omni/poa-bridge

Number of required_signatures could be different with actual number of signatures required for transactions validation

akolotov opened this issue · 0 comments

akolotov commented

The validators information is completely configured through bridge contracts and does not depend on authorities.required_signatures parameter of the bridge configuration.
The number of validators also could be changed during run-time and therefore authorities.required_signatures parameter will not reflect actual number of signatures required for a transaction validation.

The number of required signatures is required during withdraw_relay process to fetch signatures from foreign contract:
https://github.com/poanetwork/poa-bridge/blob/009d40aa504e7a48ddae6e965863b0338a8ebb0e/bridge/src/bridge/withdraw_relay.rs#L130-L134
Since the value of this parameter is picked up from configuration file it could be different from the actual number of signatures and it could cause:

  1. the bridge cannot fetch enough number of signatures if the the value stored in the contract is greater than the value from the bridge config, so it will not be able to relay withdraws.
  2. the bridge will fail on fetching signatures in the line
    https://github.com/poanetwork/poa-bridge/blob/009d40aa504e7a48ddae6e965863b0338a8ebb0e/bridge/src/bridge/withdraw_relay.rs#L51
    if the value stored in the contract is less than the value from the bridge configuration file.

The suggested changes are:

  1. To get the address of Bridge Validators contracts from both home and foreign side.
  2. To invoke requiredSignatures() on the foreign side for the same block which contains CollectedSignatures (an option could be to listen the event which will be introduced under omni/tokenbridge-contracts#27 as so update the value in the bridge instance on demand instead of polling)
  3. To relay withdraw with the number of required signatures got in the step 2.

The situation when numbers of required signatures are different on both sides of bridges will be handled by monitoring. In order to make sure that number of the same the procedure to add/remove validators should make sure that no withdraw transactions are being sent at the moment of changing number of required signatures.