Motivation
There have been instances where users have attempted to access cBridge by calling the functions of its smart contracts directly, but their efforts have been unsuccessful due to incorrect parameter specifications and other issues. As a result, the funds they transferred to these contracts have become locked indefinitely. In order to help the rightful owners of these funds retrieve them or assist law enforcement bodies in cases involving proven bad actors, we propose implementing a series of features in cBridge as an upgrade.
It’s important to note that there are several ways in which funds can become locked in smart contracts, and our goal is to address as many of these cases as possible over time. However, due to security concerns, we will take a step-by-step approach, starting with the easier cases first.
Proposal
In this proposal, we aim to address the case where the send function is called by the user, but the transaction fails to process. We propose upgrading the cBridge code to implement the following behaviors:
- Return to the original address
If any validator receives a request from a user whose transaction has failed, they can initiate an automated process to propose to the other validators to sync the send event and automatically return the funds to the original address.
To ensure that there are no claims from law enforcement bodies that the locked funds are stolen, a waiting period of 90 days will be started once the event is re-synced. If any validator receives a notification from a law enforcement body, the validator can veto the automatic return process. Any vetoed action cannot be re-initiated without a full community proposal.
- Return to law enforcement bodies in case of proven stolen funds
In the case that the locked funds are stolen, it is in the interests of the Celer community to release these funds to the appropriate law enforcement bodies rather than returning them to the perpetrators.
To address this, we propose implementing a new feature in cBridge that allows any validator to communicate with other validators and initiate a process to generate a multi-signature that is capable of redirecting the funds to law enforcement upon receiving a court-authorized request. When a staking quorum is reached, and no veto is received from any validator within fourteen days, the action can be executed without the need for a separate proposal. In addition, if the locked funds are marked as the result of a hack by any validator, the “return to the original address” procedure cannot be carried out.
All validators should independently verify the authenticity of the request and address any concerns they may have. If, after conducting their own investigation, a validator still has concerns, they may veto the action within fourteen days, regardless of their staking weight. Any vetoed action cannot be re-initiated without a full community proposal.
Note
- This proposal does not currently address cases where users send funds directly to cBridge contracts. We aim to implement future features to resolve those cases, which are much more complicated.
- This proposal only concerns failure cases where funds are locked indefinitely in smart contracts and does not affect successful transactions.
- For
- Against
0 voters