Recently, the founder of Ethereum, Vitalik Buterin, published a post on Reddit in which he reflects on the cross-chain interoperability of blockchains. In short: he is pessimistic about this concept, although he believes in a multi-chain ecosystem in understanding the coexistence of networks and communities with different values.
Especially for Cryplogger, the founder of the project deBridge.finance Alex Smirnov analyzed Buterin’s theses and explained why 51% attacks are not a death sentence for cross-chain bridges. He is convinced that the future lies in the full compatibility of blockchain ecosystems, and not in parallel existence without direct connections.
Attack Tolerance 51%
Vitalik Buterin connects his pessimism with the security model and considers the 51% attack as an example. In his opinion, attacks of this type are not critical and do not need to be prevented.
Blockchain is a certain sequence of states, and the most painful for the user is the rollback of the state to some previous value. For example, you have successfully exchanged 1 ETH for 3300 USDT on Uniswap. In the event of an attack, the worst thing that can happen is a state rollback to the moment when you did not yet have 3300 USDT, but had 1 ETH in your wallet balance. Buterin summarizes that within the framework of one ecosystem, these attacks are not so critical and it is not necessary to throw all your efforts into overcoming them.
With cross-chain bridges, the situation is completely different: if you successfully received assets from one blockchain to another through the bridge, then in the event of an attack on the sending chain and a state rollback, your original asset will be returned to you. At this point, the wrapped assets issued by the bridge protocol on other networks lose their collateral on the native chain.
Buterin’s fears are indeed justified, but is everything so critical?
We should not treat 51% attacks as something normal, which is provided by the protocol. In each blockchain, a social consensus has developed regarding the finality of transactions – 11 confirmations are needed in the Ethereum network, and only then the transfer is considered irreversible. It is assumed that if this condition is met, the transaction cannot be rolled back using block reorganization attacks.
Potential attacks affect not only cross-chain bridges, but the entire ecosystem of applications and services on top of the blockchain: exchanges, payment and custodial solutions, gateways, and more. Any attack that violates the generally accepted standard of finality of transactions undermines the trust in the security of the entire ecosystem, so they should not be allowed.
Protection methods
How can interoperability protocols (bridges) protect themselves from this kind of attack?
In deBridge, the protocol consists of two layers:
- Protocol layer, which is represented by a set of smart contracts in each of the supported networks.
- The infrastructure layer, which is represented by validators appointed by the government of the protocol. The task of validators is to provide infrastructure to the protocol and have running nodes of all supported blockchains along with a deBridge node that reads information from smart contracts.
Each cross-chain transaction is automatically assigned a unique number (nonce) by the smart contract, which is its serial number. Validators confirm transactions in ascending order of nons — if duplicates appear in the sequence, then the network has undergone a reorganization of blocks or an attack. Validators automatically suspend validation of all transactions from this network so that the protocol government can figure out what happened and whether it is necessary to tighten the requirements for the finality of transactions in this chain.
Considering that the states in the blockchain are always consistent, attackers cannot inject an arbitrary state (for example, replace the nonsense). In the case of a 51% attack, they would have only one attempt to transfer only one specific token across the bridge, for which they would need to attack the consensus of the entire blockchain. In addition to the cost of attacking the consensus, attackers need to purchase an asset for the amount that they plan to attack, which will make the attack even more costly.
Moreover, validators can always exclude the validation of scenarios whose probability is close to zero. For example, if $10 billion in ETH is locked in the bridge protocol, there are hardly any scenarios where the entire amount belongs to one wallet and can be withdrawn in one transaction. For such scenarios, the validators node can increase the finality requirements (for example, 400 confirmations instead of 11), which will make the bridge attack even more expensive.
Risk insurance
In the near future, all cross-chain interactions will be abstracted by the interface of wallets and decentralized applications (dapps), the user will not even know that he is using some kind of bridge. On the example of cross-chain swaps, the user simply makes an exchange, indicating which asset he gives away and which asset he wants to receive on another network. All the magic happens in the background and users don’t even need to be aware of the existence of wrapped assets issued by the bridge or the existence of liquidity pools. Bridges are like TCP/IP for the Internet. When we use websites, we don’t think about how packets are transmitted, we just enjoy the result, and everything else is abstracted outside the browser window.
The entire risk is borne by those who own the wrapped token of the asset that suffered during the attack, namely the liquidity providers. For example, if I, as a liquidity provider, am the holder of some wrapped asset from the Ethereum network, I take the risk of the finality of transactions and realize that it is impossible to make a 51% attack on this network that will last longer than 11 blocks. In case of a successful attack, the amount of losses will be proportionally divided among the liquidity providers who knowingly took the risk.
Buterin argues that the problem is exacerbated if the bridge supports a large number of networks at once, since an attack on one network can lead to an attack on all bridge protocol assets on other networks.
Here he is wrong – a lot depends on the design of the bridge protocol. For example, in deBridge, with each transaction between networks, the validator node calculates the current state in each of the networks and knows the total number of deposits and withdrawals for each asset. Thus, it is impossible to derive more than (total deposits – total withdrawals) for each specific token/asset. Such a transaction will simply not be validated, and validation for this network will be suspended to determine the reasons for the failure.
The attack on each particular blockchain is isolated, and the risks are shared between the liquidity providers of assets from that particular blockchain.
Cross-chain interoperability protocols are an integral part of Web3 and the next wave of DeFi development. In the near future, we will see the construction of new cross-chain applications and primitives that were not available before. Protocols will begin to interact with each other and share information, despite the fact that they exist on different blockchains, and the industry will become even more cohesive, which will allow a new financial world to be created faster.
Therefore, the future is not only for multi-chain coexistence, but definitely for full cross-chain compatibility between protocols and ecosystems.