Fast Transfers

[kiseln]

Description

Fast transfer is initiated by sending tokens to the bridge contract with a proper message for ft_on_transfer.

Recipient on Near

• Tokens are transferred directly to the recipient
• During finalization tokens and fees are released back to the relayer

Recipient on other chain

• Tokens are burned/locked and a new transfer is created for a 3rd-party chain.
• During finalization tokens are released to the relayer
• Fees are paid only after finalizing on 3rd-party chain

Implementation

• msg has been changed for ft_on_transfer to resolve between init_transfer and fast_fin_transfer.
• Fast transfers are stored in a lookup with a key being a hash of its struct. Relayer must provide correct transfer_id, token_id, recipient, amount, fee, and msg.
• Storage deposit is only performed if recipient is on Near in order to be able to transfer tokens to the recipient. Storage deposit is done using relayer balance instead of attached NEAR.
• Any transfers requiring native NEAR are done using wNEAR. If recipient is on Near, the tokens are unwrapped before sending.
• Only relayer that performed fast transfer can then finalize the transfer

Concerns

• For other chain transfers sender is changed to be the relayer. I don't think this parameter is important but keeping in mind that it is different from normal transfers.
• Storage deposits need to be double checked and tested

[olga24912]

And could you add comment, when the storage_deposit should be provided and for what.

[olga24912]

In the ft_on_transfer function, we burned the tokens. Since an error occurred here, we need to roll back the token burn.

[kiseln]

This would never happen because this method is only called if recipient is on Near

[olga24912]

In any case, the error could have occurred during the previous check. In that case, the tokens would already be burned, and we wouldn’t roll back the operation. The balance wouldn’t match.

[kiseln]

Actually if it's a bridged token (the only one we burn) bridge balance would be zero. Meaning if relayer sends an incorrect transaction the tokens will be burned and the refund to the relayer will fail. There will be no loss of funds from the bridge perspective, right? @karim-en

[kiseln]

Added tests and a fix here 88a9781
Not sure if more elegant solution is possible

[olga24912]

env::attached_deposit() -- this value isn’t always zero, is it?

[kiseln]

Changed to 0

[olga24912]

Who will ultimately receive the native fee? The Fast Transfer Relayer or the General Relayer? Are we at risk of spending the same funds twice?

[kiseln]

If recipient is on Near, the fast relayer will get the fee after finalizing the original transfer.
If recipient is on another chain, it's a bit tricky. The fee is claimed only after transfer is finalized on the 3rd chain. And right now it can be another relayer. Perhaps we need to split the fee between the two relayers in this scenario @karim-en ?

[kiseln]

Perhaps we can allow sign_transfer only for the fast relayer in this case

Edit: but then fast relayer will be able to finalize the original transfer while keeping the 3rd-chain message unsigned. Need to think more

[kiseln]

Actually, in case recipient is on another chain we need a solution for both normal and fast transfers. So perhaps it's not quite in scope of this PR. As of now, the relayer that finalizes the transfer on the destination chain will receive the fees

[olga24912]

I might also consider adding an option to opt out of fast-transfer.

[karim-en]

The const VERIFY_PROOF_CALLBACK_GAS isn't correct

[karim-en]

@kiseln

[kiseln]

Fixed 1f38b04

[karim-en]

@kiseln Please add integration tests to this new feature

[kiseln]

@kiseln Please add integration tests to this new feature

118a333

[karim-en]

The naming could be confusing (in the explorer) because the nep141 implementation also has a ft_resolve_transfer

[kiseln]

Renamed 1f38b04

[karim-en]

This refund is dangerous due to the undetermined behavior of the ft_trnasfer_call, so let's always return zero.

[kiseln]

Okay, just to confirm, if ft_transfer_call reverts it's sender who will lose money and not the relayer, right? So senders will be responsible for the target of ft_transfer_call

[kiseln]

Changed to 0 1f38b04

[karim-en]

Yes.
In the follow-up PR, we can try to solve the refund issue, which was mentioned multiple times in the audits.
What we should take into account is:

• The ft_transfer_call can fail only if the storage wasn't deposited or due to malicious contract, otherwise it returns value.
• The mint call ft_transfer_call if there is a message, so it has the same behaviour.
• The ft_transfer can fail only if the storage wasn't deposited.

Since we already verify the storage deposit, then we can do the refund only if the ft_transfer_call returned a refund value.

[karim-en]

Suggested change

	.with_static_gas(FAST_TRANSFER_CALLBACK_GAS)
	.with_static_gas(FAST_TRANSFER_CALLBACK_GAS + FT_TRANSFER_CALL_GAS)

This could be not enough to do the ft_transfer_call in the callback

Can you please also add tests for this flow (failed and success)

[karim-en]

@kiseln

[kiseln]

Fixed 88a9781

[karim-en]

This can be reduced if the FT_TRANSFER_CALL_GAS has been added

[olga24912]

Suggested change

	.resolve_transfer(fast_transfer.amount),
	.resolve_transfer(fast_transfer.amount.0 - fast_transfer.fee.fee.0),

[kiseln]

If we ever use the amount in resolve_transfer it will be for the purpose of rolling back ft_transfer_call so full amount is more appropriate

[olga24912]

What about creating an invalid TransferMessage with a very very large fee? Finalizing it on the destination chain, and then claiming our excessively large fee. In that case, a lot of Ether, for example, would be minted for the relayer without reason.

[kiseln]

Fantastic find - this is a severe problem that we need to address. Also, replacing sender to the relayer's Near address we accidentally change the native fee from another token to NEAR.

First, we need to allow claiming fee only after the original message is finalized and fees validated.
Second, we either need to preserve original sender when creating message or look it up in some other way when claiming the fee.

[kiseln]

I added restriction on claiming fee in 333be17