🔒

Bridge Security

Detailed technical FAQs relating to Fiorin's integrated Ethereum bridge

What is Fiorin’s bridge?
Fiorin’s bridge is a mechanism which ports Ethereum
 tokens to Bitcoin SV (BSV)
 (and vice-versa).
Fiorin’s bridge consists of two functions:
1.A smart contract on the Ethereum
 network and;
2.A token issuance mechanism on the BSV
 network
These functions are encapsulated within the Fiorin wallet UI for a completely seamless stablecoin deposit / withdrawal experience. 
Is the bridge safe?!
Bridges are notorious for being insecure / unsafe. In order to have a higher level of confidence in a bridge, a user should consider the below:
1.Bridge smart contract is audited
2.Bridge smart contract is open source
3.Bridge smart contract locked and issued token amounts are public and verifiable
4.Controls / limits are hardcoded into the bridge smart contract
We address each of these points below.
Has the bridge smart contract been audited?
Yes! Fiorin bridge has been audited by Coinscope. The audit revealed:
0 critical findings
0 medium findings
11 informative findings (which have since been resolved on a redeployed smart contract)
Is the bridge smart contract code open source?
Yes! Here is the link to the Github repository. 
What is the Ethereum smart contract address for the bridge?
The Ethereum
 bridge smart contract is: 
0x4fAFa2ec8B5E89af0eF212279A2990f147cDCdd6​
What security controls are in place?
1.User must specify their ERC20 withdrawal address when the wallet is created and this address cannot later be changed
2.ERC20 withdrawal addresses cannot be reused between different Fiorin wallets
3.User cannot withdraw funds until 24 hours after their first deposit
4.User has a 24 hour withdrawal limit equal to the maximum deposit they have made into the wallet
5.There is a maximum daily withdrawal amount from each user account of $100,000
6.All withdrawals are automatically blocked if there is an imbalance between locked and issued stablecoin amounts (next section)
7.There is a auxiliary private key (in cold storage) for the Ethereum bridge smart contract that can nullify the primary private key and issue new primary and auxiliary private keys
Can locked and issued stablecoin balances be verified?
Fiorin’s bridge consists of two functions:
1.A smart contract on the Ethereum
 network (which locks ERC20 tokens)
Locked ERC20 balances can be verified on Etherscan here​
2.A token issuance mechanism on the Bitcoin SV
 network (which wraps ERC20 tokens as USDXS tokens using the STAS protocol)
The 1:1 wrapped USDXS tokens can be verified here​
BSV token information:
Symbol: USDXS 
token ID: aeded8ce7e2d25544be184ceb16875ede4711425
What token protocol does Fiorin use?
Fiorin allows ERC20 tokens (Ethereum) deposits which it then wraps 1:1 as USDXS tokens using STAS (BSV):
🌐
Token Protocol
AML screening?
Fiorin monitors (via 3rd party api) both inbound and outbound ERC20 transfers to/from the bridge smart contract. Suspicious sends/receives will be blocked. 
What are the risks of using the bridge?
1.The bridge smart contract is exploited. Attackers could withdraw locked ERC20 tokens
2.Fiorin server is compromised. Attackers could action ERC20 withdrawal from bridge accounts of their choosing
3.Fiorin server is compromised. Attackers could mint unlimited USDXS tokens on BSV
Mitigated by using open source bridge code
Mitigated by having a reputable 3rd party audit
Mitigated by public disclosure of locked ERC20 tokens and issued USDXS tokens. If these balances do not perfectly reconcile, the bridge smart contract can be disabled
Mitigated by hardcoded bridge smart contract controls
Each bridge user has their own account with a fixed and pre-specified withdrawal address as well as 24 hour withdrawal limits
Mitigated by an auxiliary private key (kept in cold storage) which has the power to disable the bridge smart contract and reissue new primary and auxiliary private keys

Technology - Previous

Wallet Security

Next - Technology

Token Protocol

Last modified 3mo ago