Architecture

The Goliath Bridge is a lock-and-mint bridge between Ethereum (Chain 1) and Goliath (Chain 327). It uses one contract on each side, plus a trusted off-chain relayer that observes events and submits the mirroring transaction on the destination chain.

This page explains the pieces. If you only want to call the bridge, skip to Ethereum → Goliath or Goliath → Ethereum.

Components

On-chain Contracts

Both contracts expose a small, user-facing public interface (deposit / depositNative / burn) and a relayer-only interface (release / releaseNative / mint) gated by a single relayer address. External developers only ever call the user-facing functions.

Off-chain Relayer

A single relayer wallet — operated by the Goliath team — observes events on both chains and submits the mirroring transaction on the destination side. It is the authorised caller of the privileged contract functions (mint, release, releaseNative). Its Ethereum and Goliath address is the same: 0x90F26908Ee30C8fA6812f6BA66c050a86C8aF6cB.

External developers do not call the relayer directly. Your only interaction with relayer-side state is through the bridge REST API, which exposes read-only status and history plus a signed-intent endpoint used for native-XCN withdrawals.

Bridge REST API

The backend at https://bridge.goliath.net/api/v1 exposes:

• GET /bridge/status — look up an in-flight or completed operation by origin tx hash, depositId, or withdrawId.

• GET /bridge/history — list operations for a wallet address.

• GET /bridge/fee-quote — preview fees and minimums for a pending transfer.

• GET /bridge/limits — current per-token fee and minimum configuration.

• POST /bridge/xcn-withdraw-intent — required for native-XCN withdrawals only (see below).

• POST /bridge/xcn-withdraw-intent/bind-origin — pair the signed intent to the on-chain tx hash.

• GET /health — liveness / readiness probe.

Full request/response shapes are documented in the API Reference.

The Three Transaction Shapes

Every bridge transfer falls into one of three shapes. The choice depends on the direction and whether the asset is native on the source chain.

1. Deposit (Ethereum → Goliath)

Emits a Deposit event. The relayer observes the event, waits for Ethereum finality, then calls BridgeMint.mint(...) on Goliath to credit the recipient.

2. Burn (Goliath → Ethereum, ERC-20 only)

Emits a Withdraw event. After the one-hour hold, the relayer calls BridgeLock.release(...) or BridgeLock.releaseNative(...) on Ethereum to deliver the (post-fee) amount to destinationAddress.

3. Native-XCN Withdrawal (Goliath → Ethereum, XCN only)

XCN is the native gas token on Goliath. There is no ERC-20 to burn. Instead the flow is:

1. Client builds and signs an EIP-712 intent describing the withdrawal.

2. Client submits the signed intent to POST /bridge/xcn-withdraw-intent.

3. API returns an intentId and the current relayerWalletAddress.

4. Client sends a plain native XCN transfer from the signer wallet to relayerWalletAddress with value = amount.

5. Client pairs the tx hash to the intent via POST /bridge/xcn-withdraw-intent/bind-origin.

6. After the hold, the relayer releases XCN (as ERC-20) on Ethereum.

The bridge accepts both EOA signatures (ECDSA recovery) and ERC-1271 smart-account signatures (on-chain isValidSignature(bytes32,bytes) returning magic 0x1626ba7e). For smart-account senders — Safe, Coinbase Smart Wallet, Biconomy, Alchemy AA, ZeroDev, thirdweb, etc. — the origin-funds proof walks the execution-tx call tree (via the Hedera mirror's /api/v1/contracts/results/{txHash}/actions endpoint) to find the (smartAccount → relayerWalletAddress, value) child CALL, so EntryPoint.handleOps(...) bundler execution is supported as long as the smart account calls the relayer directly (multi-hop smartAccount → Router → relayer is rejected).

Full walkthrough in Goliath → Ethereum — Native XCN; smart-account-specific rules, failure modes, and worked examples in Smart Account Integration.

Events You Can Observe

All event signatures are part of the public ABI. Addresses are listed in Contracts & Events.

Deposit — BridgeLock on Ethereum

Mint — BridgeMint on Goliath

Mint.depositId matches the Deposit.depositId on Ethereum — use it to correlate the two sides.

Withdraw — BridgeMint on Goliath

Release — BridgeLock on Ethereum

Release.withdrawId matches the Withdraw.withdrawId on Goliath.

Finality and Timing

Each direction waits for source-chain finality before the relayer submits the destination transaction.

The hold is configurable and applied on the Goliath → Ethereum path only. Current values are exposed in every GET /bridge/status response via requiredConfirmations, originConfirmations, holdUntil, and estimatedCompletionTime — read those fields rather than hardcoding the numbers above.

Status Lifecycle

Every bridge operation the backend tracks moves through these states:

Terminal states are COMPLETED, FAILED, and EXPIRED — once there, the record will not change. Clients should stop polling at that point.

Where to Next

• Ethereum → Goliath — deposit flow with code.

• Goliath → Ethereum — burn / native-XCN flows with code.

• REST API Reference — exact request/response shapes.

• Smart Account Integration — ERC-1271 / ERC-4337 variant of the native-XCN flow.

• Contracts & Events — addresses, ABIs (mainnet + testnet).