Hashi integration
The proposal of Hashi integration on Gnosis Chain's bridges (AMB & Omnibridge, xDAI bridge) is approved by Gnosis DAO members on April 2nd, 2024. The integration introduces advanced security measures, mitigates systemic risks, and ensures the Gnosis Chain ecosystem remains resilient against the evolving landscape of security threats. With the efforts from Cross-Chain Alliance and Gnosis team, the integration is going toward production.
What’s new?
- Hashi Manager contract: New contract. Set reporters, adapters, and threshold parameters used by the bridge contract.
- New variables/function:
- HASHI_ENABLED: New variable. When set to true, every message can be approved by Hashi, but the message need not to be approved by Hashi for it to get executed.
- HASHI_MANDATORY: New variable. When set to true, every message has to be approved by Hashi before execution.
- isApprovedByHashi(bytes32 msgId): New public function. Return whether a message w.r.t a message Id is approved by Hashi.
- setHashiManager(address HashiManager): New function, onlyOwner. Set Hashi Manager contract on the bridge contract.
- Modified events:
- xDAI Bridge: in xDAI bridge, a
bytes32 nonce
is added intoUserRequestForAffirmation
andUserRequestForSignature
events.event UserRequestForAffirmation(address recipient, uint256 value)
is changed toevent UserRequestForAffirmation(address recipient, uint256 value, bytes32 nonce)
event UserRequestForSignature(address recipient, uint256 value)
is changed toUserRequestForSignature(address recipient, uint256 value bytes32 nonce)
- xDAI Bridge: in xDAI bridge, a
AMB & Omnibridge
For Omnibridge / AMB:
Ethereum → Gnosis Chain
- User approves token for Foreign Omnibridge
- User calls ForeignOmnibridge.relayTokens(address token, address receiver, uint256 amount)
- ForeignOmnibridge calls ForeignAMB.requireToPassMessage()
- ForeignAMB check if HASHI_IS_ENABLED is true, and call Yaho.dispatchMessage
- Off chain relayer detects MessageDispatched event from Yaho and call Yaho.relayMessagesToAdapters to relay message to each reporters.
- Reporters relay the messageId and message hash to adapter contract on Gnosis Chain.
- Light Client based oracle only stores hashes on Gnosis Chain.
- If Hashi is enabled & mandatory, off chain executor calls Gnosis Chain’s Yaru.executeMessages(), which check if the hash is agreed upon a threshold amount of adapters (set in Hashi Manager contract) adapters and set isApprovedByHashi(messageId) to true eventually.
- Bridge validators detects UserRequestForAffirmation event and call HomeAMB.executeAffirmation. If Hashi is enabled & mandatory, this step has to wait after step 3.
Gnosis Chain → Ethereum
- User approves token for Home Omnibridge
- User calls HomeOmnibridge.relayTokens(address token, address receiver, uint256 amount)
- HomeOmnibridge calls HomeAMB.requireToPassMessage()
- HomeAMB check if HASHI_IS_ENABLED is true, and call Yaho.dispatchMessage
- Off chain relayer detects MessageDispatched event from Yaho and call Yaho.relayMessagesToAdapters to relay message to each reporters.
- Reporters relay the messageId and message hash to adapter contract on Ethereum.
- Bridge validators detects UserRequestForSignature event and call HomeAMB.submitSignatures.
- If Hashi is enabled & mandatory, off chain executor calls Ethereum’s Yaru.executeMessages(), which check if the hash is agreed upon adapters and set isApprovedByHashi(messageId) to true eventually.
- User claims token by calling Ethereum’s ForeignAMB.executeSignatures().
xDAI briddge
Ethereum → Gnosis Chain
- User approves token for Foreign xDAI bridge.
- User calls ForeignXDAIBridge.relayTokens(address receiver, uint256 amount)
- ForeignXDAIBridge check if HASHI_IS_ENABLED is true, and call Yaho.dispatchMessage
- Off chain relayer detects MessageDispatched event from Yaho and call Yaho.relayMessagesToAdapters to relay message to each reporters.
- Reporters relay the messageId and message hash to adapter contract on Gnosis Chain.
- Light Client based oracle only stores hashes on Gnosis Chain.
- If Hashi is enabled & mandatory, off chain executor calls Gnosis Chain’s Yaru.executeMessages(), which check if the hash is agreed upon a threshold amount of adapters (set in Hashi Manager contract) and set isApprovedByHashi(messageId) to true eventually.
- Bridge validators detects UserRequestForAffirmation event and call HomexDAIBridge.executeAffirmation. If Hashi is enabled & mandatory, this step has to wait after step 3. Block Reward contract emits AddedReceiver event, which will mint equivalent amount of xDAI to receiver in the next block.
Gnosis Chain → Ethereum
- User calls HomexDAIBridge.relayTokens(address receiver, uint256 amount) or transfer xDAI to HomexDAIBridge without msg.data.
- HomexDAIBridge check if HASHI_IS_ENABLED is true, and call Yaho.dispatchMessage
- Off chain relayer detects MessageDispatched event from Yaho and call Yaho.relayMessagesToAdapters to relay message to each reporters.
- Reporters relay the messageId and message hash to adapter contract on Ethereum.
- Bridge validators detects UserRequestForSignature event and call HomexDAIBridge.submitSignatures.
- If Hashi is enabled & mandatory, off chain executor calls Ethereum’s Yaru.executeMessages(), which check if the hash is agreed upon adapters and set isApprovedByHashi(messageId) to true eventually.
- User claims token by calling Ethereum’s ForeignxDAIBridge.executeSignatures(). DAI is transfer to the receiver eventually.
Testnet environment
For testing purpose, we've set up testnet environemnt. Users are welcome to experiment with the testnet environments:
- Sepolia addresses
- ForeignAMB: 0x2F62433e00168af10c70bc39e2fDbEe5DaCA257b
- Hashi Manager: 0x6C5F4F8a719bF054D6b08E3cCc27a5f208Ec8766
- Chiado addresses
- Home AMB: 0xAF18353BF369897Aab18ec225422F921be9F7eC6
- Hashi Manager: 0xe505cD6522E9A1c2309a915f83dDCA9addaC0895
- AMB BridgeHelper: 0x3fba3D7Ae204a684E4359A3fC211C18EA155cd78
Omnibridge
- Sepolia address
- Foreign Omnibridge: 0xc4e06E44B2d1e148beFAa3cB2012A985EFe7032a
- WETH Router: 0x65E64139f202F89cb6b4bFc140bf01Cda1886465
- Chiado address
- Home Omnibridge: 0xB866dC5321Ca41a22938A7afD5Bc3c5069975874
xDAI
- Sepolia addresses
- Foreign xDAI: 0x97589968FA7ef153af44C6F5d0Fb9AcaEA97AC94
- Hashi Manager: 0x90d3c0c9BCb317E80A459B0126257665186E59fa
- Chiado addresses
- Home xDAI: 0x867696eA1cfA243aB909797022D0A0C99BdACcF1
- Hashi Manager: 0x5b745C021ef62f90862a812EB6763f5758e51eE2
- xDAI Bridge Helper: 0xA7bE47d1111baFDb2f0E9ce8D6431508aC2fd98e
Reference
- AMB contracts: https://github.com/crosschain-alliance/tokenbridge-contracts/tree/feat/hashi-integration-amb
- xDAI bridge contracts: https://github.com/crosschain-alliance/tokenbridge-contracts/tree/feat/hashi-integration-xdai-bridge
- Test: https://github.com/crosschain-alliance/tokenbridge-contracts-migration-tests
- Audits: https://crosschain-alliance.gitbook.io/hashi/v0.2/audit-report#gnosis-bridge-hashi-integration
- Hashi: https://crosschain-alliance.gitbook.io/hashi/v0.2/introduction