This PR add hyperbridge integration to enable Argon<->EVM and Argon Ownership<->EVM transfers.
Integration with hyperbridge is done through the ChainTransfer pallet. You can now send_to_localchain or send_to_evm.
Send to Evm
Users can send funds to an EVM address and chain via chain_transfer.send_to_evm (argons and ownership tokens are both supported). Fees are paid in Argons by the transferring user to both hyperbridge and the relayers (more about these roles below). The relayers and hyperbridge are able to collect these fees at a later date and convert them as desired. There are a number of chains available to begin, but we will have to register them on Hyperbridge's Token Governor. Funds are held by the pallet account (unspendable) while they're off-chain. If a request does not complete, it will time out and be refunded back to the original user from the pallet account.
Hyperbridge/Relayers
Hyperbridge works by creating merkle proofs of state changes in our chain that are stored locally in offchain storage with a hash stored onchain as a commitment. There is a network of "relayers" that gather these proofs and consolidate them before sending them on to other chains. In our case, they go to "Hyperbridge", which is a parachain running on Paseo and Polkadot. Hyperbridge allows us to mint erc20 assets that are controlled via a pallet called TokenGovernor. TokenGovernor is secured by the economic security of the Polkadot network, and operates a bit like a "hub" between us <-> relayers <-> hyperbridge <-> relayers <-> ethereum networks. Each substrate/ethereum chain operates as a state store, but doesn't relay the information. That's the job of the relayers.
Activating EVMs
Hyperbridge is integrated with a number ethereum chains right now. We'll send a request to activate these after we get relayers transferring our consensus state and messages back and forth with Hyperbridge.
Some Security Questions I Had
Can the ethereum contracts be upgraded by a malicious actor or keys stolen to print extra tokens? A: It's a non-upgradedable, non-admin contract that wraps ERC6160 tokens - essentially allowing minting and burning, but nothing else besides p2p in the erc20 contract. We won't even control it.
What fee is paid on Ethereum/Base/etc side? A: always paid in native currency (eg, eth)
Can a malicious actor re-play messages? A: No, always checked on our side via the ISMP pallets that are part of our own code base. NOTE: this could be updated in a supply chain attack, which we will need to be cognizant of during upgrades.
Can a malicious actor inject themselves and start minting beyond what has been sent over to ethereum/base/etc? A: This is a check made by TokenGovernor before confirming changes, and should be locked down on Hyperbridge pallets enough that this becomes a Polkadot security question, which has strong decentralization and economic security.
Core Changes Needed
A few core changes were needed by the platform to make this work.
Added Grandpa RPCs to lookup state proofs
Converted Argon and Ownership shares to use 6 decimal places.
We split our runtime that is in use for testnet and development so it could handle static configurations in the runtime. The test network is called "Canary"
This PR add hyperbridge integration to enable Argon<->EVM and Argon Ownership<->EVM transfers.
Integration with hyperbridge is done through the ChainTransfer pallet. You can now
send_to_localchainorsend_to_evm.Send to Evm
Users can send funds to an EVM address and chain via
chain_transfer.send_to_evm(argons and ownership tokens are both supported). Fees are paid in Argons by the transferring user to both hyperbridge and the relayers (more about these roles below). The relayers and hyperbridge are able to collect these fees at a later date and convert them as desired. There are a number of chains available to begin, but we will have to register them on Hyperbridge's Token Governor. Funds are held by the pallet account (unspendable) while they're off-chain. If a request does not complete, it will time out and be refunded back to the original user from the pallet account.Hyperbridge/Relayers
Hyperbridge works by creating merkle proofs of state changes in our chain that are stored locally in offchain storage with a hash stored onchain as a
commitment. There is a network of "relayers" that gather these proofs and consolidate them before sending them on to other chains. In our case, they go to "Hyperbridge", which is a parachain running on Paseo and Polkadot. Hyperbridge allows us to mint erc20 assets that are controlled via a pallet called TokenGovernor. TokenGovernor is secured by the economic security of the Polkadot network, and operates a bit like a "hub" between us <-> relayers <-> hyperbridge <-> relayers <-> ethereum networks. Each substrate/ethereum chain operates as a state store, but doesn't relay the information. That's the job of the relayers.Activating EVMs
Hyperbridge is integrated with a number ethereum chains right now. We'll send a request to activate these after we get relayers transferring our consensus state and messages back and forth with Hyperbridge.
Some Security Questions I Had
Core Changes Needed
A few core changes were needed by the platform to make this work.