Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
rainbow-bridge-cli
Advanced tools
Rainbow Bridge CLI
OPS tool to Rainbow Bridge, an Ethereum to Near trustless, fully decentralized, bidirectional bridge
The current version of CLI is all-in-one package -- it is used both for production and testing. As a result, even if you need CLI only for the token transfer you need to install all testing dependencies. This will be changed in the future.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
rustup default stable
rustup target add wasm32-unknown-unknown
You can install rainbow-bridge-cli
from npm
npm i -g rainbow-bridge-cli
To learn the commands that you can use with the rainbow bridge run
rainbow --help
Alternatively, clone this repo, yarn install
, then you can see what commands you can use with:
./index.js --help
Parameters of each command can be specified through environment variables, command line arguments, entries in the ~/.rainbow/config.json
config file, or the default value will be used -- in that priority.
If argument is not provided and there is no default value the program will not execute.
If script successfully executes a command then each parameter provided through the command line argument will be written into the config file. Additionally, if scripts generates new parameters (e.g. it deploys a contract to Ethereum and obtains its address) will also be written into the config file. Arguments should not be specified multiple times.
Note, you can use environment variables to pass sensitive data which will not lead to it being written into the config file.
Bridge is secure as long as majority (1/2) of Etherem mining power is honest and supermajority (2/3) of NEAR stake is honest. There are no additional security requirements, except that Ethereum should be able to accept 1 transaction within 4 hour period even in the worst congestion scenario.
NEAR fees are negligible, both for bridge maintenance and for token transfer. Ethereum fees are the following:
As of 2020-07-14 (gas price is 40 gwei) the cost of running bridge on NEAR mainnnet and Ethereum mainnet is approx 42 USD/day. The cost of ETH->NEAR transfer of ERC20 token is 1 USD. The cost of NEAR->ETH transfer of ERC20 token is 2 USD.
Rainbow bridge can be deployed either on PoW or PoA networks. However, the main use case of the bridge is Ethereum Mainnet, which makes its design very PoW-centric and it is only trustless and decentralized for PoW networks. Unfortunately, the only popular PoW testnet is Ropsten, which frequently undergoes huge reorgs of more than 16k blocks, because people test 51% attacks on it. 16k reorgs can wipe out entire contracts and revert days of computations. Overall, Ropsten has the following unfortunate specifics that does not exist with Ethereum Mainnet:
Therefore we advise users to not use Ropsten for bridge testing. Instead, we recommend using one of Ethereum's PoA testnet. Unfortunately, PoA networks have a differen header format and are also centralized by nature. Therefore when deploying bridge on PoA network please use --near-client-trusted-signer
parameter. This will force EthOnNearClient
to not validate Ethereum headers (since PoA headers are not valid PoW headers) and accept them only from the provided authority.
The documenation below assumes Rinkeby testnet.
This section explains how to use existing bridge with mock ERC20 token that was already deployed. You would need to have some amount of this token on Rinkeby, so reach out to max@near.org if you want to give it a try.
We assume you have two accounts:
<near_token_holder_account>
and its secret key as <near_token_holder_sk>
;0x8151a8F90267bFf183E06921841C5dE774499388
as an example. If you want some of these ERC20 tokens please contact max@near.org). We denote it as <eth_token_holder_address>
and its private key as <eth_token_holder_sk>
;Make sure you have rainbow cli installed:
npm i -g rainbow-bridge-cli
If you have already used the bridge on this machine run a cleanup:
rainbow clean
If you're using rainbow-bridge-cli 1.x, create ~/.rainbow/config.json
file with the following content:
{
"nearNetworkId": "testnet",
"nearNodeUrl": "https://rpc.testnet.near.org/",
"ethNodeUrl": "https://rinkeby.infura.io/v3/<project_id>",
"nearMasterAccount": "<near_token_holder_account>",
"nearMasterSk": "<near_token_holder_sk>",
"nearClientAccount": "ethonnearclient10",
"nearProverAccount": "ethonnearprover10",
"nearClientTrustedSigner": "eth2nearrelay10.testnet",
"ethMasterSk": "<eth_token_holder_sk>",
"ethEd25519Address": "0x9003342d15B21b4C42e1702447fE2f39FfAF55C2",
"ethClientAddress": "0xF721c979db97413AA9D0F91ad531FaBF769bb09C",
"ethProverAddress": "0xc5D62d66B8650E6242D9936c7e50E959BA0F9E37",
"ethErc20Address": "0x8151a8F90267bFf183E06921841C5dE774499388",
"ethLockerAddress": "0x5f7Cc23F90b5264a083dcB3b171c7111Dc32dD00",
"nearFunTokenAccount": "mintablefuntoken11"
}
If you are using rainbow-bridge-cli 2.x, create ~/.rainbow/config.json
file with the following content:
{
"nearNetworkId": "testnet",
"nearNodeUrl": "https://rpc.testnet.near.org/",
"ethNodeUrl": "https://rinkeby.infura.io/v3/<project_id>",
"nearMasterAccount": "<near_token_holder_account>",
"nearMasterSk": "<near_token_holder_sk>",
"nearClientAccount": "ethonnearclient10",
"nearProverAccount": "ethonnearprover10",
"nearClientTrustedSigner": "eth2nearrelay10.testnet",
"ethMasterSk": "<eth_token_holder_sk>",
"ethEd25519Address": "0x9003342d15B21b4C42e1702447fE2f39FfAF55C2",
"ethClientAddress": "0xF721c979db97413AA9D0F91ad531FaBF769bb09C",
"ethProverAddress": "0xc5D62d66B8650E6242D9936c7e50E959BA0F9E37",
"nearTokenFactoryAccount": "ntf4.bridge2.testnet",
"ethErc20Address": "0x21e7381368baa3f3e9640fe19780c4271ad96f37",
"ethLockerAddress": "0x7f66c116a4f51e43e7c1c33d3714a4acfa9c40fb",
"nearErc20Account": "21e7381368baa3f3e9640fe19780c4271ad96f37.ntf4.bridge2.testnet"
}
You can get infura project id, by registering at infura.io.
To transfer ERC20 from ETH to NEAR run:
rainbow transfer-eth-erc20-to-near --amount 10 --eth-sender-sk <eth_token_holder_address> --near-receiver-account <near_token_holder_account>
(If the command interrupts in the middle re-run it and it will resume the transfer. PoA RPC sometimes has issues) Wait for the transfer to finish. You should see:
Transferred
Balance of <near_token_holder_account> after the transfer is 10
To transfer ERC20 back from NEAR to ETH run:
rainbow transfer-eth-erc20-from-near --amount 1 --near-sender-account <near_token_holder_account> --near-sender-sk <near_token_holder_sk> --eth-receiver-address <eth_token_holder_address>
You should see:
ERC20 balance of <eth_token_holder_address> after the transfer: 91
Congratulations, you have achieved a roundtrip of ERC20 token through the bridge!
To locally test the bridge run:
rainbow clean
rainbow prepare
rainbow start near-node
rainbow start ganache
First let's initialize the contracts that bridge needs to function:
rainbow init-near-contracts
rainbow init-eth-ed25519
rainbow init-eth-client --eth-client-lock-eth-amount 1000 --eth-client-lock-duration 10
rainbow init-eth-prover
Now, let's set up token on Ethereum blockchain that we can transfer to NEAR blockchain (this can be your own token).
rainbow init-eth-erc20
rainbow init-eth-locker
Now, let's initialize token factory on NEAR blockchain.
rainbow init-near-token-factory
Now start the services that will relay the information between the chains:
rainbow start eth2near-relay
rainbow start near2eth-relay --eth-master-sk 0x2bdd21761a483f71054e14f5b827213567971c676928d9a1808cbfa4b7501201
rainbow start bridge-watchdog --eth-master-sk 0x2bdd21761a483f71054e14f5b827213567971c676928d9a1808cbfa4b7501202
Note, you can observe the logs of the relays by running:
pm2 logs
Finally, let's transfer some tokens
rainbow transfer-eth-erc20-to-near --amount 1000 --eth-sender-sk 0x2bdd21761a483f71054e14f5b827213567971c676928d9a1808cbfa4b7501200 --near-receiver-account rainbow_bridge_eth_on_near_prover --near-master-account neartokenfactory
Note, when we deployed ERC20 to the Ethereum blockchain we have minted a large number of tokens to the default master
key of Ganache, so we have transferred ERC20 tokens from it to alice.test.near
.
Notice that we are using neartokenfactory
account here to pay for the NEAR gas fees, any account for which we know a secret key would've worked too.
You must observe blocks being submitted.
Now let's try to transfer one token back to Ethereum
rainbow transfer-eth-erc20-from-near --amount 1 --near-sender-account rainbow_bridge_eth_on_near_prover --near-sender-sk ed25519:3D4YudUQRE39Lc4JHghuB5WM8kbgDDa34mnrEP5DdTApVH81af7e2dWgNPEaiQfdJnZq1CNPp5im4Rg5b733oiMP --eth-receiver-address 0xEC8bE1A5630364292E56D01129E8ee8A9578d7D8
You should observe the change of the ERC20 balance as reported by the CLI.
Above steps are ways to run a local bridge and development workflows you need if make any changes to rainbow-bridge-cli. If you want to update any of solidity or rust contracts, they're not in this repo now and workflow is as following.
rainbow clean
rainbow prepare
rainbow near-node
rainbow ganache
node_modules/rainbow-bridge-sol
, make changes there and run ./build_all.sh
to recompile solidity contracts.node_modules/ranbow-bridge-rs
, make changes there and run ./build_all.sh
to recompile rust contracts.node_modules/rainbow-bridge-lib
and make changes there3.0.0
replaceDuration_
that allows relay to submit header on top of header that has not passed challenge period yet.FAQs
CLI to set up the environment needed for the bridge to work.
We found that rainbow-bridge-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.