The app guardian monitors the message
Executedevents emitted from the
MessageBuscontracts on the destination chains, and uses the
srcTxHashfields in the event to look for the matched
Messageevents from the
MessageBuscontracts on the source chains. If it fails to find a matched event on the source chain, it will try to pause the message receiver (dApp) contracts or execute any dApp-specific logic if added.
Note that Celer IM is already secured by the Celer State Guardian Network (SGN), which is a proven secure decentralized platform that has processed a large volume of cross-chain asset transfers and tons of cross-chain messages without any security incident. This app guardian is for dApp communities who do not fully trust Celer SGN and want further safety guarantees even if Celer IM is compromised.
Message dApps that require extra safeguards can choose to integrate the app contract with the MessageReceiverAdapter, which allows configured delayed message execution.
Integration with the adapter is simple: 1) deploy a separate adapter contract for your dApp; 2) set the allowed senders to restrict who can send messages to the dApp; and 3) enforce your dApp message receiver function to only accept external calls from this adapter.
For each delayed message, the message executor (detailed in the next section) will wait for the delay period to pass and then automatically execute the delayed messages which trigger calls to the receiver dApp contract.
The app guardian described above keeps monitoring and verifying the messages as soon as they enter the delayed queue, and will pause the adapter contract immediately if any invalid message is detected during the delay period, so that no invalid message will be executed in the receiver dApp contract.