To Bridge or Not to Bridge - The Daily Gwei #418
Be careful that the bridge you're taking doesn't collapse before you make your way back.
I think that cross-chain bridges/exchanges are going to be absolute juggernauts as we progress through the adoption of crypto via different layers and chains. With this growth will come incredible investment opportunities, a better user experience for people hopping across chains and layers and, unfortunately, a whole lot of extra risk for users.
Now, not all bridges are created equal and there are actually quite a few different constructions out there today (with more coming online in the future). Though I’d say the majority of these bridges fit into 2 main categories - cross-chain/L2 exchanges and bridge contracts. The former basically puts all the risk on the people who provide liquidity to enable swaps between chains and layers (think of it like a cross-chain Uniswap) whereas the latter is where users deposit their assets which are then locked and issued as IOUs on the chain being bridged to (and then conversly unlocked on the way back).
I want to focus on the second bridge mechanism and explain how it really isn’t a bridge at all - it’s more of a “cloning” mechanism. For example, if you send ETH from Ethereum to another layer 1 network like the Avalanche C-Chain, your actual ETH is locked in the bridge contract on Ethereum and you are issued Avalanche-ETH as an IOU on the C-Chain. If for whatever reason the funds are lost or frozen on the C-Chain, it doesn’t mean that they are lost on Ethereum - the multi-sig that controls the bridge contract could in theory retrieve the funds on Ethereum. This is because the ETH only ever really resides in the locked contract on Ethereum and you simply hold an IOU on the bridged-to chain.
These bridge contracts are also massive honeypots for attackers because of the amount of value they have locked in them. The biggest ones currently hold billions of dollars worth of tokens and are controlled by a multi-sig that usually consists of less than 10 people. If one of these contracts was to be breached it’d be catastrophic for not only the users, but the bridged-to chain as well. This is because, as I mentioned above, all of the assets on the bridged-to chain’s side are simply IOUs - if what is backing them suddenly disappears (like in a bridge contract compromise) then the value of the IOUs effectively goes to 0. This would have massive on-flow effects for things like DeFi on the bridged-to chain and lead to extreme volatility and massive losses for users.
Finally, there is one bridge construction that is very different (and better) and that’s the layer 2 bridges. This is because a properly constructed layer 2 network and bridge (such as a decentralized zk or optimistic rollup) inherits its security from Ethereum layer 1 which means users will always be able to withdraw their funds from the bridge contract to layer 1 even if the layer 2 was to go offline. This is not the case for a bridged-to seperate layer 1 network because it does not inherit its security from Ethereum - rather, its security is wholly determined by its own validator set.
There’s a lot of nuance, edge cases and differing consequences depending on which bridge contract or cross-chain/L2 exchange you are looking at. Going forward, I think that these products are going to see incredibly explosive usage but will also present a lot of newer risks. I mean, some of them have already been exploited or had major bugs discovered in them - it’s only a matter of time before we see a billion dollar exploit on one of these bridges.
Stay safe out there folks.
Have a great day everyone,
Anthony Sassano
Enjoyed today’s piece? I send out a fresh one every week day - be sure to subscribe to receive it in your inbox!
Join the Daily Gwei Ecosystem
All information presented above is for educational purposes only and should not be taken as investment advice.
This aged like fine wine. You have been predicting that a major bridge would be exploited for months now. Seems like that's exactly what happened to Wormhole https://twitter.com/wormholecrypto/status/1488976115750383626