IMA Security Methods

To improve the ability of SKALE Chain owners to manage and respond to security incidents, a few features have been added to the IMA bridge:

  • Configurable time delay on exits exceeding certain amounts

  • Pauseable processing of IMA messages

Time delay on excess amounts of ERC20 tokens

SKALE Chain owners can set a time delay for token exits that exceed certain amounts. If an exit exceeds the limits, then those exited tokens will continue to be locked in the DepositBox contract until a configurable time elapses. After the time has elapsed, the receiver can then pull tokens from the DepositBox contract.

During a triggered time delay, there are two actions that can be executed:

  • an account granted with an ARBITER_ROLE or the SKALE Chain owner may initialize an arbitrage of the transfer (escalate). This action increases the time delay/token lock period by a value configurable by the SKALE Chain owner (setArbitrageDuration).

  • the SKALE Chain owner can cancel the transfer (rejectTransfer). In this case, the tokens go to the SKALE Chain owner address.

Once in arbitrage, the SKALE Chain owner can cancel the arbitrage and immediately transfer the tokens to the receiver (validateTransfer). In this case, the receiver does not need to explicitly pull the tokens.

If transfer was delayed or arbitraged and time delay passed without any action during this period, receiver can complete the transfer (retrieve)

Default Values

By default, a time delay for large amounts of ERC20 tokens is disabled. Each SKALE Chain owner must explicitly enable this feature (setBigTransferDelay) and set a threshold amount for each ERC20 token in IMA (setBigTransferValue).

Whitelist

The SKALE Chain owner manages a list of trusted addresses that bypass the delay regardless of exit amount (trustReceiver and stopTrustingReceiver)

Methods

Pauseable processing of messages

Specific SKALE Chain IMA bridges may be paused by the designated PAUSABLE_ROLE.

Pausing

The PAUSABLE_ROLE may pause a specific SKALE Chain IMA bridge for an unlimited time. The DEFAULT_ADMIN_ROLE only can grant PAUSABLE_ROLE.

Unpausing

Once paused, the SKALE Chain owner or the DEFAULT_ADMIN_ROLE may resume processing IMA messages for a specific SKALE Chain.

Methods