A Lesson in Security: Ferrum Cross-Chain Token Bridge
The Ferrum Cross-Chain Token Bridge brings an unparalleled level of security not yet seen in the DeFi space!
Identifying Areas of Weakness
In DeFi, it seems as though there’s a hack every other day. From ChainSwap to AnySwap to the largest and most recent PolyNetwork hack, what do all of these have in common? The most obvious is that all three were cross-chain bridging protocols. However, not all bridges are created equal.
Different Approaches to Bridging
There are a couple different approaches that projects take when architecting cross-chain token bridges. The most commonly used are those that deploy a “lock and mint” or a “burn and mint” functionality. On these sorts of bridges, the bridge contract interacts with the token contract, giving control over functionality and liquidity of your project . What’re the downsides of this? Well there’s a few!
- The amount of liquidity that is locked on the bridge is all but a sitting target and is quite a large pool.
- In most cases, the tokens that are being minted on other chains may not be authorized by the project whose token is being bridged. This creates a slew of messes when determining what contract addresses are authentic and which ones are not.
- Most bridges will deploy a generic copy of a standard ERC20 contract on the destination network. So if you have any custom functionality or DeFi protocols such as a tax on transactions, burn etc. say goodbye to those. Those functionalities won’t transfer over to the token on the new network. Pretty boring!
For the sake of today’s topic of conversation, let’s focus more on the first point.
When talking about software, exploits are inevitable. They’re especially common in emerging markets such as crypto. Our CSO Taha Abbasi recently shared some insights regarding how Ferrum uses various approaches to limit exposure from exploits:
No software is immune to exploits. You can build the most secure app, but if a downstream or upstream provider or a dependency in your code has a vulnerability and gets exploited, you are at risk.
Thinking that your code is exploit proof or claiming it might even be considered negligence. This is why we emphasize business and operational security best practices in addition to technical architecture security.
– Taha Abbasi | Ferrum Network
At Ferrum Network, we’re committed to building secure protocols. We consider ourselves “paranoid security freaks”. This approach boasts nearly 100 Staking as a Service clients with an all time high of over $100 million in TVL, which translates to hundreds of smart contracts that have been created. We’re proud to say that throughout our tenure providing these solutions we have not fallen victim to a single exploit! We took this same approach when architecting the Ferrum Cross-Chain Token Bridge and have integrated some of the same security protocols used in our Staking Tech.
As previously mentioned, most bridges on the market currently are using the “lock and mint” or “burn and mint” approach. We took a different one.
Two Way Bridge Liquidity Pools
With the Ferrum Cross-Chain Token Bridge we allow projects who either deploy their own white label version or choose to simply list on Ferrum’s native bridge to do two things.
- The project can map their token to any contract address on the destination chain. This is super helpful for projects who already have contracts deployed on other chains in which they did not necessarily authorize.
- The liquidity is then provided and managed by said project.
The fact that this liquidity is managed by the project on the origin chain and destination chain and the bridge contracts do not have interactive or operational control over the project’s token contract drastically reduces the exposure to the project and the community compared to other solutions in the market today.
Operational Security and Business Best Practices
While architectural improvements can drastically reduce the risk that presents itself through bridging solutions, to further improve the security of our bridge we have also implemented Operational Security (OpSec) functions and business best practices.
Limiting Bridge Liquidity
Both Ferrum Network and the projects who either list on our bridge or deploy their own white label version are encouraged to limit the amount of liquidity that they provide to either side of the bridge. By limiting the liquidity to only what the volume calls for, in most cases less than $50,000, you are limiting your exposure to potential exploits.
Important Note: By limiting the liquidity on either side of the bridge not only are you limiting the size of the pool that could be targeted but in doing so you’re reducing the desire for attackers to want to exploit the protocol in the first place. Most hackers are looking for much larger pies.
Zokyo Audit Complete— “Well above the industry average…”
The Ferrum Cross-Chain Token Bridge has passed its audit with flying colors. The extensive audit report is a further testament to the attention to security and the standards that Ferrum holds itself and it’s products to… but don’t take it from us. Hear it from Zokyo themselves!
We are excited to announce that Ferrum Network has passed our security audit with no critical issues. We are pleased to confirm that the v1.0 Bridge Pool has passed security qualifications.
As a long-term security partner of Ferrum Network, it is always a pleasure to conduct security audits and offensive security testing to strengthen the Ferrum Network.
As leaders in Blockchain Cybersecurity, we are pleased with Ferrum Network’s security standards as well as the security of the product itself.
Ferrum Network continues to follow industry best practices and beats industry benchmarks set for security. This can be seen in the current audit report that shows their audit score is well above the industry average. We are confident that Ferrum Network will continue to enhance security measures as the industry evolves, and we’ll be there to help audit continuously and provide further insights to help close any gaps that may appear.
Hartej Sawhney — Founder of Zokyo
We believe that we have built a revolutionary piece of technology in the Ferrum Cross-Chain Token Bridge. The overall interest in the product has been overwhelming and is both a testament to the user experience and to the security standards that we hold at Ferrum Network. We look forward to continuing our cross-chain initiatives. There’s lots more in the pipeline!
Very truly yours,
The Ferrum Network Team