It is shocking and dismaying to me that Composable Finance continues to perpetrate the deception that they have deployed a light-client based, IBC bridge to sepolia testnet. The material they have linked here, is simply untrue. Their contracts neither perform any light client verification nor do they even check commitments for merkle trie inclusion. It will simply accept any message passed to it as a valid commitment, as long as it passes a few sanity checks, allowing arbitrary minting. I have serious concerns if they go ahead and put this in production anyway, and now they are apparently seeking out partnerships in the ethereum ecosystem. Needless to say you should not touch this. They have substantially invested in the promotion of this product, claiming it’s something it just clearly isn’t, so whatever they end up releasing can’t be trusted. If there’s any doubt, just check on sepolia, this is the address of their (not) “light client” - 0x56378f9b88f341b1913a2fc6ac2bcbaa1b9a9f9f
the verifyMembership function 0x33714fe4 just returns ‘true’. There is no functionaly that verifies proofs of bridge messages.
So tl;dr no assets bridged to ethereum via their bridge are safe to use as collateral, and they are malicious actors.