199 lines
5.9 KiB
Markdown
199 lines
5.9 KiB
Markdown
|
|
# Trustless Bridge Security Model
|
||
|
|
|
||
|
|
## Security Assumptions
|
||
|
|
|
||
|
|
The trustless bridge system relies on **economic security** and **cryptographic verification** rather than trusted third parties or governance. The security model is based on:
|
||
|
|
|
||
|
|
1. **Economic Incentives**: Fraud is economically unprofitable due to bond requirements
|
||
|
|
2. **Cryptographic Proofs**: Claims are verified against source chain state
|
||
|
|
3. **Permissionless Participation**: Multiple relayers and challengers reduce centralization risk
|
||
|
|
|
||
|
|
## Economic Security
|
||
|
|
|
||
|
|
### Bond Mechanism
|
||
|
|
|
||
|
|
- **Bond Size**: 110% of deposit amount (minimum 1 ETH)
|
||
|
|
- **Rationale**: Ensures bond exceeds potential profit from fraud
|
||
|
|
- **Formula**: `bondAmount = max(depositAmount * 1.1, 1 ETH)`
|
||
|
|
|
||
|
|
### Slashing Mechanism
|
||
|
|
|
||
|
|
- **Slash Condition**: Fraudulent claim challenged and proven
|
||
|
|
- **Split**: 50% to challenger, 50% burned (sent to address(0))
|
||
|
|
- **Incentive**: Challengers earn rewards for detecting fraud
|
||
|
|
- **Disincentive**: Relayers lose bond if fraudulent
|
||
|
|
|
||
|
|
### Economic Attack Scenarios
|
||
|
|
|
||
|
|
#### Scenario 1: Relayer Submits Fraudulent Claim
|
||
|
|
|
||
|
|
**Attack**: Relayer claims deposit doesn't exist on source chain
|
||
|
|
|
||
|
|
**Defense**:
|
||
|
|
- Challenger detects fraud and submits challenge
|
||
|
|
- Bond is slashed (110% of deposit lost)
|
||
|
|
- Fraud is unprofitable: cost (bond) > profit (deposit)
|
||
|
|
|
||
|
|
**Result**: Attack fails economically
|
||
|
|
|
||
|
|
#### Scenario 2: Collusion Between Relayer and Challenger
|
||
|
|
|
||
|
|
**Attack**: Relayer and challenger collude to share slashed bond
|
||
|
|
|
||
|
|
**Defense**:
|
||
|
|
- Only 50% goes to challenger, 50% is burned
|
||
|
|
- Relayer still loses 110% of deposit
|
||
|
|
- Net loss: 60% of deposit (even with collusion)
|
||
|
|
|
||
|
|
**Result**: Attack is still unprofitable
|
||
|
|
|
||
|
|
#### Scenario 3: Large Deposit Attack
|
||
|
|
|
||
|
|
**Attack**: Attacker tries to claim large non-existent deposit
|
||
|
|
|
||
|
|
**Defense**:
|
||
|
|
- Bond requirement scales with deposit amount (110%)
|
||
|
|
- Larger deposits require larger bonds
|
||
|
|
- Economic unprofitability remains regardless of deposit size
|
||
|
|
|
||
|
|
**Result**: Attack fails at any scale
|
||
|
|
|
||
|
|
## Cryptographic Security
|
||
|
|
|
||
|
|
### Deposit ID Generation
|
||
|
|
|
||
|
|
Deposit IDs are generated using:
|
||
|
|
```solidity
|
||
|
|
depositId = keccak256(asset, amount, recipient, nonce, msg.sender, block.timestamp, block.number)
|
||
|
|
```
|
||
|
|
|
||
|
|
**Properties**:
|
||
|
|
- Unique per deposit
|
||
|
|
- Includes timestamp and block number
|
||
|
|
- Prevents replay attacks
|
||
|
|
- Cannot be predicted or manipulated
|
||
|
|
|
||
|
|
### Replay Protection
|
||
|
|
|
||
|
|
- Nonces per user prevent duplicate deposits
|
||
|
|
- Processed deposit tracking prevents double-processing
|
||
|
|
- Deposit IDs ensure uniqueness
|
||
|
|
|
||
|
|
### Fraud Proofs (Future)
|
||
|
|
|
||
|
|
Future implementations will use:
|
||
|
|
- **Merkle Proofs**: Verify deposit existence/non-existence in source chain state
|
||
|
|
- **Light Clients**: Trustless verification of source chain state
|
||
|
|
- **ZK Proofs**: Zero-knowledge proofs for state transitions
|
||
|
|
|
||
|
|
## Operational Security
|
||
|
|
|
||
|
|
### Permissionless Participation
|
||
|
|
|
||
|
|
- **Relayers**: Anyone can become a relayer
|
||
|
|
- **Challengers**: Anyone can challenge claims
|
||
|
|
- **Liquidity Providers**: Anyone can provide liquidity
|
||
|
|
|
||
|
|
**Benefit**: Reduces centralization risk, no single point of failure
|
||
|
|
|
||
|
|
### Challenge Window
|
||
|
|
|
||
|
|
- **Duration**: 30 minutes (configurable)
|
||
|
|
- **Purpose**: Allow time for fraud detection
|
||
|
|
- **Trade-off**: Longer window = more security, slower finality
|
||
|
|
|
||
|
|
### Rate Limiting
|
||
|
|
|
||
|
|
- **Per Relayer**: Max claims per epoch (e.g., 100 per hour)
|
||
|
|
- **Purpose**: Prevent spam and bound tail risk
|
||
|
|
- **Configurable**: Adjustable based on network capacity
|
||
|
|
|
||
|
|
## Risk Analysis
|
||
|
|
|
||
|
|
### Risk: Smart Contract Bugs
|
||
|
|
|
||
|
|
**Mitigation**:
|
||
|
|
- Comprehensive unit and integration tests
|
||
|
|
- Security audit (recommended before mainnet)
|
||
|
|
- Gradual rollout with testnet deployment first
|
||
|
|
- Bug bounty program (recommended)
|
||
|
|
|
||
|
|
### Risk: Liquidity Pool Depletion
|
||
|
|
|
||
|
|
**Mitigation**:
|
||
|
|
- Minimum liquidity ratio enforcement (110%)
|
||
|
|
- LP withdrawals blocked if below ratio
|
||
|
|
- Multiple LPs can provide liquidity
|
||
|
|
- Economic incentives for LPs (fees)
|
||
|
|
|
||
|
|
### Risk: Chain Reorganization
|
||
|
|
|
||
|
|
**Mitigation**:
|
||
|
|
- Use finality checkpoints on source chain
|
||
|
|
- Challenge window provides buffer
|
||
|
|
- Merkle proofs include block hash (future)
|
||
|
|
|
||
|
|
### Risk: DEX Slippage
|
||
|
|
|
||
|
|
**Mitigation**:
|
||
|
|
- `amountOutMin` parameter protects users
|
||
|
|
- Uniswap V3 provides deep liquidity
|
||
|
|
- Multiple DEX options (Uniswap, Curve, 1inch)
|
||
|
|
|
||
|
|
### Risk: Economic Attacks
|
||
|
|
|
||
|
|
**Mitigation**:
|
||
|
|
- Bond sizing ensures unprofitability
|
||
|
|
- Slashing mechanism disincentivizes fraud
|
||
|
|
- Multiple challengers reduce collusion risk
|
||
|
|
|
||
|
|
## Known Limitations
|
||
|
|
|
||
|
|
1. **Fraud Proof Implementation**: Currently placeholder - needs actual Merkle proof verification
|
||
|
|
2. **Light Client**: Not yet integrated - relies on RPC nodes for verification
|
||
|
|
3. **Challenge Window**: Fixed duration - doesn't adapt to network conditions
|
||
|
|
4. **Bond Sizing**: Fixed multiplier - could be dynamic based on risk
|
||
|
|
5. **Relayer Fees**: Currently none - may reduce relay incentives
|
||
|
|
|
||
|
|
## Recommendations
|
||
|
|
|
||
|
|
### Before Mainnet Deployment
|
||
|
|
|
||
|
|
1. **Security Audit**: Comprehensive audit by reputable firm
|
||
|
|
2. **Testnet Deployment**: Extended testing on testnets
|
||
|
|
3. **Bug Bounty**: Launch bug bounty program
|
||
|
|
4. **Gradual Rollout**: Start with small deposit limits, increase over time
|
||
|
|
5. **Monitoring**: Set up comprehensive monitoring and alerting
|
||
|
|
|
||
|
|
### Ongoing Operations
|
||
|
|
|
||
|
|
1. **Monitor Events**: Track all key events (deposits, claims, challenges)
|
||
|
|
2. **Liquidity Management**: Monitor pool balances and ratios
|
||
|
|
3. **Economic Analysis**: Track bond amounts, slashing events, challenge rates
|
||
|
|
4. **Performance Metrics**: Monitor relay times, challenge rates, swap success rates
|
||
|
|
|
||
|
|
## Incident Response
|
||
|
|
|
||
|
|
### If Fraud Detected
|
||
|
|
|
||
|
|
1. Challenger submits challenge with fraud proof
|
||
|
|
2. Bond is automatically slashed
|
||
|
|
3. Claim is reverted
|
||
|
|
4. Challenger receives 50% reward
|
||
|
|
5. Monitor for patterns indicating systemic issues
|
||
|
|
|
||
|
|
### If Smart Contract Bug Discovered
|
||
|
|
|
||
|
|
1. Pause system (if pause mechanism exists)
|
||
|
|
2. Assess impact and scope
|
||
|
|
3. Deploy fix (if possible)
|
||
|
|
4. Reimburse affected users (if needed)
|
||
|
|
5. Post-mortem and improvements
|
||
|
|
|
||
|
|
### If Liquidity Crisis
|
||
|
|
|
||
|
|
1. Monitor pool ratios
|
||
|
|
2. Encourage additional LP deposits
|
||
|
|
3. Temporarily increase minimum ratio (if mechanism exists)
|
||
|
|
4. Consider emergency withdrawals (if needed)
|