Vitalik Buterin says cross-chain bridges are vulnerable to 51% attacks

Ethereum founder Vitalik Buterin said he supports the concept of a multi-chain ecosystem, but is ‘pessimistic’ about cross-chain bridges. He says the latter are vulnerable to 51% attacks.

My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple \”zones of sovereignty\”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b

— vitalik.eth (@VitalikButerin) January 7, 2022

«The fundamental security limitations of bridges are the main reason I remain optimistic about a multi-chain blockchain ecosystem (indeed, there are several separate communities with different values, and it\’s better for them to exist separately than fight for influence), but I observe cross-chain applications with a degree of pessimism,” he wrote on Reddit.

Buterin said that, compared with layer-1 networks, cross-chain bridges are more vulnerable to 51% attacks. He explained that even if an attacker manages to seize a majority of the network\’s computing power, they would not be able to steal users\’ crypto, because that would ‘violate the protocol\’s rules’.

The Ethereum founder added that a 51% attack could subject a decentralized application to censorship or a temporary reversal, but the network would later return to a ‘consensus state’.

«If you had 100 ETH, but sold them for 320,000 DAI on Uniswap, even after a blockchain attack in some crazy way you would end up with a reasonable outcome — you would either keep your 100 ETH, or receive 320,000 DAI. An outcome in which you get neither (or, if you will, a third outcome) violates the protocol rules, and therefore will not be accepted», — said Buterin.

He stressed that cross-chain bridges do not offer such guarantees, and therefore users could lose funds. As an example, he cited a hypothetical Ethereum-Solana bridge scenario:

• An attacker deposits a large amount of their own funds into wrapped ETH on Solana;
• attacks the Ethereum network and, after awaiting the transaction confirmation on the Solana side, reverses it;
• The Solana-WETH contract is no longer fully collateralized, causing the price of wrapped assets for other users to fall — effectively they lose money.

«Even if there exists a perfect bridge based on ZK-SNARK, which fully confirms consensus, it would still be vulnerable to theft via 51% attacks like this», — said he.

In Buterin\’s view, connecting hundreds of blockchains via cross-chain bridges will lead to many interdependent decentralized applications. In such a setting a 51% attack on even a single network creates a ‘systemic infection’ that threatens the economy of the entire ecosystem.

«I do not expect these problems to appear immediately. Carrying out a 51% attack even on a single chain is difficult and expensive. However the more cross-chain bridges and applications are used, the higher the probability», — he concluded.

Frax Finance founder Sam Kazemian noted that there is a concept of an inter-network bridge capable of solving the problem highlighted by Buterin. It involves a system that checks the states of blockchains interacting with the bridge before confirming a transaction, and then passes this information to an anchor network, which could be Ethereum.

Blockchain Foundry CTO Jag Sidhu noted that a similar idea is being pursued by cross-chain exchange zkLink.

Zklink tries to do this sam, so the rollups are seperate then an outer proof is aggregated on each rollup to create a final proof that is put into each contracts and an oracle system pushes the proof to each chain to ensure it’s consistent. There are better ways but same idea

— jagdeep sidhu (@realSidhuJag) January 8, 2022

As noted in late 2021, Buterin described the role of ZK-Rollups in Ethereum scalability and proposed a method to lower transaction costs on L2.