-
Notifications
You must be signed in to change notification settings - Fork 624
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[questions] transfer module #916
Comments
And where is the code verifying the proof that the token was locked? |
The tokens on the source chain (chain A in your example) are sent to an escrow address. The packet commitment is stored here and upon submitting the receive message on the destination chain (chain B in your example), then the packet commitment is verified here. When the tokens reach the chain B, then vouchers are minted on the destination chain. If the tokens are later on transferred back to chain A, then those vouchers are burnt. I hope this answers your questions. I will close the issue for now. Feel free to reopen it if something is not clear. |
Thank you for answer. I have an additional question, is it not possible to confirm that the A chain sent to the escrow address because it only checks the commitment to the packet, but not the contents of the packet or state of escrow address? Since all packets are stored in state, will someone claim and post-process if something goes wrong? |
i cannot reopen this issue |
The security model assumes that both chains are running trusted IBC code. One chain, when verifying the packet commitment, trust that the counterparty runs a non-malicious IBC implementation and it trusts that if has escrowed the tokens on its side. Otherwise, actually verifying that the tokens has been escrowed, etc would make the protocol way too complicated.
This is again related to the security model: we assume that chains are using a compliant implementation of the IBC protocol that is not following malicious behavior. In Cosmos, when chains add new modules, the validators has to approve a proposal, so it's unlikely that validators would vote for a module that is malicious. There can be software bugs, of course, but it's very unlikely that malicious module would get deployed on a chain.
The hash of the packet commitment contains the packet data (amount and denom of the tokens that are being transferred) and the relayer needs to send the packet data to the destination. The destination chain will reconstruct the packet commitment and verify that the source chain stored the same packet commitment at a certain block height. Feel free to ask if you have any more questions. |
Thank you for answer! |
…, and data race issue (cosmos#916) Resolves cosmos#911, resolves cosmos#919, resolves cosmos#910
I have a question.
In the case of transferring tokens through ibc (A chain -> B chain), won't there be a problem if the token is not burned after locking the token in the A chain and after confirming that the B token has been minted?
The text was updated successfully, but these errors were encountered: