PulseChain is a standalone blockchain and uses a bridge to communicate with other networks like Ethereum and Binance Smart Chain (BSC). The Pulsechain bridge is a crucial part of the infrastructure and the main point of entry and exit for capital. Its security, reliability, and throughput are essential for the network’s prosperity. Here, we give it a closer look and describe how it works.
How is the Pulsecain Bridge constructed?
The bridge is created between Pulsechain, the native network, and the foreign network, like Ethereum or other EVM chains like BSC. The native part of the bridge performs operations to collect validator confirmations.
The bridge has a set of smart contracts to manage bridge validators, collect signatures, and confirm asset relay and disposal. A listener listens to events and sends transactions to authorize asset transfers, while the bridge monitor checks balances and unprocessed events.
When transferring ERC-20 tokens through a bridge, the tokens are locked on the foreign network and minted on the native network. When the transfer happens in reverse, the tokens are burned on the native network and unlocked on the foreign one.
Bridge administration
Each bridge has a set of permissions fulfilling particular roles. The highest administrative premission is able to authorize and change other roles. It’s responsible for upgrades and bridge security. A multisignature for Pulsechain bridge administrators ensures security. Multiple parties need to sign a transaction for an upgrade to be executed. In different bridges, it is usually the validators who assume the role of the signers. In the case of Pulsechain, there are multiple signers distributed around the world. They have different responsibilities.
The lowest role is that it can only validate bridge transactions and manage bridge parameters like min/max transactions and daily limits. Other validators can manage the validator set, and the highest role is assigned to the validators managing the upgrades and funds.
These validators are chosen on each network and require a multisignature for every action.
Pulsechain validators do not manage smart contracts in the bridge setup; they solely listen for transfer requests on both sides, collect signatures, and approve relaying assets on both sides. Contract management is left to the account with the highest permission.
Transfers are currently free of charge, but there may be a fee in the future. The Pulsechain bridge interface is decentralized, and it can be deployed on a user’s computer by downloading a file. Alternatively, it’s possible to use a third-party, easy-to-use interface operated by Tokensex.
Bridge security
Because of their important role in the ecosystem and complexity, bridges are a frequent target of hacker attacks. In the past, there were many vulnerabilities that focused mainly on smart contract exploitation and centralized components like oracles or validators, which acted as potential single points of failure. If these centralized entities are compromised, the entire bridge can be manipulated or disrupted, leading to unauthorized transfers or asset theft.
Some of the most notable bridge hacks involve:
Poly Network (2021):
In 2021, Poly Network, a cross-chain interoperability protocol, fell victim to a high-profile attack. The hackers exploited a vulnerability in the smart contract code, allowing them to execute a multi-chain attack. The attackers gained control over the bridge’s control functions, enabling them to transfer assets between different blockchains.
Binance Smart Chain (2022):
In another instance, a prominent blockchain bridge connected to the Binance Smart Chain encountered a security breach in 2022. The attackers exploited a flaw in the oracle system, manipulating price feeds and triggering unauthorized transactions on the bridge.
It’s crucial that the smart contracts undergo a thorough audit. To enhance security, blockchain bridges need to be decentralized with redundant components. Distributing control functions across multiple nodes or validators reduces the risk of a single point of failure and limits the potential impact of a security breach.
The Pulsechain Bridge relies on the Omnibridge open source code, which was audited by multiple security firms and operates on other networks. It has been working flawlessly since its launch in May 2023. Almost $77 million was transferred from Ethereum to Pulsechain, and over $3 million was transferred from Pulsechain to Ethereum.