Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is no programmatic safeguard to restart the chain if the bridge cannot be started (audit issue #17) #611

Closed
james-chf opened this issue Oct 14, 2022 · 2 comments
Closed

There is no programmatic safeguard to restart the chain if the bridge cannot be started (audit issue #17) #611

james-chf opened this issue Oct 14, 2022 · 2 comments
Labels
audit ethereum-bridge ledger spec

Comments

@james-chf
Copy link
Contributor

This was finding 17 from the audit of eth-bridge-integration branch (commit 57fc202)

Severity: Informational
To bootstrap the bridge the chain needs to halt. If that halt lasts longer than the epoch period, there is a risk that time sync or epochs may be lost. In the current implementation, there is no programmatic guarantee that the bootstrapping of the bridge will not cause problems with epoch time sync.
Recommendation
We recommend bootstrapping the bridge at the beginning of an epoch to maximize the time available to coordinate the resumption of operations. We also recommend developing and communicating a fallback plan for the unlikely case that bootstrapping will not be finished in time.
@james-chf james-chf moved this to Todo in Namada-Old Oct 14, 2022
@james-chf james-chf added the spec label Oct 14, 2022
@james-chf
Copy link
Contributor Author

james-chf commented Oct 14, 2022
edited
Loading

What to do in the case that the bridge cannot be launched is not currently specified (except that it must be possible).

namada/documentation/specs/src/interoperability/ethereum-bridge/bootstrapping.md

Lines 60 to 65 in a307a4c

### Backing out of Ethereum bridge launch
If for some reason the validity of the smart contract deployment cannot be
agreed upon by the validators who will responsible for restarting Namada, it
must remain possible to restart the chain with the Ethereum bridge still not
enabled.

We should explicitly lay out the fallback plan. Most likely, the chain can just be restarted without any genesis ethereum_bridge_params specified (as are being added in #575), and it will act just as before.

@batconjurer
Copy link
Member

Epoch must meet both a minimum amount of time and a minimum number of blocks must be processed. So it is not possible to for a the bridge to take longer than an epoch to sync since validators cannot start producing new blocks until their bridge is activated.

@github-project-automation github-project-automation bot moved this from Todo to Tested in Devnet in Namada-Old Feb 1, 2023
phy-chain pushed a commit to phy-chain/namada that referenced this issue Mar 1, 2024
@jurevans
feat/608 - Support memo, use native token (anoma#611)
bda16c1 
* fix: balances should support native token properly

* feat: adding memo field

* fix: adding memo to Tx

* fix: make bond form legible

* fix: version bump for next release
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
audit ethereum-bridge ledger spec
Projects
No open projects
Namada-Old
Status: Tested in Devnet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@batconjurer @james-chf