Bridging the Trust Gap: How to Safely Bridge Cryptocurrency Across Blockchains
A practical guide to secure cryptocurrency transfers between blockchains
Gm readers 🙋♀️
Welcome back to Bits n Bytes, your favourite newsletter (at least that’s what I think) that explains web3 concepts better than Praful explains things to Hansa.😁
Sorry folks, this week’s edition got a little late. We were busy counting how many Naatus there are in Naatu Naatu👩🤭
Let’s get to munching, shall we?🍪
The worrying increase in DeFi hacks has likely been the year's second most notable trend, following the demise of crypto giants like Celcius and FTX.🔻
Cross-chain bridge hacks are the most well-known of these. That’s why it’s vital to educate yourself about secure bridging methods for inter-chain cryptocurrency transfers.🤓
After reading today’s edition say “Noto Noto” to falling prey to bridge hacks😏
Here’s what blockchain snack-bar has in store for you today 🍝
Why do you need bridges?🌉
What’s the deal with security that we keep stressin about? 🤓
What are the categories of bridges available?👀
Extensibility—where all can you can bridge to🤔
Connecting the Chains ⛓️
There’s no denying that cryptocurrency has come a long way since its inception. Initially, it was seen as a digital alternative to traditional currency, but now it's being used for various purposes, including investment, online shopping, and more.🥳 ‘
However, as cryptocurrency gains popularity, so do the concerns around its security. One of the major security concerns that come with using cryptocurrency is transferring it between different blockchains. ⛓️
If you need a primer on blockchain bridges check out this edition of Bits n Bytes🤩
Because web3 is not just about 1 chain, we see new protocols coming in every day and in order to interact with new protocols on other chains and enable developers from different blockchain communities to collaborate - we need our good ‘ol bridges🌉
Whenever a layer-1 blockchain like Ethereum connects to any other system, there is a bridge involved🌉
Bridge is fundamental for any scaling solution. 💯
Think of blockchain bridges as the Transporter in Star Trek – they enable you to beam your assets from one network to another in the blink of an eye. No more waiting for confirmations or dealing with high transaction fees. With a blockchain bridge, you can move your assets quickly and easily.😎
📌 Cross-chain bridges enable blockchains to talk to one another. They were designed to meet the increasing demand to transfer assets between them without a central authority.
📌 They fix a core problem with blockchains - it is hard for them to work together and communicate. Cross-chain bridges help open them up and increase liquidity.
When it comes to using bridges for transferring cryptocurrency from one blockchain to another, it's essential to be aware of the different methods available and the potential risks associated with each. ⚠️
Before we get to all the gyaan, let’s meet Bob - who’s a newbie to the blockchain world and is finding a way in this space like you and me 👇
👉 Bob wants to send his 0.5 bitcoin token to his Ethereum wallet. Bob must use a bridge to accomplish this.
👉 He thinks all bridges are alike.🙃
Bob wants his tokens to be transferred quickly and securely and he’s certain he does not want to misplace his tokens in this transfer.😎
What options does Bob have? And what are the things he need to keep in mind while he does the transfer of tokens?
1️⃣Atomic Swaps
Atomic swaps are one of the most secure ways to transfer cryptocurrency between different blockchains.
📌They allow two parties to exchange one cryptocurrency for another without the need for a trusted third party, such as an exchange.
📌Atomic swaps are done through a smart contract, which automatically executes the trade when the conditions are met.
🧷 E.g.: Atomic swap between BTC and LTC using a decentralized exchange (DEX) like Bisq, Uniswap or Kyber network
2️⃣Sidechains
A side-chain is a separate blockchain that is connected to the main blockchain through a two-way peg.
📌 This allows for the transfer of cryptocurrency between the main blockchain and the sidechain.
📌 The main advantage of using sidechains is that it allows for the transfer of cryptocurrency without the need for a trusted third party.
📌 They also facilitate the transfer of cryptocurrency between different blockchains.
🧷 E.g.: RSK network- it allows users to peg BTC and move them on the RSK network, and then back to the BTC network.
3️⃣Wrapped Tokens
Wrapped tokens are a representation of a cryptocurrency on a different blockchain.
For instance, a wrapped Bitcoin (wBTC) is a token on the Ethereum blockchain that represents a certain amount of Bitcoin.
📌 They allow for the transfer of cryptocurrency between different blockchains without the need for a trusted third party.
📌 They can also be used to access decentralized applications (dApps) on different blockchains.
🧷 E.g.: Wrapped Ethereum (wETH) - it allows users to access Ethereum based dApps using their Ethereum tokens.
4️⃣Rollups
They’re a hybrid layer 2 scheme, which move computation (and state storage) off-chain, but keep some data per transaction on-chain.
📌 The validity of messages and resulting states can be proven on layer-1.
📌 They implement a light client on layer-1 that checks the validity of the state root from layer-2. Rollups have the fewest trust assumptions of all bridges.
📌 The bridge will only release the funds if there is a mathematical or crypto-economic proof of correctness.
📌 Since this proof happens on layer-1, bridges inherit the security of the layer-1 blockchain and hence are highly secure.
🧷Examples: StarkGate, Arbitrum Bridge, Optimism Bridge
Bob has quite some options, right?🤩
But, apart from trusting the layer 1 and leveraging the sidechains,
Can validators also be trusted by the bridges with the state of the blockchain?
If at all, how de we choose the pool of validators? Do we take it from the layer 1 or have a custom pool?
Read on to find out 👇👇
5️⃣Consensus light client
Consensus light client is a way to access a blockchain network by downloading only a small part of it, which is enough to verify that the network is following the rules and the blocks are valid.
📌 Essentially, light client can verify that the network is following the rules for adding new blocks to the blockchain and that the blocks are valid without having to download the entire blockchain history.
📌 This bridge assumes that the validator set of the source chain aren’t conspiring with each other.
📌 Consensus-checking light clients are less secure than rollups as they can not validate if a block is correct – they trust the miners / validators of the source blockchain who have agreed on a certain state.
Basically, they check if a block is signed correctly and in the case of PoW they check the difficulty.
📌 Security of the client depends on the security of the underlying chain and trustworthiness of the information it receives from the network.
🧷 Examples: Cosmos IBC
Say, Bob uses Wrapped Bitcoin (WBTC) to transfer the tokens.
As we know by now, Wrapped Bitcoin is a cross-chain bridge that creates a new WBTC token on the Ethereum network and holds a bitcoin in a smart contract on the Bitcoin network.
The number of WBTC is always equal to the number of bitcoin in the WBTC cross-chain bridge smart contract. After using the cross-chain bridge, Bob now has Bitcoin-backed ERC-20 token that he can easily use on the Ethereum network.
Sip a cuppa hot coffee while we get you all the crypto snacks for the week😉
What you need to know when you bridge tokens?👀
Blockchain bridges are protocols - a set of rules and the implementation. The rules define the responsibilities for protecting and releasing the users’ assets held in the bridge📃
To put in simple terms, a blockchain bridge cannot really move tokens between blockchains. 😯
📌 In fact, a blockchain bridge consists of two smart contracts holding tokens and a set of rules that define who has access to those tokens.
📌 Between those two smart contracts on different blockchains, there is a flow of messages with cryptographic signatures.
Those messages are instructions for smart contracts on the destination chain to create or release new tokens, triggering a payout for the recipient of the transaction. So bridges must ensure the validity of those messages.
Clearly, the security of a bridge defines the security of the usage of the off-chain system.💁♀️
In every case, bridges need external parties that relay the messages. Those parties watch the smart contracts on every chain, create or pick up messages and relay those to the other chain.
The technical challenge of bridges lies in the very nature of blockchains. Blockchains are designed to be consistent and validatable.
A blockchain can only know and trust information that the blockchain itself produces. Any external information – and therefore the concept of bridged tokens – is hard to independently validate since a blockchain has no way of knowing the outside world or the other blockchain🤔
Most bridges use clever tricks to ensure that the relayed message is valid and if so Bob can receive his tokens without any hassle💯
What do we mean by security?🔐
Security = Absence of risk
Malicious Actors at play☠️
While all the options we saw are effective for bridging cryptocurrencies, it's important to keep in mind that they are not without their risks.
One of the biggest concerns is the potential for a malicious actor to intercept or tamper with your cryptocurrency during the bridging process. To mitigate this risk, it's important to use a reputable and well-vetted bridge or relay contract, and to take steps to ensure the security of your private keys.
Issue of trust🤝
When bridging your cryptocurrency from one blockchain to another, you're essentially placing trust in the bridge contract or intermediary that you're using.
👉 To minimize this risk, it's important to do your due diligence and research the bridge contract or intermediary before using it.
👉 Look for reviews, testimonials, and other information that can give you an idea of the reputation and track record of the service.
From Bob’s perspective, the security of a bridge is defined as the likelihood of a happy case— receiving all the bitcoin tokens that he was promised on the destination chain.
In general, risk = risk of a bridge relaying an invalid message😟
In economic terms, a bridge is secure if it is not subject to economic attacks where the amount of funds required to compromise the bridge is less than the one required to compromise the underlying blockchains it connects.
The more likely it is for Bob to get all his tokens, the more secure we call the bridge. That is the same as saying how unlikely the unhappy case is – in a secure bridge it is unlikely that something bad will happen for Bob 😎
Here’s the comparison you’ve been waiting on, and see how each option can help prevent a bad outcome. Here’s what could happen to Bob when he tries to bridge his tokens:
Bob could be censored – his valid message could be censored😲
The transaction could be rejected because the bridge operators have Bob’s account on a ban list. In that case, he could not bridge and in the worst case not be able to withdraw the tokens.Bob could receive fewer or no tokens on the destination chain than agreed upon – his valid message could be tampered with😓
So Bob could be promised 0.495 wBTC on Ethereum but he only gets 0.1 or none at all. In that case, the bridge didn’t relay the valid message but changed the message in the process.
Risks must be considered for each layer when building a bridge 👇
📌 The consensus layers and blockchains that a bridge connects, as well as their finality and security.
📌 Different types of finality and chain reorgs should be supported by a bridge.
📌 On their own, smart contracts carry a very specific risk that we can name as upgradeability or as simple bugs that a hacker could take advantage of.
📌 Modern web security design must be maintained and applied to the off-chain infrastructure.
The goal of today’s edition is to analyse the issue of bridge security in terms of how various bridge designs shield Bob from those two undesirable outcomes.
While there are more than 100 bridges, we have covered the broader categories in terms of the protocol design. Let’s get to the real deal, security that we all are apprehensive about in web3 just like our jobs in this bear market 😬
Bridging the Gap: how bridges are secured? 🤔
Here’s an easy to understand how different bridge designs would have prevented bad outcomes for Bob👇
Extensibility: What other networks can be connected to through the use of a bridge?
So why would Bob not only use Atomic Swaps or rollups to bridge his tokens?
Even though native bridges and light client bridges are the most secure for the particular domains they were built for (e.g., the Arbitrum bridge is the most secure one between Arbitrum and Ethereum, and IBC is the most secure communication protocol for Cosmos), they have a significant limitation by design: they only work for the connection they were specifically designed for🙄
On the contrary, validator bridges and optimistic bridges have the flexibility to connect any smart contract chain.😲
If Bob wanted to bridge between Bitcoin and Ethereum he would need to go through either of these systems👇
So, What do we think about bridges ?
In conclusion, transferring cryptocurrency between different blockchains can be a bit daunting, especially for beginners. However, it’s an interesting space to watch as it has the potential to increase interoperability and adoption of different blockchain networks.⛓️
By understanding the different methods available, such as atomic swaps, sidechains, and wrapped tokens, users can make informed decisions about how to transfer their cryptocurrency securely💯
Remember to also keep in mind the legal framework and the regulations of your area before attempting to transfer your cryptocurrency💁♀️
And as always, do your own research 🧐
You're now progressing in your self-sovereign Web3 journey toward gaining a deeper understanding of bridge security.
Happy bridging!🌉
Well that’s a wrap for today! 😌
If you want more web3 gyan, then, be sure to follow us on Twitter (@Web3_BNB)
Adios 👋
How'd you like today's web3 Bytes?
Let me know in the comments 👇