Recently the Ethereum founder Vitalik Buterin published a post on Reddit, in which he reflects on cross-chain interoperability of blockchains. In short: he is pessimistic about this concept, although he believes in a multichain ecosystem understood as the coexistence of networks and communities with different values.
Specifically for ForkLog, deBridge.finance founder Alex Smirnov dissected Buterin’s theses and explained why a 51% attack is not a death sentence for cross-chain bridges. He is convinced that the future lies in full interoperability of blockchain ecosystems, rather than parallel existence without direct links.
The Acceptability of a 51% Attack
Buterin ties his pessimism to a security model and considers, as an example a 51% attack. In his view, attacks of this type are not critical and need not be prevented.
Blockchain is a sequence of states, and the most painful outcome for a user is a rollback to some earlier state. For example, you successfully swapped 1 ETH for 3300 USDT on Uniswap. In the event of an attack, the worst that can happen is a rollback to the moment when you did not yet have 3300 USDT, but had 1 ETH in your wallet. Buterin concludes that within a single ecosystem these attacks are not so critical and there is no need to devote all resources to overcoming them.
With cross-chain bridges the situation is quite different: if you successfully receive assets from one blockchain to another via a bridge, then in the event of an attack on the sending chain and a rollback you will recover your original asset. At that moment, wrapped assets issued by the bridge protocol in other networks lose their collateral backing in the native chain.
But are Buterin’s concerns truly warranted, or is it not so dire?
We should not treat 51% attacks as something normal that the protocol anticipates. In every blockchain, a social consensus around finality has formed — on the Ethereum network, 11 confirmations are required before a transfer is considered irreversible. It is assumed that, if this condition is met, the transaction cannot be rolled back through chain reorganisations.
Potential attacks affect not only cross-chain bridges but the entire ecosystem of applications and services built atop the blockchain: exchanges, payments and custody solutions, gateways and much else. Any attack that undermines the generally accepted standard of transaction finality undermines trust in the security of the whole ecosystem, and therefore they must not be allowed.
Defence measures
How, then, can compatibility protocols (bridges) defend themselves against such attacks?
In deBridge, the protocol consists of two levels:
- The protocol layer, represented by a set of smart contracts in each of the supported networks.
- The infrastructure layer, represented by validators appointed by the protocol’s governance. The validators’ task is to provide the protocol with infrastructure and to run nodes of all supported blockchains alongside the deBridge node, which reads information from the smart contracts.
For each cross-chain transaction, the smart contract automatically assigns a unique number (nonce), which serves as its sequential identifier. Validators confirm transactions in ascending nonce order — if duplicates appear in the sequence, a chain reorganisation or an attack has occurred. Validators automatically suspend validation of all transactions from that network so that the protocol’s governance can determine what happened and whether the finality requirements on that chain should be strengthened.
Given that blockchain states are always consistent, attackers cannot inject arbitrary states (for example, substitute nonces). In a 51% attack they would have only one attempt to transfer a single specific token across the bridge, an endeavour that would require attacking the consensus of the entire blockchain. In addition to the cost of attacking the consensus, attackers would need to acquire assets equal to the amount targeted by the attack, making the assault even more expensive.
Moreover, validators can always exclude validation of scenarios whose probability is vanishingly low. For example, if the bridge protocol locks $10 billion in ETH, it is unlikely there are scenarios where the entire amount belongs to a single wallet and could be withdrawn in a single transaction. For such scenarios, the validator node may impose stricter finality requirements (for example, 400 confirmations instead of 11), making a bridge attack even more costly.
Risk coverage
In the near future, all cross-chain interactions will be abstracted by wallets and decentralized applications interfaces; users will not even know they are using a bridge. Taking cross-chain swaps as an example—the user simply makes an exchange, indicating which asset they give and which asset in another network they wish to receive. The magic happens in the background, and users do not need to know about wrapped assets issued by bridges or about liquidity pools. Bridges are like the TCP/IP protocol for the Internet. When we use websites, we do not think about how packets are transmitted; we simply enjoy the result, and everything else is abstracted behind the browser window.
All the risk is borne by those who hold the wrapped token of the asset that was affected in the attack, namely liquidity providers. For example, if I, as a liquidity provider, hold some wrapped asset from the Ethereum network, I assume the risk of finality of transactions and understand that a 51% attack on that network cannot last longer than 11 blocks. In the event of a successful attack, losses are proportionally shared among the liquidity providers who knowingly assumed the risk.
Buterin argues that the problem is compounded if a bridge supports a large number of networks, since an attack on one network could affect all assets of the bridge protocol across other networks.
Here he is mistaken — much depends on the bridge protocol’s design. For example, in deBridge, with every transaction between networks the validators’ node computes the current state in each network and knows the total inputs and outputs for each asset. Thus, from each network it is impossible to withdraw more than (the total deposits — the total withdrawals) for each specific token/asset. Such a transaction will simply fail to be validated, and validation for that network will be suspended to determine the cause of the fault.
An attack on each specific blockchain is isolated, and the risks are shared among the liquidity providers of assets in that particular blockchain.
Cross-chain interoperability protocols are an integral part of Web3 and the forthcoming wave of DeFi development. In the near term, we will see new cross-chain applications and primitives that were not available before. Protocols will begin to interact and exchange information, even though they exist on different blockchains, and the industry will become more cohesive, enabling faster creation of a new financial world.
Thus the future lies not only in multichain coexistence, but certainly in full cross-chain interoperability between protocols and ecosystems.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full feed of news, ForkLog — the most important news, infographics and opinions.