smom-dbis-138/docs/bridge/trustless/MULTI_ASSET.md

# Multi-Asset Support Documentation

## Overview

This document describes multi-asset support for the trustless bridge system, extending beyond ETH/WETH to support ERC-20 tokens.

## Current State

### Supported Assets

- **Native ETH**: Supported via `depositNative()`
- **WETH**: Supported via `depositERC20()`
- **Other ERC-20**: Not yet supported

## Proposed Multi-Asset Architecture

### 1. Token Whitelist

**Purpose**: Control which tokens can be bridged

**Implementation**:
```solidity
mapping(address => bool) public whitelistedTokens;
mapping(address => TokenConfig) public tokenConfigs;

struct TokenConfig {
    bool whitelisted;
    uint256 minDeposit;
    uint256 maxDeposit;
    address destinationToken; // Token on destination chain
}
```

### 2. Asset-Specific Pools

**Current**: Separate pools for ETH and WETH

**Enhancement**: Pools for each whitelisted token
```solidity
mapping(address => PoolState) public tokenPools; // token => PoolState
```

### 3. Token-Specific Configurations

**Purpose**: Different settings per token

**Implementation**:
```solidity
struct TokenConfig {
    uint256 bondMultiplier; // May vary by token
    uint256 minBond; // May vary by token
    uint256 challengeWindow; // May vary by token
}
```

## Implementation Steps

### Phase 1: ERC-20 Support

1. Update `Lockbox138` to support any ERC-20
2. Update `InboxETH` to handle ERC-20 claims
3. Update `LiquidityPoolETH` for multi-asset pools
4. Add token whitelist mechanism

### Phase 2: Token Configuration

5. Add token-specific configurations
6. Implement token registry
7. Add admin functions for whitelist management

### Phase 3: Testing

8. Test with various ERC-20 tokens
9. Test token-specific configurations
10. Test pool management

## Security Considerations

### 1. Token Validation

- Verify token is ERC-20 compliant
- Check token contract is not malicious
- Validate token decimals

### 2. Liquidity Management

- Separate pools per token
- Token-specific liquidity ratios
- Token-specific fee structures

### 3. Reentrancy

- ERC-20 transfers can trigger reentrancy
- Use proper guards
- Follow checks-effects-interactions pattern

## Testing

### Test Suite

Create `test/bridge/trustless/MultiAsset.t.sol`:
- Test ERC-20 deposits
- Test token whitelisting
- Test token-specific pools
- Test token configurations

## References

- Lockbox138: `contracts/bridge/trustless/Lockbox138.sol`
- InboxETH: `contracts/bridge/trustless/InboxETH.sol`
- LiquidityPoolETH: `contracts/bridge/trustless/LiquidityPoolETH.sol`