To swap tokens from one chain to another, a user calls the function depositTokens().

    function depositTokens(
        address token,      // token that user send (if token address < 32, then send native coin)
        uint256 value,      // tokens value
        uint256 toChainId   // destination chain Id where will be claimed tokens
    ) 
        external
        payable
        notFrozen

The event Deposit(address token, address sender, uint256 value, uint256 toChainId, address toToken) will be emitted, where:

• address token - token address (if address < 32, then it's native coin).
• address sender - the wallet address who sends tokens (only the same address may receive tokens on another chain).
• uint256 value - amount of tokens.
• uint256 toChainId - chain ID where a user can claim tokens/
• address toToken - token address on the destination chain that user will claim.

To get authority signature a user has to call Authority server function authorize(txId, fromChainId), where:

• txId - deposit transaction ID (hash)
• fromChainId - chain ID where deposited.

it returns JSON, where:

• if all good:

  • isSuccess - true,
  • signature - authority signature,
  • token - token to receive,
  • value - tokens amount,
  • to- receiver (user's) address,
  • chainId - chain ID where to claim token,
  • bridge - address of bridge on destination network.

• in case of error:

  • isSuccess - false,
  • message - error description

Use those values to claim tokens on destination chain, the user calls the function claimMultiSig()

    function claimMultiSig(
        address token,          // token to receive
        bytes32 txId,           // deposit transaction hash on fromChain 
        address to,             // user address
        uint256 value,          // value of tokens
        uint256 fromChainId,    // chain ID where user deposited
        bytes[] calldata sig    // authority signatures
    ) 

To created wrapped token the owner has to get nonce from function calculateNonce() then using this nonce calls the function createWrappedToken()

    function createWrappedToken(
        address fromToken,      // foreign token address
        uint256 fromChainId,    // foreign chain ID where token deployed
        string memory name,     // wrapped token name
        string memory symbol,   // wrapped token symbol
        uint8 decimals,         // wrapped token decimals (should be the same as in original token)
        uint256 nonce           // nonce to create wrapped token address begin with 0xCC.... 
    )
        external
        onlyOwner

On native token's chain the owner calls function createPair(address toToken, address fromToken, uint256 fromChainId), where:

• toToken - address of token contract on native chain.
• fromToken - address of wrapped token on foreign chain.
• fromChainId - foreign chain ID.

1. Only owner can set/remove authority address, using function setAuthority().
2. Only owner can set threshold (numbers of authority required to approve swap), using function setThreshold().
3. The owner or any authority can freeze the Bridge contract in case of anomaly detection (anomaly detection module is not implemented).
4. Only owner can unfreeze contract.

Import authority.js module in server app using: const auth = require("./authority.js");

Call function auth.authorize(txId, fromChainId), where:

• txId - transaction hash,
• fromChainId - chain ID where transaction was sent.

returns JSON string, where:

• if all good:

  • isSuccess - true,
  • signature - authority signature,
  • token - token to receive,
  • value - tokens amount,
  • to- receiver (user's) address,
  • chainId - chain ID where to claim token,
  • bridge - address of bridge on destination network.

• in case of error:

  • isSuccess - false,
  • message - error description

Use signature, token, value, to to call function claimMultiSig it the bridge contract on destination network

    auth.authorize(txId, fromChainId)
    .then(resp => {
        response.writeHead(200, {'Content-Type': 'application/json; charset=utf-8'});
        response.end(JSON.stringify(resp));

    })
    .catch(err => {
        response.writeHead(404, {'Content-Type': 'text/html'});
        response.end(err.toString());            
    })

Each authority script has own private key that stored in environment (.env).

To get transaction events the script use public RPC. There is a risk of compromising a public site and providing malicious data.

Therefore, I highly recommend to use local node instead of public RPC or, at least, use different public RPC for different authority script.

Bridge 0x6664fD73ed95CF608B5e461A6cE89212F989EdCA

Token implementation 0xa89f3920D5F4B333d783C9cac33E13A26C78bc2b

Bridge 0x05ef4B789C75c02d5182e6EfB7c64230Ec9B58b2

Token implementation 0x57a40032d14755B9e481584C51b8eF59e93120bE

wrapped CLO token 0xBf48DCa064aC248Ba2096Fb7e5F41724322942E9