Is there a secure future for cross-chain bridges?

Is there a secure future for cross-chain bridges? – Mail Bonus

The machine lands and stops. On the way to passport control, one of the passengers stops at a vending machine to buy a soda bottle – but the device completely does not care about all their credit cards, cash, coins and everything else. All this is part of a foreign economy in terms of the machine and as such they can not even buy a drop of coke.

In reality, the machine would have been quite happy with Mastercard or Visa. And the money exchange desk at the airport would just as well have been willing to come to the rescue (with a hefty surcharge, of course). In the blockchain world, though, the above scenario comes to the forefront of some commentators’s, as long as we switch to traveling abroad to move assets from one chain to another.

Although blockchains as distributed ledgers are quite good at tracking value transfers, each layer-1 network unit is, in itself, unaware of any unique events. Since such chains are by extension separate entities from each other, they are not compatible in nature. This means that you can not use Bitcoin (BTC) to access a distributed financial (DeFi) protocol from the Ethereum ecosystem unless the two blocks can communicate.

Forcing this communication is a so-called bridge – a protocol that allows users to move their tokens from one network to another. Bridges can be central – ie. operated by a single unit, such as Binance Bridge – or built in varying degrees of distribution. Either way, their core mission is to enable the user to move their assets between different chains, which means more usability and thus value.

As handy as the term sounds, it is not the most popular with many in society right now. On the one hand, Vitalik Buterin recently expressed doubts about the concept and warned that cross-chain bridges could enable 51% cross-chain attacks. On the other hand, spotted cyberattacks on cross-chain bridges that exploit their vulnerabilities in smart contract code, as was the case with Wormhole and Qubit, led critics to consider whether cross-chain bridges could be anything other than pure technical security guarantees. terms. So, is it time to dump her and move on? Not necessarily.

Connected: Crypto, like railways, is one of the world’s major innovations of the millennium

When contracts become too complete

Although information depends on a specific project, a cross-chain bridge that connects two chains with smart contract support usually works this way. The user sends his tokens (let’s call them Catcoins, cats are cool too) on chain 1 in the bridge’s wallet or the smart contract there. This smart contract needs to send the data to the bridge’s smart contract on chain 2, but since it is unable to reach it directly, a third party – either a centralized or (to some extent) distributed intermediary – needs to deliver the message. The Chain 2 agreement then places an artificial symbol in the wallet provided by the user. Here we are – the user now has wrapped Catcoins on chain 2. It’s like swapping a fiat for casino chips.

To get Catcoins back on chain 1, the user would first need to send the artificial tokens to the contract of the bridge or wallet on chain 2. Then a similar process goes up, where the intermediary clicks the contract of the bridge on chain 1 to release the appropriate amount of Catcoins in a specific wallet. . On chain 2, depending on the exact design of the bridge and the business model, the artificial symbols returned by the user are either burned or kept in custody.

Keep in mind that each step of the process is actually broken down into a linear sequence of smaller operations, even the initial transfer is performed in steps. The Internet must first check if the user has enough Catcoins, deduct them from their wallet and then add the appropriate amount to the smart contract. These steps form the overall logic that deals with value transferred between chains.

In the case of both Wormhole and Qubit bridges, the attackers were able to exploit flaws in smart contract logic to feed the bridges fake data. The idea was to get the artificial symbols on chain 2 without putting anything on the bridge on chain 1. And truth be told, both hacks revolve around what happens in most attacks on DeFi services: to utilize or optimize logic that drives a certain process for financially benefit. A cross-chain bridge connects two layer-1 networks, but things play out similarly between layer-2 protocols as well.

For example, when you place an unborn token in a yield house, the process involves an interplay between two clever contracts – those who power the token and farming. If any of the underlying sequences have a logical flaw that a hacker could exploit, the criminal will do so, and that’s exactly how GrimFinance lost about $ 30 million in December. So, if we’re ready to say goodbye to cross-chain bridges because of some flawed implementations, we might as well sift through smart contracts and bring the code back to our own Stone Age.

Connected: DeFi attacks are on the rise – Will the industry be able to stop the wave?

Steep learning path to master

There’s a bigger thing to do here: Do not blame the idea of ​​a faulty implementation. Hackers always follow the money and the more people use cross-chain bridges, the more motivated they are to attack such protocols. The same logic applies to anything that has value and is connected to the internet. Banks are also being hacked, and yet we are in no hurry to shut them all down because they are an important part of a larger economy. In the scattered space, cross-chain bridges also play a major role, so it would be wise to restrain our anger.

Blockchain is still a relatively new technology and the community around it, as big and bright as it is, is only finding out the best security practices. This is even more true of cross-chain bridges, which work to link protocols to different underlying rules. Now they are the original solution that opens the door to transfer value and data over networks that form something larger than the sum of its components. It’s a learning process and it’s worth learning.

Although Buterin’s arguments, for their part, go beyond implementation, they are not without reservation. Yes, a malicious actor controlling 51% of the small block chain hashtag or target symbol could try to steal Ether (ETH) locked on the bridge at the other end. The volume of the attack would hardly go beyond the market value of the blockchain, as there is a maximum imaginary limit on how much the attacker can put into the bridge. Smaller chains have a smaller market value, so the damage caused by Ethereum would be minimal and the return on investment for the attacker would be questionable.

Although most modern cross-chain bridges are not without flaws, it is too early to dismiss their underlying ideas. In addition to standard symbols, such bridges can also carry other properties, from immutable symbols to unknowingly identifiers, making them extremely valuable to the entire blockchain ecosystem. Technology that adds value to each project by bringing it to more target audiences should not be considered solely in zero-sum terms, and its promise of connection is worth the risk.

This article does not include investment advice or advice. Every investment and trading business involves risk and readers should do their own research when making a decision.

The views, thoughts and opinions expressed herein are the sole responsibility of the authors and do not necessarily reflect or represent the views and opinions of the Cointelegraph.

Lior Lamesh is a co-founder and CEO of GK8, a blockchain network security company that offers custody solutions for financial institutions. After improving its online skills in Israel’s top-flight network directly under the Prime Minister’s Office, Lior led the company to a successful $ 115 million acquisition in November 2021. In 2022, Forbes appointed Lior and his business partner Shahar Shamai. 30 Under 30 list.