Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BEP-174: Cross Chain Relayer Management #174

Merged
merged 7 commits into from
Mar 1, 2023
Merged

BEP-174: Cross Chain Relayer Management #174

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a92f500
working draft
bnb-tw Nov 23, 2022
877c4dd
update relayer fn
bnb-tw Nov 24, 2022
ec524cf
Update BEP-174 with newer function changes
emailtovamos Jan 23, 2023
8f5cca5
Merge pull request #1 from emailtovamos/emailtovamos-patch-1
emailtovamos Jan 23, 2023
98e4e20
Address pr suggestion
emailtovamos Jan 24, 2023
6dfdeb4
Merge pull request #192 from emailtovamos/BEP-174
bnb-tw Jan 24, 2023
bf88d9c
fix broken url and some params
MatusKysel Mar 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
141 changes: 141 additions & 0 deletions BEP174.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
<pre>
BEP: 174
Title: Cross Chain Relayer Management
Status: Draft
Type: Standards
Created: 2022-11-23
</pre>

# BEP-174: Cross Chain Relayer Management

## 1. Summary

This BEP introduces a new governance proposal type to manage the set of whitelisted Relayers.
A Relayer whitelist was introduced recently to the BSC genesis contracts ([PR-198](https://github.com/bnb-chain/bsc-genesis-contract/pull/198)).
This BEP will improve the management of the relayer whitelist by introducing Relayer Managers, where a Relayer Manager can manage the registration of a single Relayer.
Managers will be elected and ejected via governance.

## 2. Abstract

This BEP introduces a new governance proposal type to manage Relayer Manager public keys that will be stored in the [`RelayerHub`](https://github.com/bnb-chain/bsc-genesis-contract/blob/71dcd4c409a68a6e084645a9f1f80adecd5a4269/contracts/RelayerHub.sol) genesis contract on BSC.

Relayer Managers will be able to manage their individual relayer public key. Only Relayer public keys registered via Managers will be able to invoke the `RelayerHub` smart contract for cross chain transfers.


## 3. Status

This BEP is under progress. See https://github.com/bnb-chain/bsc-genesis-contract/pull/205.

## 4. Motivation

After the [BSC Bridge exploitation](https://github.com/verichains/public-audit-reports/discussions/17) it is important we introduce some mechanism in place that enhances the security of the system. A governance based set Manager public keys who manage a single Relayer adds an extra layer of security.


## 5. Specification


### 5.1 Current Relayer Whitelist

Currently whitelisted relayers are [hardcoded](https://github.com/bnb-chain/bsc-genesis-contract/blob/a8476b2aefba0a66db86311ab44d43d7e2df24fe/contracts/System.sol#L88) in the `System` genesis smart contract. This list needs to be updated manually by deploying a new version of the smart contract.

### 5.2 The New Whitelisting Mechanism
After the implementation of this BEP:

- A Relayer Manager role will be introduced with corresponding public keys.
- The set of Managers will be updated via governance using the existing [param change proposal](https://github.com/bnb-chain/bnb-chain.github.io/blob/45f59e2/docs/learn/bsc-gov.md#submit-cross-chain-param-change-proposal) mechanism.
- Managers will NOT have to deposit any BNB (as opposed to the previous 100BNB deposit requirement).
- Once selected by governance, Managers will be able to add an associated Relayer public key.
- There will be a 1:1 relationship between Manager public key to active Relayer public key.
- Only associated Relayers can send cross chain messages.
- Managers can modify public key of their Relayer at any time. This will facilitate rotation of Relayer instances.
- The old `unregister` function will still be active to allow the existing whitelisted relayers to safely exit.

### 5.3 `RelayerHub` Smart Contract Changes
#### Relayer Manager functions

```
function updateParam(string calldata key, bytes calldata value) external override onlyInit onlyGov
```
The pre-existing function will be updated to support `addManager` and `removeManager` keys to facilitate adding and removing of managers via governance.

```
function removeManagerByHimself() external
```
Allows a manager to remove himself if required.

```
fuction addManagerByGov(address) external onlyGov
```
Adds a Manager public key to the current set of Managers. This is only called via governance. Emits an event on success.

```
function updateRelayer(address relayerToBeAdded) public onlyManager
```
This can be used by the manager to add or remove its relayer. Overwrites Relayer if there is an existing Relayer already added. Emits an event on success. The `relayerToBeAdded` parameter can be set to `0` address to enable removal of a relayer (e.g. if the private key gets compromised).

```
function whitelistInit() external
```
This is to ensure smooth transition so that the presently existing hardcoded whitelisted relayers continue to be relayers after the hardfork. This function needs to be **manually** called once after the hardfork.

#### Relayer functions
```
function isRelayer(address relayerAddress) external override view returns (bool)
```
This will be called by the Relayer codebase, instead of registering. Relayer can stop if this returns false


#### `updateParam` Changes

```
function updateParam(string calldata key, bytes calldata value) external override onlyInit onlyGov{
if (Memory.compareStrings(key,"addManager")) {
// TODO check and parse value
// addManagerAddress(...)
} else if (Memory.compareStrings(key,"removeManager")) {
// TODO check and parse value
// removeManagerAddress(...)
} else {
require(false, "unknown param");
}
emit paramChange(key, value);
}
```
The `updateParam` function will be modified accept two new keys
- `addManager` to add a Manager to the stored Manager set.
- `removeManager` to remove a Manager from the stored Manager set.

Also `requiredDeposit` and `dues` will be removed. So no need to account for them in the keys check.

#### Functions to be Deprecated

These Relayer functions will be deprecated:
```
function register() external payable ...
```

`unregister()` function isn't deprecated to allow existing hardcoded whitelisted relayers to have safe exit.

### 5.4 Relayer Changes

Update Relayer codebase to no longer register and deposit. Update abi? and run code generation to call new `verifyRelayer` method on `RelayerHub` smart contract and proceed to relay cross chain messages on success.

### 5.5 Existing relayer key migration

Manager keys will need to be supplied for the existing two relayers. Manger set will be seeded with these two Manager public keys. Relayer public keys will be registered to these Managers.

Existing Relayers will need to pull down relayer code once the `RelayerHub` SC has been upgraded.

### 5.6 CLI commands
```
## mainet
./bnbcli params submit-cscParam-change-proposal --key "addManager" --value "ADDRESS" --target 0x0000000000000000000000000000000000001006 --deposit 200000000000:BNB --voting-period 100 --side-chain-id bsc --title "add new super trusty relayer" --from alice --trust-node --chain-id Binance-Chain-Tigris

## testnet
./tbnbcli params submit-cscParam-change-proposal --key "addManager" --value "ADDRESS" --target 0x0000000000000000000000000000000000001006 --deposit 200000000000:BNB --voting-period 100 --side-chain-id chapel --title "add new super trusty relayer" --from alice --trust-node --chain-id Binance-Chain-Ganges
```
The commands used to create a change proposal to governance.

## 7. License

The content is licensed under [CC0](https://creativecommons.org/publicdomain/zero/1.0/).