You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the view on the AMB feature in the defrayal mode was initially described here: #73 (comment)
During the implementation it was found the following security concerns:
a contract could intentionally point out the pair of the gas price and the gas limit as so the total fee is greater than the balance the contract on another bridge side. It could lead to drying out the validator balance. One of possible solution is to gather fees at the moment when the relay request appears on one bridge side. But it requires to know the exchange rate for the native coins used on both sides of the bridge. We also cannot just to skip such relays since it will require restart the bridge every time when a contract owner forget to top up the contract balance on the bridge.
there is a risk that validators could intentionally use a higher gas price for the relayed transaction in order to get more profit. It is applicable for the scenario when the contract is requesting gas price from the oracle.
a contract could intentionally point out low gas price in a message relay request to block the bridge operations. If the validator will use this gas price for the final transaction it could be stuck in the transaction pool so it will lead to the situation when all consequent transactions will be stuck there as well until the first transaction is included into a block.
That's why it was decided to include the subsidized mode in the bridge code base and postpone the implementation of the defrayal mode. All current groundwork for this feature is in amb-defrayal-mode branch.
When ways to address the issues listed above are discovered the work to finish the implementation will be continued.
The text was updated successfully, but these errors were encountered:
One of the view on the AMB feature in the
defrayalmode was initially described here: #73 (comment)During the implementation it was found the following security concerns:
a contract could intentionally point out the pair of the gas price and the gas limit as so the total fee is greater than the balance the contract on another bridge side. It could lead to drying out the validator balance. One of possible solution is to gather fees at the moment when the relay request appears on one bridge side. But it requires to know the exchange rate for the native coins used on both sides of the bridge. We also cannot just to skip such relays since it will require restart the bridge every time when a contract owner forget to top up the contract balance on the bridge.
there is a risk that validators could intentionally use a higher gas price for the relayed transaction in order to get more profit. It is applicable for the scenario when the contract is requesting gas price from the oracle.
a contract could intentionally point out low gas price in a message relay request to block the bridge operations. If the validator will use this gas price for the final transaction it could be stuck in the transaction pool so it will lead to the situation when all consequent transactions will be stuck there as well until the first transaction is included into a block.
That's why it was decided to include the
subsidizedmode in the bridge code base and postpone the implementation of thedefrayalmode. All current groundwork for this feature is in amb-defrayal-mode branch.When ways to address the issues listed above are discovered the work to finish the implementation will be continued.
The text was updated successfully, but these errors were encountered: