And for Optimistically verified bridges, they have a delay built in the bridge model itself which means that these types of risks can be easily detected and reacted to, without having to change any fundamental bridge design. For externally verified systems, it is easy to add delay and off-chain verification but not necessarily required for the bridge. One example of a weak environment security would be, connecting a less secure blockchain to a more secure one such as Cardano to Ethereum. So if we compare the three bridge security models, in terms of implementation security, starting with the most secure, #1 is Optimistically verified, #2 is Externally verified and #3 is Natively verified.
Succinct Labs has built a light client for Ethereum 2.0 proof of stake consensus to construct a trust minimized bridge between Gnosis and Ethereum, that uses the succinct properties of zk-SNARKS (not Zero Knowledge) to efficiently verify consensus validity proofs on-chain. However, there are certain steps developers can take to prevent these attacks and respond promptly in case of a hack, while users of the bridge can assess the safety of a bridge by evaluating its risk score. These can be vulnerable in many ways such as stealing signer keys, collaborating with validators, maliciously updating smart contracts, exploiting smart contract bugs, compromising RPC endpoints, or undergoing re-org attacks, among others. Bridges are the solutions to ease fragmentation and allow users to hop from one blockchain to another seamlessly.
Disney Plus, Hulu, HBO Max Bundle
- This serves to illustrate the level of development that has been achieved by Polygon and the network effects that will benefit them as first movers.
- Hybrid validation is a combination of the two and aims to balance security and complexity.
- However, the usage of a zk-SNARK lowers the trust assumptions which is in the end perhaps what we are looking for.
- The GKR multilayered sum-check protocol has a communication complexity of O(N log_2(gates per layer)) for N machines in the relay network.
- This data from Chainalysis reveals that bridge hacks constitute a significant proportion of the total funds stolen in DeFi in 2022, amounting to an alarming 69% of the total.
- Most established best practices for traditional cybersecurity are already in place.
- Hence there is a lot of research and development focussed on building this critical component in the multichain universe.
The technology offers unparalleled security, transparency and trust, allowing users to securely store and transfer digital data, such as cryptocurrency, in a distributed and immutable manner. And lastly, having a standardized risk assessment framework can be useful from the users’ perspective to select the appropriate bridge for their transaction size and security needs. At the core of every bridge is a messaging infrastructure that sends data across chains.
- Thus onchain verification of Ed25519 signatures on Ethereum (BN254) becomes inefficient and cost prohibitive.
- Bridges have been built between these parallel blockchains to ease fragmentation of liquidity and allow users to hop from one blockchain to another seamlessly.
- But as we mentioned in the introduction to this post, trusting data providers can lead to issues of censorship or data breaches.
- As discussed earlier, upgrading the smart contracts of a messaging layer to fix bugs, improve speed, or launch new technology can introduce risk vectors that can compromise the security of the bridges and dApps using the messaging layer.
- The main purpose of the recursion is to achieve succinctness (proof size) and reduce verification gas costs.
Add live sports to your HBO Max plan for €5/month*
Notwithstanding the fact that this goes against the very founding principles of blockchains, it brings with it issues related to censorship and security. Interchain communication in the multichain universe, often referred to as the interoperability layer, is a foundational infrastructure that acts as a bridge between different blockchains. A typical user interacts with a bridge by sending funds on a chain C1 to the bridge protocol that “locks” these funds into contract, i.e these funds are unusable in C1.
This is achieved by proving the correctness of information without exposing the data itself, a crucial feature for maintaining privacy and security. Ethereum, Polygon and Avalanche are integrated as EVM-compatible chains, leveraging existing token standards and bridging solutions. This project leverages the power of Rust, zero-knowledge proofs (ZKPs), and cross-chain interoperability standards (like IBC and XCMP) to create a scalable and trust-minimized multichain platform. The main reason for security vulnerabilities are due to the way a bridge acts as a centralized storage unit. The current state of the blockchain ecosystem resembles a heterogeneous distribution of bubble universes (fragmented multichain universe), each with its own rules of consensus mechanism, design, applications, and use cases.
Succinct Verification of Proof of Consensus (Succinct Labs)
Electron Labs is trying to create a connection between the Cosmos SDK ecosystem, which is a framework for building specific blockchain applications, and Ethereum. If at least 2/3 of the validators sign a given block header, the state of the Ethereum network is considered valid. The Ethereum 2.0 network has a committee of 512 validators randomly chosen every 27 hours and is responsible for signing every block header during that period. The system uses SNARKS to efficiently verify the validity of consensus proofs on the Gnosis chain.
The problem with bridges
Chainalysis data has revealed that bridge hacks have accounted for a staggering 69% of the total funds stolen in the DeFi space in the past two years. Different bridges use different mechanisms to ensure the message is valid and hence it is incredibly difficult to build fully secure bridges. Hacken is a blockchain security auditor born in 2017 with a vision of transforming Web3 spinmaya casino bonus into a safer place. To evaluate the security of different types of bridges, the three main pillars of bridge security, namely Economic Security, Implementation Security, and Environment Security need to be considered.
There could be a governance bridge that allows you to vote from different chains. In a nutshell, whenever one blockchain (eg. Ethereum) connects to any other blockchain (eg. Solana), there is a bridge (eg. Portal) involved leveraging a messaging infrastructure (e.g Wormhole). With the introduction of composability on Ethereum and building of smart contract protocols for various DeFi applications, the number of use cases grew, and Ethereum's initial design was no longer scalable. By taking this proactive approach, developers can protect the assets that their bridges handle and reduce the likelihood of their network being damaged. Thus, bridge hack is a growing problem, as bridges are a common target for attackers and we will discuss how developers can mitigate these attacks, respond to a hack, and assess the safety of a bridge through risk scoring.
HBO Max Sport
First, we gather all the relevant information about the protocol by answering a set of questions. In the Data Gathering section we answer several questions to gather the relevant data points needed for the Risk Scoring section. It expands on well-known conventional security concepts and uses domain-specific application weakness classification to provide a good analysis value. Joel John, a writer for Decentralised.co, who collaborated on this framework with the Socket team and has written a detailed piece titled ‘Assessing Blockchain Bridges’, expanding on each of these 5 categories. Vaibhav Chellani (Socket, Bungee Exchange), who wrote this framework has a Video Seminar centered around building the risk framework for Bridge Security where he discusses these 5 categories in details. Meaning that retail users might prefer a fully permissionless model, whereas institutions might want to use a permisionned and OFAC compliant one.
However, the usage of a zk-SNARK lowers the trust assumptions which is in the end perhaps what we are looking for. Furthermore with the optimizations, it achieves low storage overhead, reduction in circuit complexity and succinct verification and appears generalizable. Optimizations include usage of the 512 Public key (PK) inputs of the validators as a commitment using a ZK friendly Poseidon hash.
Perps on Ethereum Mainnet
One issue with this approach is latency, as the proof generation process needs to keep up with the high block production rate of the Cosmos SDK. And the target chain will then have some information about the source chain baked into its own consensus. The three main areas of security issues were bugs in the code, blindspots in the architecture (such as missing fail safes) and committee/validator takeovers. Synthetix uses TradingView to display data on charts, providing advanced tools to enhance your market research. Earn steady rewards without collateral ratio worries or liquidation risk. Built on Ethereum Mainnet, with the strongest asset security guarantee in DeFi.
Even for the 32 signature case, with 32 machines in the relay network, this leads to a relatively large number of rounds of communication in the network, which might completely kill the performance coming from distributed computation. One thing that seems to have escaped mention is that the relay network computation will suffer the same communication complexities as the MPC, and that will also affect the prover time. The deVirgo proof system is post quantum resistant since it only relies on collision resistant hash functions, and the main computational bottlenecks are Number Theoretic Transforms (NTT’s) in large sized circuits. In the first step, a deVirgo proof is generated, which is then compressed using the Groth16 prover. For a circuit that validates 100 signatures with about 10M gates, the proof size is 210KB (same as that of the Virgo prover).
Avalanche bridge provides an example of a message based token bridge, in which tokens are locked/burned on one chain and minted/unlocked on the other. Based on the VAA user can withdraw funds on the other end of the bridge. Another example is Portal Token Bridge built on top of Wormhole (a message passing protocol) where the validation process takes place in an external network called the Guardian Network. The Polygon bridge, for example, has 100 validators, so compromising it would require compromising at least 51 of these validators, a difficult task due to the participants having their own native tokens at stake.
One problem with liquidity networks is that the liquidity can dry up and the user will have to wait longer. Liquidity networks thus act as a crosschain DEX such that they allow you to swap tokens for a small fee. Liquidity networks are systems that allow you to swap these tokens from one chain to another. For decentralized bridges, a decentralized approach is used to affirm the message indicating that the asset has been burnt on one side and minted on the other. For centralized bridges, a single entity is responsible for verifying the burn process. This type of bridge has the advantage of allowing virtually limitless minting and burning (provided 6/8 nodes submit the same transactions to the SGX Enclave to sign), thus improving user experience by ensuring an absence of liquidity issues.
Depending on the application, they can be a Token, NFT, Governance, Lending or an ENS bridge. Additionally, the use of aggregators adds an extra layer of risk to the implementation process. The use of bridge aggregators that allow for multi-step or multi-hop bridging increases the likelihood of a transaction failure. Additionally, computing the optimal routes off-chain reduces costs and enhances efficiency and user experience.