How to combat abuse of token bridges...

in #abuse2 months ago (edited)

There is several ways to combat abuse of token bridges that convert between a coin and a wrapped token, or between two tokens.

  1. Make sure the destination address is not the NULL address or address that deployed the bridge contract
  2. Make sure the address has not sent another conversion request within last 24 hours
  3. Make sure the conversion amount is not very small
  4. Make sure the conversion amount is not too large
  5. Make sure the address that deployed the bridge contract has enough balance to cover the conversion transaction, if it's not paid by user

Possible solutions:

  1. Compare the destination address against static or dynamic blacklist and skip the conversion if the address does match
  2. Reject conversions if the conversion transaction would revert or throw an exception
  3. Reject conversion if the conversion amount is below minimum threshold
  4. Delay conversion if the destination address was used within last 24 hours.