Exploring the landscape of interoperability solutions: Part I
This article is the first in a series of two aimed at examining existing cross-chain solutions and the tradeoffs they make. In this piece, we will cover token bridges. We will also provide an overview of BIFROST, the network that enables cross-chain communication with its own consensus.
Why is interoperability important?
The need for alternatives became apparent as DeFi Summer progressed and the Ethereum network became constantly congested. Alternative Layer-one solutions, such as BNB Chain, Solana, and Avalanche, welcomed new users and provided them with low gas fees and fast transactions. While these blockchains started building value in their own ecosystems, they are incapable of communicating with each other and, most importantly, with the Ethereum network that hosts most of dApps and tokens. By sourcing liquidity from more established networks, emerging blockchains could dramatically accelerate their network effects.
Blockchains operate in a similar fashion to sovereign countries as they have their own rules, governance systems, assets, and currency. Communication between these sovereign chains should be established to enable a vibrant functioning economy. The most popular use case today is to transfer value across different chains. However, robust cross-chain solutions adopt a generalized approach, with value transfers being only one of the features they support.
One way to transfer value across two chains is by depositing assets to a centralized exchange and withdrawing these assets on another blockchain. Although simple, this solution is hardly satisfactory as it requires trust in the exchange in the middle, which is not consistent with the blockchain’s value proposition, let alone the values of the crypto community. So, here is when bridges kick in.
Blockchain bridges establish communication between distributed networks, allowing for value and information transfers. Token bridges, a bridge implementation that enables token transfers across different chains, quickly started gaining momentum.
The following example illustrates the incentives users might have to transfer value across chains:
A user wants to lend ether on Aave, but they don’t want to pay high transaction fees on the Ethereum mainnet for approval, deposit, and subsequent withdrawal. Instead, they might bridge ether to the Polygon network and execute these transactions for a fraction of the cost. There might also be other economic incentives for doing so, such as higher yield available on Aave deployed on Polygon.
Generally, token bridges enable value transfers across different chains. While they all pursue the same goal, they implement different designs that imply different tradeoffs. Let’s dive deeper into how bridges work under the hood.
How do blockchain bridges work?
To transfer value across chains, bridges must store value on the source chain and mint or release value on the destination chain. Since blockchains don’t talk to each other, there is a question of who verifies to the destination chain that the transaction is executed on the source chain. There are four ways to answer this question, and hence four ways to design a bridge — natively, locally, and externally verified, as well as optimistic.
In a natively verified bridge, validators of interconnected chains can verify data stored on the other chain by running light clients of each other in their virtual machines. This is the most trustless bridge design that relies only on the security of the underlying blockchains. This model works well for chains with the same underlying consensus mechanism but requires a custom mechanism if it’s not the case. An excellent example of a natively verified bridge is Cosmos’s IBC, where all the chains share Tendermint’s PoS consensus. Near Rainbow Bridge, LayerZero, and Polkadot Snow Bridge are also natively verified.
Locally verified bridges operate in a partial verification mode — each party verifies only its counterparty and then settles with the blockchain. By doing so, it simplifies the problem of multi-party verification into a set of two-party interactions. This model inherits the security of the least secure rollup or chain involved. While bridges built this way are trustless, they don’t support all types of transactions. Examples of locally verified bridges include Hop, Celer, and Connext.
Optimistic bridge design is similar to that of optimistic rollups and relies to the large extent on the game theory. Optimistic bridges assume that transactions are valid and rely on watchers that can dispute the legitimacy of any transactions during a challenging period, which is extended in a non-linear fashion if a such dispute occurs. Thus, as far as there is at least one watcher that correctly verifies updates, the system works as intended. Unlike locally verified bridges, optimistic ones support all types of transactions but introduce latency that is vital for the dispute logic to function. Nomad lies in this category.
Finally, externally verified bridges rely on a group of verifiers that monitor supported chains and transfer data across them. By design, bridges inherit the security of the least secure element, which, in the case of externally verified bridges, is this group of verifiers. The security of this external entity vastly depends on particular system implementation that varies from a simple multisig wallet (Ronin Bridge) to a decentralized network with its own consensus and economic incentives. Examples include ThorChain and Ronin Bridge.
Chainalysis, a leading blockchain analytics company, estimates that $2 billion in crypto has been stolen across 13 cross-chain bridge hacks in 2022 so far.
In some cases, hacks were related to the vulnerability in the bridge design. For example, Ronin’s and Harmony’s exploiters could access a corresponding multisig wallet and approve malicious funds transfers. But more often, exploits resulted from vulnerabilities in smart contracts rather than underlying bridging technology, like in the cases of Nomad and Wormhole.
As bridges typically transfer value by locking tokens in a smart contract on one chain and issuing a derivative on another, in the case of an exploit, all the derivatives might become worthless (as the capital backing them on the source chain is gone). If the bridge is big enough, it can jeopardize a whole DeFi ecosystem as dApps on the destination chain acquire bad debt. This is exactly what could have happened to the Solana ecosystem when 120k wETH were minted on Solana out of thin air and bridged for native ETH through Wormhole if Jump didn’t backstop a $320m exploit loss.
The history of bridge hacks over the last two years is a good illustration of the point made by Vitalik Buterin, in which he argued that there are fundamental limits to the security of bridges. Chainalysis, on the other hand, makes a point that bridges are a new technology that is still in its infancy, and as it evolves and the best practices are being adopted, hacks will become rare.
BIFROST Network is a layer one blockchain utilizing Substrate NPoS technology focused on enabling interoperability between blockchains. Its validators monitor supported networks and act as external verifiers that facilitate cross-chain communication. To align incentives, the network requires validators to put up their stake in BIFROST’s native BFC tokens, which is subject to slashing if they do malicious behavior.
Full nodes, in addition to producing blocks, act as relayers in the network. Together with BIFROST’s built-in “socket contracts” that are deployed on each supported chain, they perform a sanity check at each stage of the process of cross-chain communication. Relayers must sign a message with their private keys in every message handling, and a socket contract then verifies the signatures to make sure they come from the active set of relayers. Additionally, socket contracts coordinate consensus by keeping the consensus log among private-key-authenticated relayers on BIFROST Network.
BIFROST is designed to operate with native tokens that inherit the security of the underlying network. As the BIFROST Network is a generalized message-passing system, all types of cross-chain applications could be built on top of BIFROST technology, some of which, like cross-chain lending, make the need for cross-chain transfers obsolete. Other examples include cross-chain governance, joint liquidity, and so forth.