 2 Acknowledged.", "narrative_voiced": "Axelar is the cross-chain bridge that signs attestations for 60-plus destination chains using threshold ECDSA. If Shor breaks the TSS key, the downstream chains do not learn about it, they just accept the forged message. Bridge risk is not usually cryptographic. On Axelar, it is." }