We are dealing with a sidechain so all the BTC, ETH is locked somehow and we use pBTC and pETH etc. instead. Can someone with detailed knowledge please explain to me how safe are the locked assets. I gues it works with a smart contract? Could someone hack the contract and steal all BTC etc. so we would be left then with worthles pBTC after such an event? Or is this impossible and the only way to steal these coins is access to our private keys? In other words is the way it works right now 100% safe or only like 99% etc. Thanks for your help.
Maybe the question could be…Is INCOGNITO bridge audited?
100% safety is difficult to have also with cash or banks.
Hacks can always happen but if the protocol is audited by some good guys we have fewer chances to get hacked!
hey @Anon, your concern is understandable. I guess there are 2 things we need to clarify so that you can get how safe Incognito is:
The contracts’ code is bug-free and flawless - we were trying our best to achieve this with multiple rounds of testing (unit testing, integration testing, manual testing, etc) as well as careful code review by following high-quality standard from popular code audit organizations to be able to avoid common/known attack vectors (you can find more at https://docs.google.com/spreadsheets/d/15aqWoCaXGtq6Lm2OhDwmxwK8rPKPamqvuUe0gtb7MWY/edit#gid=943998188 to see what we deal with)
Basically, to unlock assets from Incognito contract, one needs to have signatures of Incognito’s committees (validators) so if we can guarantee conditions at (1) and Incognito’s validators are honest then we could say your assets are pretty safe.
Thanks for this easy understandable explanation @duc
Got access denied while accessing the google doc link you provided. Mind making it public?
Can you try again? just made it public…
Thanks! Can access now
Wait what? This doesn’t alleviate my same concern at all (actually it makes me more concerned)…! "The contracts’ code is bug-free and flawless " SERIOUSLY???
Who are the validators??
I’d much rather see a 3rd party security audit, this reply is concerning at least…