Skip to content

adityaxxz/Boss-Bridge-Audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
audit-data
audit-data
 
 
lib
lib
 
 
out
out
 
 
src
src
 
 
test
test
 
 
.notes.md
.notes.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
foundry.toml
foundry.toml
 
 

Repository files navigation

Boss Bridge Audit

Audit Report

Audit-Report-HERE

What's Boss Bridge

This project represents a simple bridge mechanism to move ERC20 token from L1 to an L2.

In a nutshell, the bridge allows users to deposit tokens, which are held into a secure vault on L1. Successful deposits trigger an event that a off-chain mechanism picks up, parses it and mints the corresponding tokens on L2.

To ensure user safety, this first version of the bridge has a few security mechanisms :

  • The owner of the bridge can pause operations in emergency situations.
  • Because deposits are permissionless, there's an strict limit of tokens that can be deposited.
  • Withdrawals must be approved by a bridge operator.

Boss Bridge Explained in a nutshell


Main Contract

The L1BossBridge.sol contract has a substantial role and a few capabilities. It can pause and unpause, illustrating some centralized power. Most crucially, it permits users to deposit tokens to L2 and withdraw tokens from the L2 back to the L1.

function sendToL2(address _l2Delegate, address _token, uint256 _amount, uint256 _l2Gas,
                  bytes calldata _data) external
                  whenNotPaused returns (bytes memory){
      // (...rest of code...)
}

The sendToL2() function deposits token to L2. Once tokens are sent, they are locked into L1Vault.sol. This vault is relatively simple and doesn't really do much other than holding onto the L1 tokens approved by the Boss Bridge.

How Tokens Travel Between Layers

  • Tokens are sent to a vault on the L1 , effectively locking them.
  • A centralized off-chain service AKA Boss Bridge, signals the release of an equivalent number of tokens on the L2.
  • Instead of directly transferring tokens from L1 to L2, the tokens are locked on L1 and an identical number of tokens are minted on the L2 side.
  • To transfer tokens back from L2 to L1, the tokens are locked in a vault on the L2 side.
  • Centralized signers approve the unlocking of the original tokens on the L1 side, completing the transfer process.

The Key Role of Signers

So these Signers are important because they see who's depositing to either layer and decide when to unlock or relock tokens. As valuable as this function is, it is also an embedded known issue with the protocol due to its centralized nature. Once a token in L1 gets locked in the vault, it's liberated to roam in L2. Reversibly, when you lock it back into the L2 vault, Signers get a signal, and the tokens from L1 vault are released.

Some of my personal notes here

About

A Bridging protocol to move tokens from L1 to L2

Topics

ecdsa-signature defi yul-assembly

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages