Kima Whitepaper
  • Introduction
  • About The Kima Blockchain
  • Existing Challenges with Asset Transferring
  • The Kima Infrastructure
  • Example: Liquidity Provider Incentivization
  • Incentive Scheme
    • A. Incentive Scheme: Liquidity Penalties and Bounties
    • B. Incentive Scheme: Protection Mechanisms
    • C. Incentive Scheme: Passive and Active Liquidity Providers
  • Simulation of Kima's Liquidity Management
  • Network Income and Distribution
  • Impermanent Loss and Arbitrage
  • Protection Against Blockchain Reorganization
  • Kima's Technology and Other Solutions
    • About Asset/Token Wrapping and Cross-Chain Bridges
      • Custodial Wrapping
      • Non-custodial Wrapping
      • Liquidity Fragmentation
    • Direct Messaging
  • The Security of the Kima Blockchain
    • Other Security Threats
  • Conclusion
  • Disclaimer
Powered by GitBook
On this page
  • 1. Insider Threat
  • 2. Contract Vulnerabilities
Export as PDF
  1. Kima's Technology and Other Solutions
  2. About Asset/Token Wrapping and Cross-Chain Bridges

Custodial Wrapping

PreviousAbout Asset/Token Wrapping and Cross-Chain BridgesNextNon-custodial Wrapping

Last updated 2 years ago

With custodial asset wrapping, a custodian (or group of custodians) holds the private keys controlling accounts on two chains. The off-chain custodian monitors both accounts and keeps them in sync by issuing signed transactions to the appropriate blockchain.

One of the earliest successful examples of token wrapping was WBTC¹. A group of custodians hold BTC on the Bitcoin blockchain and issue “wrapped” BTC (WBTC) on Ethereum. The WBTC custodians monitor their WBTC wallet(s), and when BTC is deposited, they use their private key to issue (“mint”) new WBTC on the Ethereum blockchain. Conversely, when Ethereum users redeem (“burn”) their WBTC, the custodians use their private key to release BTC on the Bitcoin blockchain.

There are two core security problems with custodial token wrapping.

1. Insider Threat

The custodians hold the private keys to accounts on both chains and can use these keys to steal the reserve assets or mint unbacked wrapped assets.

2. Contract Vulnerabilities

Attackers could potentially subvert the minting capability of the smart contract to mint unbacked wrapped assets. This is also a threat to non-custodial solutions.

The risk of contract vulnerabilities also increases with the complexity of the on-chain bridge contracts for both custodial and non-custodial solutions. For example, the Wormhole bridge uses multi-signatures instead of threshold signatures (TSS)². This requires the contract to aggregate multiple signatures from different accounts before updating its state. The use of multi-signatures, instead of TSS, drastically increases the complexity of the contract and leads to contract risk like that used in the Wormhole attack³.

¹Kyber Network, BitGo Inc, and Republic Protocol. Wrapped tokens a multi-institutional framework for tokenizing any asset. , 2019.

²Leopold Schabel. Introducing the wormhole bridge., 2020.

³Extropy.io. Solana’s Wormhole hack post-mortem analysis. , 2022.

https://wbtc.network/assets/wrapped-tokens-whitepaper.pdf
https://medium.com/certus-one/introducing-the-wormhole-bridge-24911b7335f7
https://extropy-io.medium.com/ solanas-wormhole-hack-post-mortem-analysis-3b68b9e88e13
Page cover image