Security & Trust
This document explains the internal design of the ABX Migration and the security measures in place to ensure your assets are safe and the process is transparent.
1. Non-Custodial "Burn-and-Mint" Model
Most migration systems function by "locking" assets in a vault and "wrapping" them on another chain. If the vault is hacked, the wrapped tokens become worthless.
The ABX Migration uses a "Burn-and-Mint" model:
On Alephium: Your ABX tokens are permanently burned (destroyed). They are not held in a pool that can be drained.
On MegaETH: New MBX tokens are minted directly into your wallet.
Why this is trustable: Since tokens are destroyed on the source side, the total supply across both chains remains mathematically constant. There is no central "honey-pot" of locked tokens to attract hackers.
2. Cryptographic Security: The Merkle Tree
The migration process does not rely on the Relayer's word. It relies on math.
Aggregation: The Relayer collects thousands of burn events and compresses them into a single 32-byte string called a Merkle Root.
On-Chain Verification: The destination smart contract only knows this Root. When you claim, you provide a Proof (a digital signature of your transaction's location in the tree).
Immutable Logic: The code on MegaETH verifies your Proof against the Root. If even a single decimal point in your amount was tampered with by the Relayer, the math would fail, and the contract would reject the transaction.
3. Decentralized Roles & Circuit Breakers
To prevent "God-mode" control, the system splits power across different roles:
🤖 The Relayer (Automation)
Task: Updates the Merkle Root.
Limit: It cannot move funds or mint tokens to arbitrary addresses. It can only report what happened on Alephium.
🛡️ The Owner (Security)
Task: Emergency management.
Capability: Can Pause the migration instantly if suspicious activity is detected.
Storage: This key is kept in cold storage (offline) and is never on the server.
⛓️ Nonce Protection (Double-Spending)
Every transfer has a unique
nonce.The MegaETH contract keeps a permanent record of used nonces. It is physically impossible to claim the same transaction twice.
4. Transparency and Verifiability
Everything is on-chain:
Burn Verification: You can see your burn transaction on the Alephium Explorer.
Relayer Transparency: You can verify when the Relayer updates the root on the MegaETH Explorer.
Open Source: All migration contracts are open-source and verified, allowing anyone to audit the logic.
5. What happens if the Relayer goes down?
Your funds are NOT lost: Because you have already burned the tokens on Alephium, they exist as an immutable event on the blockchain.
Recovery: As soon as the Relayer comes back online, it will index all missed blocks, and your transaction will automatically become "Ready to Claim."
Proof-of-History: Even if the UI is down, a user can manually call the
completeMigrationfunction on the smart contract using the proof stored on the blockchain.
Summary for Users
You don't have to trust the migration team; you only need to trust the blockchains and the mathematical integrity of Merkle Trees. Your tokens are only minted on the destination if they were proven to be destroyed on the source.
Last updated