Bridges have become a popular target for hackers as they often require tokens (which must be bridged to another network) to be locked in one or more of their smart contracts. We’ve all seen how other bridges in the industry have been hacked and millions of funds stolen.
Most crypto bridges operate with a print/burn function, where their tokens must be given a minor role to partner with projects and provide bridging services to the bridge. As a result, projects risk hackers printing an unlimited amount of tokens and rendering them unusable. Posschain Bridge eliminates this risk by using liquidity pools.
Learn more about security practices to protect Posschain Bridge’s Pools from hackers.
Procedures:
- Investigation of new security measures such as monitoring intelligent contracts and automated tasks/transactions that can be executed before the events defined in our smart contract occur.
- Follow established coding best practices, use proven code patterns and contract templates, and learn from the mistakes others have made before you.
- Very high coverage with unit testing and additional cross-chain integration testing to ensure our contracts work as intended.
- To enable experts and developers from partner companies to check our code. Working in the same codebase for a long time makes it easy to overlook bugs, making it sense for external parties to look for them specifically.
- We are aware that upgradable contracts are also an attack vector. At this stage, upgradeable conventions make sense, but we’re working to phase them out as the core nears completion. Currently, only one GnosisSafe is given to perform the upgrade, and only a few members are allowed for multi-signatures. The next step would be to use TimelockController for delayed deployments. The goal is to prevent upgrades in the future. Ultimately, the plan is to devolve power to a DAO.
- We allow the smart contract code to be audited by a reputable audit firm. These auditors check the code for vulnerabilities for a living.
- We will create a “bug bounty program.” This means offering a financial reward to white hats, aka “friendly” hackers, for finding bugs in our code. If they find something potentially threatening, they get paid for their work.
- Research new and upcoming hacks, understand how they bypass security, and validate our code against these attack vectors. Could the hacker have escaped our guarantee using the same approach?
There are also additional measures we have not publicly made available to maintain a second line of defense if a hacker bypasses these first layers of protection. “Imagine us as an old fort (contracted bridge) surrounded by several walls and a moat (points/procedures listed above). Now, the black hat can have the fort’s blueprint (code) and cross the moat. But what happens after we get over the wall is our secret, and we want it to stay that way.” Vincent Lerat, Smart Contract Developer at Posschain.
The best results are achieved when many smart people work together. Therefore, we strongly encourage our investors and users with developer experience/knowledge to review our code base here. If you find something that significantly improves our protocol, we’ll reward you with a POSS! Please let us know if you see any potential for improvement.
As a result, our bridging protocol technology is robust and focused on user security. Due to the nature of the DeFi world, we are prepared to do our best against different attack scenarios and take protecting the Bridge very seriously. This is the key to connecting the largest blockchains and delivering the best experience in a multi-chain world.
Join our community on Telegram and tell us what you think!
