What Is A Cross-Chain Bridge?
Cross-chain bridges connect independent blockchains, allowing digital assets to be seamlessly transferred. While there is still debate, one thing seems clear: there will most likely be a future where many decentralized applications (dApps) will need to connect to a score of different blockchains. At a minimum, users will demand an experience that gives them the cheapest, fastest transactions with the least number of steps.
Let’s imagine the simplest example where a user holds BTC but wants to obtain yield by staking Eth in a defi staking application. To do this, the user would need to take some of their BTC and perform all the steps below:
- Transfer BTC to an exchange.
- Swap BTC to Eth.
- Transfer Eth back to the staking application
- Stake the Eth.
When the user was done staking and wanted to convert their Eth back to BTC, the same steps in reverse would need to be done. Cross-chain bridges allow users to avoid the exchange, take their BTC, and stake a “wrapped” version of their BTC through a few different bridging techniques mentioned below.
From the user’s perspective, with cross-chain bridges, they enjoy a less fragmented experience with less risk. They are less fragmented because they reduce the number of hops to different ecosystems and applications. Less risk because each transfer of assets means more chance for mistakes.
From the developer’s perspective, instead of facing the technical challenge, security risks, and financial obligation of maintaining multiple independent blockchains, each with its own complex set of protocols and security measures, they can use cross-chain bridges to achieve true blockchain interoperability. The result is blockchains that connect, exchanging value seamlessly and avoiding siloed assets. This isn’t to say bridges are free of risk, far from it, as you’ll see below.
How Do Cross-Chain Bridges Work?
Image3 by cryptobtcmining.com
Blockchain bridges come in various flavors. Here are three of the most common:
Burn and Mint
With a burn-and-mint bridge, a token from one blockchain is burned or locked, and an equivalent token is minted on the other blockchain. Conversely, when the newly burned token moves back to the original network, it is burned, and the original token is minted or unlocked.
Lock and Mint
With a lock-and-mint bridge, a token is locked on one chain, and simultaneously, a wrapped token is minted on another chain as an IOU. Conversely, wrapped tokens on the destination chain get burnt to unlock the original tokens.
Lock and Unlock
With a lock-and-unlock bridge, tokens get locked on the first chain while unlocking the same token in a liquidity pool on the new chain.
What Are the Problems With Cross-Chain Bridges?
Cross-chain bridges are not blockchain technology. Most bridges are third-party infrastructures that have no inherent security or decentralization features. Because of this and the complexities associated with typically immature, uncertified software, developers must proceed cautiously when developing dApps that use cross-chain bridges.
Here are two reasons why…
- Vulnerability grows over time
One cross-chain bridge typically supports many blockchains. Each blockchain added to the bridge increases the probability of an error in the code. Often blockchains use different programming languages and protocols, confounding an already complex software environment from a developer’s perspective.
Ronghui Gu, the founder of blockchain security firm CertiK, puts it this way: “If you’re trying to create a bridge between N different cryptocurrencies, the complexity of that is N squared,” — which means N more chances for bugs to creep in.
The problem is exacerbated because a vulnerability in one blockchain can spread to other blockchains as they are now connected.
- Single Point of Failure and Centralized Control
Bridges are both off-chain and decentralized versions that exist, but many are often centralized under one custodian. For example, Bitgo, which, even as long ago as 2020, had $16 Billion in assets under management. Unlike blockchain technology which does not have a single point of failure, cross-chain bridges and any centralized exchange (witness the recent FTX debacle) are especially susceptible to attack.
What Are The Worst Bridge Hacks So Far?
As of August 2, 2022, Chainalysis estimates that approximately 69% of all total funds stolen in 2022 have come from bridge attacks. This amounts to around $2 billion stolen in cryptocurrency across 13 cross-chain bridges.
As developers, it is important to understand these attack vectors and the vulnerabilities involved in choosing bridging technology for dApps. Here is a brief list of a few hacks and how they were done.
- Ronin Hack ($600 Million) –
The hacker used compromised private keys to transfer $600 million in tokens. The Ronin Network uses a set of nine validator nodes. In this hack, the hacker gained control of five of the nine. The hacker then used a program not properly terminated to generate fake signatures to transfer funds. This hack occurred due to a lack of decentralization, excessive permissions, and a lack of monitoring of funds.
- PolyNetwork ($600 Million)
This hack was made possible by the interactions between a few of the project’s smart contracts. In this hack, the attacker called a function that reassigned a key role to themselves, allowing for token transfers. One article cited code complexity as the reason this hack was made possible.
- BSC Bridge ($568 Million)
While beyond the scope of describing the Merkle trees and how they work, the basis of this attack involved placing data into a field that was part of a customizable, binary Merkle tree. Essentially, the BSC Bridge used Cosmos software to create these Merkle trees. This attack highlights the need for ecosystem collaboration to improve standards and security.
- Wormhole Hack ($325 Million)
This hack involved a bridge between Ethereum and Solana. The attacker was able to make use of a deprecated, insecure function to forge signature verification. This attack highlights the need for proper software security audits.
- Nomad Hack ($200 Million)
The Nomad hack occurred between the Moonbeam and Ethereum network. In this hack, the attacker used faulty code that was part of an update. According to this article, “fuzzing” or other standard test techniques would have discovered this bug.
A more comprehensive list of recent bridge hacks was given in a tweet by @WuBlockchain:
What Are The Best Cross-Chain Bridges to Support
The best cross-chain bridges have high levels of security. Choose bridges that undergo regular, 3rd-party certification audits. Read through the audit reports to ensure any bridge issues have been addressed. Auditors may also provide a project’s financial records, bank account statements, and other records.
Second, ensure that any bridge you support has real-time threat security monitoring solutions to stop or mitigate any issues. Bridges with documented plans for how they respond and neutralize threats can help you feel more confident, and this knowledge can help you build trust with your users.
Third, a secure bridge should have a high number of validators. In the Ronin bridge exploit, we saw that only five of nine validator nodes needed to be secured to take control of the network. The more validators, the better.
Lastly, consider peer-to-peer bridges over Automatic Market Makers (AMMs). Peer-to-Peer bridges like Orion Bridge use atomic swaps and order books, exchanging tokens one-to-one. These bridges are completely trustless and decentralized, without middlemen. AMMs depend on liquidity pools and smart contracts, which will always be a security issue. Every single hack listed above was an AMM-style bridge.
Other important aspects in choosing a bridge to support include how many blockchains are supported, the amount of liquidity the bridge has, the quality of documentation, programmability, community support, and the expert’s opinion of the bridge.
Examples of Top Cross-Chain Bridges:
Examples of Cross-Chain Dapps:
Nervos Force Bridge Technology
Nervos uses its Force Bridge technology to achieve interoperability and token liquidity. When users send assets from a blockchain to Nervos using the Force Bridge, the asset gets locked into a multi-signature wallet. Corresponding tokens are then minted on Nervos and sent to the corresponding users’ wallet addresses.
The bridge allows the transfer of whitelisted tokens to be sent to the Nervos chain through a series of smart contracts deployed on both the sending and Nervos blockchains. These smart contracts implement wallets secured by a Force Bridge committee composed of the Nervos team and ecosystem partners.
As you can see, cross-chain bridges are a key component of interoperability. Users demand fast, cheap, and easy transactions, and developers are finding innovative solutions to achieve these goals securely that provide a frictionless user experience.
Several common AMM bridging technologies include Burn-and-Mint, Lock-and-Mint, and Lock-and-Unlock. In addition, more secure, decentralized Peer-to-Peer bridges like Orion are also starting to compete for market share. AMM bridges require intensive and exhaustive security measures to protect user funds, while Peer-to-Peer bridges enjoy more inherent security.
The future of cross-chain bridges remains to be seen, but one thing is for certain–security, trust, and a frictionless user experience will remain at the top of the list of problems to solve.