Cross-Chain Bridge Security — How We Protect Against Hacks

  • Very high coverage with unit testing and additional cross-chain integration testing to ensure our contracts work as intended.
  • Allowing the smart contract code to be audited by a respected audit company. These auditors check code for vulnerabilities for a living. See the results of our latest Audits by Chainsulting & Haechi.
  • We are aware that upgradeable contracts are also an attack vector. At this stage, upgradeable contracts make sense, but we are working towards phasing them out once the core is closer to completion. Currently, only a GnosisSafe is granted to perform an upgrade, and only a few members are whitelisted for the multi-signatures. The next step will be to make use of TimelockController for delayed deployments. The goal is to avoid upgrades in the future. Ultimately, the plan is to hand over power to a DAO.
  • Creating a “bug bounty program.” This means simply offering a financial reward for white hats, i.e., “friendly” hackers, to find bugs in our code. If they find something potentially threatening, they get paid for their work.
  • Getting experts & developers of partner companies to check our code. Working for long periods on the same codebase makes it easier to miss errors, and having external parties look specifically for mistakes makes sense.
  • Researching new & upcoming hacks, understand how they manage to bypass security & verify our code against these attack vectors. Would the hacker have been able to evade our security using the same approach?
  • Researching new security measures, such as monitoring of smart contracts & automatic tasks/transactions that can be executed before defined events occur in our smart contract.

Did you like this article? Let us know, hold the clap button and & give us up to 50 claps.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cross-Chain Bridge

Cross-Chain Bridge

Bridge Tokens & NFTs. Provide Liquidity & earn.