Skip to main content

Architecture and Security Overview

This page presents an overview of the architecture and security measures implemented in the bridge between the Ethereum and Massa blockchains. The bridge is designed to facilitate the secure transfer of assets between the two networks, ensuring the integrity and reliability of cross-chain transactions. Our system is designed to ensure the secure, efficient, and transparent bridging of assets, leveraging a lock-mint and burn-redeem scheme underpinned by state-of-the-art security practices.

System Architecture

Component Overview

The bridge system comprises several key components:

  • Massa Bridge UI: Serves as the user interface for initiating bridge transactions. It supports wallet connections and transaction initiations for both Ethereum and Massa blockchains.
  • BridgeVault Contract (Ethereum): Acts as the custodian of assets on the Ethereum side. It is responsible for locking assets during the bridge process and executing redeem transactions based on verified requests.
  • Bridge Contract (Massa): Handles the minting of tokens on the Massa blockchain in response to locked assets on Ethereum and manages the burning of tokens for redemption back to Ethereum.
  • Relayer Network: A set of independent nodes responsible for monitoring bridge transactions, verifying events, and facilitating the cross-chain communication necessary for asset transfers.

User flow

To initiate bridging from Ethereum to Massa, a lock transaction is sent to the BridgeVault contract on Ethereum. This lock transaction will transfer the assets from the user's wallet to the BridgeVault contract, locking them in the process. In order to ensure that the bridge operation meet all the requirements, users should always use the Massa bridge UI. Once the lock transaction has received enough confirmations, it will be handled by the relayer network; On detecting a lock event, each individual relayer will produce a signature corresponding to this particular bridge operation. Once all of the three relayers have signed the lock transaction, the relayer network will forward this bridge operation to the Bridge contract on Massa. The Massa Bridge contract will then verify the signatures, and mint the corresponding amount of tokens to the user's wallet on Massa. The user will then receive a notification that the mint operation has been completed.

To initiate bridging from Massa to Ethereum, a burn transaction is sent to the Bridge contract on Massa. This burn transaction will transfer the assets from the user's wallet to the Bridge contract, burning them in the process. Once the burn transaction has received enough confirmations, it will be handled by the relayer network; On detecting a burn event, each individual relayer will produce a signature corresponding to this particular bridge operation. During the process, the Massa Bridge UI will query the relayer network for the signatures. Once all of the three relayers have produced their signatures, the Massa bridge UI will prepare the redeem transaction. The user will then sign and send the redeem transaction to the Ethereum blockchain, triggering the release of the tokens.

Bridge flow

Security Measures

The BridgeVault contract on Ethereum holds the assets locked during the bridging process. The only way assets can be redeemed is by sending a message signed by the 3 out of 3 nodes of the relayer network. This ensures that the assets are only released when the relayer network has verified the corresponding burn transaction on Massa. The public keys of the relayer nodes are stored in the Bridge contract on Massa, and can only be updated by a gnosis safe multisig wallet controlled by the bridge operators. Moreover, a 48h timeLock from Openzeppelin is implemented in the Bridge contract on Massa, which requires a 48h delay before the relayer network can update the public keys. This ensures that the bridge operators have enough time to intervene in case of a malicious update of the public keys. The BridgeVault contract can charge fees. However they have been set to 0 for the time being.

Gnosis safe Safe proxy address: 0xDB1a35B0C8Bb727A8ce5314B4fCCa874614138BB

Signer NameAddressStatus
Signer 10x675Ebdc155e89c31229b0C7aF38D8D355E61F50Active
Signer 20xB744a01980b2f1ee61ED742df42B21b3AAfE1A31Active
Signer 30xcF6fB27ddC0A0270A36F7E7E5270CB179D2bfD32Active

The Bridge contract on Massa is responsible for minting the tokens in response to the locked assets on Ethereum. The Bridge contract can only mint tokens when it receives a message signed by 3 out of 3 nodes of the relayer network. The synthetic token contracts ownership, has yet to be transferred to a multisig wallet after deployment. The public keys of the relayer nodes are hardcoded in the contract and cannot be updated. This contract as well can be paused for maintenance or security. The Bridge contract can charge fees but have been set to 0.

On chain architecture

The relayer network is a set of independent nodes responsible for monitoring bridge transactions, verifying events, and facilitating the cross-chain communication necessary for asset transfers. The three nodes are hosted on different cloud providers to avoid common points of failure. For redundancy, each node has a fallback mechanism and redundant RPC connections.

The Massa Bridge smart contracts have undergone security audits conducted by Certik, the report is publicly available here.