Comments (6)
Ok. After discussion on the meeting and investigation of cases with upgradable tokens listed on exchanges we have the following:
- we need a ERC20 (or any another supportable by exchanges) token
- the token contract must exists separately from bridge contract
- if the standard. we chose, does not support safe transfer tokens to contracts we need to implement this in the POA token (e.g. ERC677 -
transferAndCall()
) in order to allow customers to transfer tokens to another contracts.
then we dedicate two phases in the token life time.
Phase I
Besides the functionality dictated by the standard we need the ability to mint the token in order to support deposit tokens by the bridge. The bridge contract is only the address which has the right to mint tokens.
Phase II
In order to have POA tokens swappable to POA coins, the token must be burnable: as soon as the transferAndCall()
(or similar functionality) is called with the bridge contract as recipient, the token bridge will burn tokens. This functionality must be disabled by default on Phase I (the bridge token must revert in any scenario when receives tokens). It is assumed that the bridge contract will be upgraded on Phase II to enable this functionality. In any case the bridge contract is only the address which has the right to burn tokens.
Ownership
Since we have to manage the token contracts to provide rights for minting or burning tokens by the bridge address, it makes sense to consider multisig approach for applying new configuration to the token: several authorities (M) will be listed as approvers in the token contract and the configuration will be changed if N approvers (e.g. N > M/2 + 1 or any another appropriate scheme) confirmed this.
@rstormsf @igorbarinov, if you agree with the comment above I will create separate issues to address needed changes.
from poa-bridge.
-
I don't see a value of using Pre-minted token because it can trigger unnecessary concerns by our contributors of doubling up the total supply.
I believe using Mintable strategy is useful with tight security mechanism so that if 1 relay node is compromised, it still requires 51% of all relay nodes in order to submitmint
without actual Deposits. I have to evaluate the current security model of this approach. -
I don't believe there should be any hard coded/minted token at the time of deployment. Both should be 0. The start of the process will be from HomeBridge that will start minting tokens when first Deposit event will be received.
2.1.
I'm curious under which condition the value of left side could be lower than the amount minted?
I believe it's a problem that shouldn't exist only if some exploitation is applied. There is no simple solution to that problem since it requires 3rd party oracle that will update contracts on both sides in order to check the POA balance on HomeBridge and totalSupply on ForeignBridge
2.2. That is definitely great question which token design we should use.
I am leaning towards ERC677 approach since I don't like to deviate from standards and don't want people to know what our custom method is.
2.3 ERC223 hasn't gotten wide public adoption hence I would like to stay away from it.
from poa-bridge.
@akolotov I agree with this strategy
from poa-bridge.
@akolotov
I'd probably use ERC827 vs ERC677
https://github.com/OpenZeppelin/zeppelin-solidity/tree/master/contracts/token/ERC827
The reason is simple: it's audited by OpenZeppelin and already included into their code
from poa-bridge.
OK. I am not an expert in how users work with exchanges, so do you @rstormsf have any idea how the end user will generate _data
for such kind of transfer?
from poa-bridge.
Could be closed since all contracts already implemented in https://github.com/poanetwork/poa-parity-bridge-contracts
from poa-bridge.
Related Issues (20)
- Bridge contract addresses in the configuration file
- Update RELEASE_NOTES with the recent changes for 0.3.0 HOT 1
- Root Cause Analysis of unprocessed tx HOT 8
- Failover RPC support
- Fork of parity-bridge? HOT 4
- authorities sections is obsolete in the configuration file
- gas_price parameter still mentioned in the error message
- Account invalid error when using single validator HOT 18
- facing issue while make with Rust version 1.29.0 for ethstore v0.2.0 HOT 3
- Using a commit/contest method to scale validator set HOT 11
- Remove dependency on 'solc' from build process HOT 9
- One account should be used for home and foreign networks
- HTTPS must be forced for RPC connections HOT 2
- Get the message length from the bridge contract
- Use JMESPath to retrieve a gas-price value from the Oracle JSON.
- Problem: potential loss of database updates
- Introduce versioning for the binary
- a warning message if the keystore contains non-JSON files HOT 1
- [Crash] if tx queue has reached to parity node HOT 5
- [Crash] bridge cannot process 2k txs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from poa-bridge.