Security model of cross-chain bridges

Intro

A cross-chain bridges were recently implemented connecting Callisto chain to Binance smart-chain and Ethereum mainnet.

Cross-chain Bridges in a nutshell

Cross-chain bridge allows users to swap assets from one chain to another. In fact it’s a pair of two contracts at two different chains. One contract accepts a selected asset at the first chain and freezes it. At the same time this contract emits a signal for the second contract to create the same quantity of “wrapped” tokens at the second chain.

Contract modes

The contract system may operate in different modes.

  • Frozen — the contract is not actively processing cross-chain swaps in this mode. Special accounts with “Freeze” permissions can freeze the contract immediately in case of anomaly detection. Returning the contract to the normal mode requires ‘Owner’ permission and “Setup Mode”.
  • Upgrading — it is possible to switch this contract to a newer version deployed at a new address. Upgrading requires ‘Owner’ permission and can be performed in 72 hours after the function invocation.

Authorities — low trust / minimal permissions

Callisto Bridges rely on “Authorities” as relays. Every Authority is a special account (with its own private key) which is governed by a script at its dedicated server. Storing private keys on a server is not secure — that’s why Authorities are not trusted and only given a minimal set of privileges.

Freezers —emergency stop permissions

There can be special accounts with “Freeze” permission that do not have a permission to sign transfers. These accounts are only used to observe the authorities.

Owner — governance permissions

A special account is granted “Owner” permissions to debug the contract or punish malfunctioning authorities in the event of misbehavior.

Founders — the least exposed keys

There is an additional special account called “Founders multisig”. This account has no permissions but to replace an “Owners” multisig with a new one in case Owners keys are compromised.