This project presents a simple bridge mechanism to move our ERC20 token from L1 to an L2 we're building. The L2 part of the bridge is still under construction, so we don't include it here.
In a nutshell, the bridge allows users to deposit tokens, which are held into a secure vault on L1. Successful deposits trigger an event that our off-chain mechanism picks up, parses it and mints the corresponding tokens on L2.
To ensure user safety, this first version of the bridge has a few security mechanisms in place:
We plan on launching L1BossBridge
on both Ethereum Mainnet and ZKSync.
For the moment, assume only the L1Token.sol
or copies of it will be used as tokens for the bridge. This means all other ERC20s and their weirdness is considered out-of-scope.
The bridge operator is in charge of signing withdrawal requests submitted by users. These will be submitted on the L2 component of the bridge, not included here. Our service will validate the payloads submitted by users, checking that the account submitting the withdrawal has first originated a successful deposit in the L1 part of the bridge.
git --version
and you see a response like git version x.x.x
forge --version
and you see a response like forge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)
git clone https://github.com/Cyfrin/7-boss-bridge-audit
cd 7-boss-bridge-audit
make
or
git clone https://github.com/Cyfrin/7-boss-bridge-audit
cd 7-boss-bridge-audit
forge install
forge build
forge test
forge coverage
and for coverage based testing:
forge coverage --report debug
make slither
make aderyn
./src/
#-- L1BossBridge.sol
#-- L1Token.sol
#-- L1Vault.sol
#-- TokenFactory.sol
Signers
(see below)depositTokensToL2
, when they want to send tokens from L1 -> L2.deployToken
will always correctly have an L1Token.sol copy, and not some weird erc20