A Deep Dive Into Across Protocol’s Security

Lana Foglio
across.to
Published in
5 min readJan 24, 2022

tl;dr — Across is a cross-chain bridge that allows you to securely send assets from L2 to L1. Across prides itself on its two pillars of security and trust: UMA’s Optimistic Oracle and tested smart contracts. The Optimistic Oracle showcases theoretical and economic guarantees, while the strength of our contracts is proven by UMA’s history, strong audit reports and the TVL. Across Protocol is the best bridge if you’re looking for somewhere quick, instant and secure to send assets cross-chain.

What is Across Protocol?

Across is a bridging method that uses bonded relayers, single-sided liquidity pools and UMA’s Optimistic Oracle, which when put all together allows for decentralized, instant transfers. Across’ cross-chain bridge allows you to return assets to Ethereum Mainnet, L1, in a cheap, secure and quick manner.

When analyzing Across Protocol’s security, two pillars are exceptionally clear: the Optimistic Oracle and tested smart contracts, which is proven by our audits, TVL in Across’ bridge and our contracts standing the test of time.

Let’s Talk Through the Optimistic Oracle.

A significant driving point in Across’ security is its use of UMA’s Optimistic Oracle, which allows smart contracts to bring off-chain data on-chain. The oracle functions optimistically, meaning that it assumes answers are true unless they’re disputed.

True to UMA’s vision of decentralization, the Optimistic Oracle solves the oracle problem by offering decentralization through the following:

  1. Multiple bots within the system fact-check each other, ensuring that another bot notices if one is corrupted. The dispute window also allows for human intervention.
  2. Allowing UMA token holders to vote to resolve disputes.

UMA token holders are incentivized to vote because if they’re on the winning side, they claim rewards (more on this later). In the end, if the disputer was correct they’re rewarded with the proposer’s bond, and vice versa. These bonds act as insurance for each side.

If you would like to learn more about the Optimistic Oracle, click the link here.

UMA’s Optimistic Oracle is designed for disputes to be rare.

Crypto Twitter influencer DCF GOD stated the following:

“I have no hesitation bridging assets in size with Across. The use of UMA’s Optimistic Oracle ensures it’s trustless and secure.”

You can view the code here, which has been audited by OpenZeppelin.

Here are some major security perks that go with Across using the Optimistic Oracle:

  • No singular admin or key master

Anyone can request a price or dispute an answer. Utilizing the Optimistic Oracle means that no one or thing has a centralized, decision-overriding power that could enable corruption.

  • Simple reward system to incentivize correct voting

If you’re correct? You receive $UMA inflation rewards generated by the protocol. Incorrect? No reward and perhaps a large amount of FOMO.

  • Decentralized kill switch

UMA voters can ignore or block clearly malicious or spam-like requests. In addition to this, spam-like requests that would aim to flood the system are unlikely in the first place, as it costs money for each DVM price request.

  • Token holder incentives

Investment-wise, token holders are incentivized to vote correctly because if the system tanks, so does their investment. In particular, very large UMA holders are especially disincentivized to act dishonestly, because they would tank the price of the token if they ever corrupted the vote.

UMA Engineer, Nick Pai, summed up his trust for Across and its voting system by stating, “As an engineer, I would trust Across because the contracts are simple and all the security is resolved off-chain, through the human network of voters. I’m comforted by the simplicity of the on-chain code and the security of the economic incentives.”

To tie all of these points together, the Optimistic Oracle provides guarantees that no one can successfully hack this system without it costing them more money than they could make.

The Optimistic Oracle is mostly secured by economics. The code is simple because it automatically assumes that the DVM will return the correct price and that humans will resolve things accurately. You’re betting on the UMA voters and as the past has shown, that’s a very safe bet to make.

Smart Contracts and Audits.

Risk Labs, the team that is responsible for writing the code for the UMA Protocol, has historically built high-quality products, showcased by their strong audit reports. UMA Protocol has a history of working on security, not taking shortcuts and emphasizing decentralization. It has never been exploited.

You can take a look at Across Protocol’s audit by OpenZeppelin here. When you’re done reviewing that one, take a look at the rest of the Optimistic Oracle’s previous audits here.

Our Data and Economics Lead, Chase Coleman, summed up his trust in Across by stating the following:

“As a user, it’s really important to me to only take on the risks that I accept and recognize. As a member of this team, I get to observe first-hand the way that the engineering team prioritizes security and this added insight helps me feel confident in using Across. I believe in the economic guarantees of the Optimistic Oracle and I’m confident about the engineering capabilities of our team.”

The code that runs Across doesn’t have any of the complexities where vulnerabilities can hide. Our smart contracts are secure, with high functionality and no hidden features. This has further been proven with the over $23 million in TVL that is currently tied up in the Across bridge, and the fact that our contracts have stood the test of time with multi-million dollar amounts across the bridge.

Summing Things Up.

Across prioritizes a goal of building something fantastically secure, ensuring that its mechanisms set the stage for a cheap, fast and safe transfer between chains.

The Optimistic Oracle provides both theoretical and economic guarantees, while our audit reports, TVL and millions that have crossed the bridge so far showcase our previous history of security and tested smart contracts.

All in all, if you’re looking for the best bridge to send assets cross-chain quickly, instantly and securely, look no further than Across Protocol.

If you would like to learn more about Across and stay up to date on our protocol, we encourage you to follow us on Twitter, read our docs site and join our Discord to take part in our fair, fair launch.

--

--