IMA Security Methods
To improve the ability of SKALE Chain owners to manage and respond to security incidents, a few features have been added to the IMA bridge:
-
Configurable time delay on exits exceeding certain amounts
-
Pauseable processing of IMA messages
Time delay on excess amounts of ERC20 tokens
SKALE Chain owners can set a time delay for token exits that exceed certain amounts. If an exit exceeds the limits, then those exited tokens will continue to be locked in the DepositBox contract until a configurable time elapses. After the time has elapsed, the receiver can then pull tokens from the DepositBox contract.
During a triggered time delay, there are two actions that can be executed:
-
an account granted with an
ARBITER_ROLEor the SKALE Chain owner may initialize an arbitrage of the transfer (escalate). This action increases the time delay/token lock period by a value configurable by the SKALE Chain owner (setArbitrageDuration). -
the SKALE Chain owner can cancel the transfer (rejectTransfer). In this case, the tokens go to the SKALE Chain owner address.
Once in arbitrage, the SKALE Chain owner can cancel the arbitrage and immediately transfer the tokens to the receiver (validateTransfer). In this case, the receiver does not need to explicitly pull the tokens.
If transfer was delayed or arbitraged and time delay passed without any action during this period, receiver can complete the transfer (retrieve)
Default Values
By default, a time delay for large amounts of ERC20 tokens is disabled. Each SKALE Chain owner must explicitly enable this feature (setBigTransferDelay) and set a threshold amount for each ERC20 token in IMA (setBigTransferValue).
Whitelist
The SKALE Chain owner manages a list of trusted addresses that bypass the delay regardless of exit amount (trustReceiver and stopTrustingReceiver)
Methods
-
setBigTransferValue - sets the value threshold above which tokens will be delayed.
Default value is 0for all tokens: so if delay is set then all tokens will be delayed. To disable delay for specific tokens you must set their value to infinity. If the delay is set but no threshold is set, then all tokens will be delayed. -
setBigTransferDelay - sets the delay time applied to token amounts above the threshold.
Pauseable processing of messages
Specific SKALE Chain IMA bridges may be paused by the designated PAUSABLE_ROLE.
Pausing
The PAUSABLE_ROLE may pause a specific SKALE Chain IMA bridge for an unlimited time.
The DEFAULT_ADMIN_ROLE only can grant PAUSABLE_ROLE.
Unpausing
Once paused, the SKALE Chain owner or the DEFAULT_ADMIN_ROLE may resume processing IMA messages for a specific SKALE Chain.