Aggregation Security

Note: despite all the security measures taken, it should be taken into consideration that independent audits of the contract are still in progress. Moreover, we cannot guarantee the security of external bridging protocols.

There is currently a $10,000 transfer limit.

In Kinetex Aggregation, great attention is paid to the security of transferred assets and maintaining the user's control over them throughout the exchange process. The protocol implements a set of measures designed to ensure the reliability of the exchange operation and the safety of funds throughout the exchange route.

User-signed routing parameters

When initiating the exchange, the user signs the SwapStep[] structure, which includes an order of exchange steps. This structure includes such data as chain id, swapper contract address, account address, deadline, checking inputs and outputs for minimum and maximum thresholds, and parameters for the used bridging protocols. All parameters are securely validated inside the smart contract, and the user's signature guarantees their integrity and validity.

To verify the signatures, the SwapSignatureValidator auxiliary contract is used, which works with signatures of the EIP-712 format.

The user's signature guarantees the correct exchange within the specified parameters in all networks and using all necessary protocols, as well as excludes any distortion of the selected parameters by third parties.

Routing through user-owned contracts

When intermediate assets come from the bridge to the target network, their direct owners need to maintain control over them. One solution is to transfer funds directly to the users' wallets, but then it becomes necessary to approve the contract in each network for each token used in the exchange.

For the Kinetex protocol, a different approach was chosen: user-owned delegate contracts implemented as minimal proxies. Such contracts are deployed on a per-user basis in a deterministic manner, using the CREATE2 opcode and the user's address as a salt, which means that each address of the generated contract can be known in advance.

At the same time, no one can create this contract except for the xSwap contract during the exchange or users themselves. This contract is deployed as Ownable and Initializable, and ownership is transferred to the user during initialization. The contract also has methods for withdrawing funds from the balance available only to the user, which ensures their safety and availability to the user even in the most exceptional situations.

The deterministic nature of such contracts' deployment allows users to transfer funds to their addresses even when the contracts have not yet been created. Thus, users can save both gas and time by creating a contract during the exchange after receiving funds for it.