Although a fairly new addition to the blockchain ecosystem, cross-chain bridges have exploded in popularity, with their total locked value (TVL) running into billions. Popular blockchain bridges like Arbitrum and Avalanche have also seen token values record significant increases.
The growth of blockchain bridges has a lot to do with the growing adoption of decentralized finance (DeFi). Bridges allow users to seamlessly transfer assets between blockchains, increasing liquidity and the ability to leverage tokens for DeFi-related activities.
But there’s growing concern over the widespread use of cross-chain bridges, particularly due to the risks they pose to users. With hacks on blockchain bridges costing users millions, the functionality of blockchain bridges is a topic that deserves analysis.
In this article, we’ll explore how cross-chain bridges work and what they offer. We’ll also consider examples of blockchain bridges and examine the risks of using cross-chain bridges.
A cross-chain bridge is a protocol that allows different blockchains “talk” with each other. Bridges connect separate blockchains, enabling users to transfer assets, tokens, smart contract information, and other forms of data across platforms.
Interoperability—the ability for different systems to communicate—wasn’t a consideration in the early days of blockchain technology. For example, Bitcoin and Ethereum existed as independent systems, so you couldn’t possibly spend BTC on Ethereum or ETH on Bitcoin.
This contrasts with the legacy financial systems, which operate an interoperable infrastructure. You could swipe your Visa credit card at any point-of-sale system anywhere in the world, without worrying if it supports Visa or not. Spending BTC on Ethereum required going through exchanges, a long, expensive, and risky process.
Cross-chain bridges solved the problem by making it possible to use assets on different blockchains without going off-chain. Note that your BTC doesn’t magically become ETH on Ethereum. Rather the cross-chain bridge enables asset conversion using a lock-mint-burn mechanism, which is explained in the next section.
Moving your BTC to Ethereum starts with sending an amount to a specified address on the source blockchain (Bitcoin). This information is relayed to the bridge, triggering the creation of an equal amount of tokens on the other blockchain.
Withdrawing your locked tokens follows the same process. You send the tokens to an address on the non-native blockchain, while your original deposit on the first blockchain is sent to your address.
Here’s an illustration to help you understand:
Suppose you have BTC but need ETH to participate in a DeFi staking program. So, you send 20 bitcoins to the bridge’s address on the Bitcoin blockchain. Once there’s proof of your deposit, someone, called a “guardian”, mints 20 “wrapped” bitcoins (wBTC) on the Ethereum blockchain.
These newly minted tokens are compatible with Ethereum, so you can use them however you like.
If you want to withdraw your locked BTC, you’ll need to send the wBTC to an address on Ethereum for burning. Later, the guardian unlocks the bitcoins you sent earlier and deposits them in your address on the Bitcoin blockchain.
Popular bridges include:
Binance Chain Bridge
Terra Bridge
Anyswap
Arbitrum Bridge
Polygon Bridge
xDAI
Immutable-X
Cross-chain bridges are popular for helping users move assets between separate blockchains seamlessly. As DeFi continues to boom, cross-chain bridges open up the ecosystem to more individuals. As seen in our previous example, users can convert assets quickly to take advantage of different earning mechanisms like yield farming, staking, and lending.
Cross-chain bridges are also useful for more than just asset transfers, however. With greater interoperability between blockchains, users can switch between platforms to enjoy unique benefits like faster transactions or lower costs.
For example, you can switch from a layer-1 network (Ethereum) to a layer-2 network (Polygon) to leverage the latter’s higher throughput and cheap gas fees. Not only does this improve user experience, but it also makes it easier for you to execute blockchain transactions.
Cross-chain bridges make it easier to use a decentralized application (dApp) across different blockchains.
Sometimes, using a particular dApp, such as Aave, on its native blockchain (Ethereum) can be problematic, especially if the network is congested. In this case, using the dApp (Aave) on a faster layer-2 network like Polygon may be better. With a bridge, you can convert to your ETH to MATIC tokens and start using Aave on Polygon.
That blockchain bridges are revolutionary cannot be denied. However, their design often leaves room for vulnerabilities, which can be exploited at the expense of users. Below is an overview of major problems with cross-chain bridges today:
Cross-chain bridges vary by design. Centralized bridges rely on one administrator or a small group of entities to manage the minting and burning of tokens. In this case, there’d be one party or a set of trusted individuals (often called “guardians’) responsible for the following function:
Holding of assets deposited on the source blockchain
Notifying the bridge of the transaction
Verifying proofs of transaction
Minting and burning wrapped tokens
Binance Bridge, managed by the Binance Company, is an example of a highly centralized bridge. With this bridge, users can transfer Binance Coin (BNB) to Binance Chain, Binance Smart Chain, and other blockchains, with Binance managing the entire process.
A slightly centralized bridge, such as Chainswap, uses a group of trusted relayers. Here, the functions are distributed, so any relayer can execute the minting and burning actions on either blockchain. These relayers must stake some tokens before getting approval, and this stake can be slashed if they are guilty of malicious activity.
Centralization creates risks for users, forcing them to trust a company in Binance Bridge’s case or a group of unknown validators in Chainswap’s case. Some would argue that this isn’t a problem: Binance, a reputable company, cannot possibly steal user funds, and platforms like Chainswap have Know-Your-Customer (KYC) requirements for prospective validators.
However, trust counts for little when large amounts of assets. It’s all too easy for a hacker or even malicious insiders to breach a central node or permissioned network and take over the blockchain bridge to steal client funds or mint new tokens without deposits. And there’s the problem of custodians losing their private keys, rendering funds irrecoverable.
Cross-chain bridges have appeal because they provide customers with much-needed liquidity. A user can easily swap unused ETH and convert to BNB for any reason—processing transactions, buying assets, or trading. A bridge breaks down crypto’s walled gardens and permits value to flow between different blockchains.
But not every cross-chain bridge fulfills the vaunted promise of liquidity. To be truly liquid, a bridge must have asset pools on both the native and non-native blockchains to make the lock-mint-burn-release process faster and easier.
Centralized bridges have higher liquidity since the controlling entity has incentives to keep asset pools on multiple platforms. This feat is harder to replicate with decentralized bridges since users have lower incentives to keep funds locked on different blockchains. As a result, users may find swapping assets difficult, negating the usefulness of a bridge.
To reduce reliance on trusted intermediaries, decentralized bridges use smart contracts to manage asset swaps. Users deposit funds in a smart contract, which automatically initiates the minting of wrapped tokens on the other blockchain.
Then users can call the contract’s “burn” function, which burns the tokenized assets and releases the original assets. The entire process is coordinated trustless-ly by the smart contract, reducing third-party risk.
However, smart contracts have many flaws—for example, they are as secure as developers make them. Many cross-chain bridges rely on the soundness of the smart contract code, not the security of the blockchain. As such, bridges using poorly written smart contracts are vulnerable to malicious exploits, which presents an even bigger risk for users.
The $320 million hack on Wormhole (a Solana-Ethereum bridge) exploited a flaw in the smart contract code that allowed the hacker to mint 120,000 wrapped ether (wETH) on Solana without depositing any ETH tokens. In another exploit—this time on Qubit Finance’s Ethereum-BSC bridge—hackers were able to mint 206809 Binance (BNB) coins worth $80 million on the BSC chain without depositing any ETH.
Deficient smart contracts present a greater attack risk vector for cross-chain bridges due to the blockchain’s immutable nature. In fact, some bridges hacked have resorted to begging hackers to return stolen funds. That’s worked in the past, but counting on unscrupulous individuals to surrender their loot every time is like expecting to see cheese on the moon.
Cryptocurrency’s raison d’etre is the provision of censorship-resistant money to people. Most public blockchains fulfill this promise as long your tokens live on their native networks. Once you start swapping an asset via bridges, you’re trading off censorship resistance for liquidity.
Let’s imagine you’re using a centralized or permissioned cross-chain bridge. You’ll need to trust the custodian(s) to burn your wrapped tokens and send the original coins to your address on the original blockchain.
But what happens when the “trusted” custodian(s) refuse to stop minting and burning tokens? Your funds will remain locked up forever—and that’s the end.
Cross-chain ridges have brought higher interoperability to the blockchain industry and created a better experience for blockchain users and developers. Still, interoperable blockchain platforms have problems to solve, including growing centralization, security risks, liquidity issues, and more.
With improvements to cross-chain bridge architecture, a future where interconnected blockchains form a giant interoperable ecosystem is possible. For now, we must accept that true—and secure—blockchain interoperability is far from being realized.
Also Published Here