๐Bridge Security
Detailed technical FAQs relating to Fiorin's integrated Ethereum bridge
What is Fiorinโs bridge?
Fiorinโs bridge consists of two functions:
These functions are encapsulated within the Fiorin wallet UI for a completely seamless stablecoin deposit / withdrawal experience.
Is the bridge safe?!
Bridges are notorious for being insecure / unsafe. In order to have a higher level of confidence in a bridge, a user should consider the below:
Bridge smart contract is audited
Bridge smart contract is open source
Bridge smart contract locked and issued token amounts are public and verifiable
Controls / limits are hardcoded into the bridge smart contract
We address each of these points below.
Has the bridge smart contract been audited?
Yes! Fiorin bridge has been audited by Coinscope. The audit revealed:
0 critical findings
0 medium findings
11 informative findings (which have since been resolved on a redeployed smart contract)
Is the bridge smart contract code open source?
Yes! Here is the link to the Github repository.
What is the Ethereum smart contract address for the bridge?
What security controls are in place?
User must specify their ERC20 withdrawal address when the wallet is created and this address cannot later be changed
ERC20 withdrawal addresses cannot be reused between different Fiorin wallets
User cannot withdraw funds until 24 hours after their first deposit
User has a 24 hour withdrawal limit equal to the maximum deposit they have made into the wallet
There is a maximum daily withdrawal amount from each user account of $100,000
All withdrawals are automatically blocked if there is an imbalance between locked and issued stablecoin amounts (next section)
There is a auxiliary private key (in cold storage) for the Ethereum bridge smart contract that can nullify the primary private key and issue new primary and auxiliary private keys
Can locked and issued stablecoin balances be verified?
Fiorinโs bridge consists of two functions:
Locked ERC20 balances can be verified on Etherscan here
The 1:1 wrapped USDXS tokens can be verified here
BSV token information:
Symbol: USDXS
token ID: aeded8ce7e2d25544be184ceb16875ede4711425
What token protocol does Fiorin use?
Fiorin allows ERC20 tokens (Ethereum) deposits which it then wraps 1:1 as USDXS tokens using STAS (BSV):
๐pageToken ProtocolAML screening?
Fiorin monitors (via 3rd party api) both inbound and outbound ERC20 transfers to/from the bridge smart contract. Suspicious sends/receives will be blocked.
What are the risks of using the bridge?
The bridge smart contract is exploited. Attackers could withdraw locked ERC20 tokens
Fiorin server is compromised. Attackers could action ERC20 withdrawal from bridge accounts of their choosing
Fiorin server is compromised. Attackers could mint unlimited USDXS tokens on BSV
Mitigated by an auxiliary private key (kept in cold storage) which has the power to disable the bridge smart contract and reissue new primary and auxiliary private keys
Last updated