IBC Over Troubled Waters
There are over 100 layer 1 blockchains, most with their own specialization. Flow is popular for low-value NFTs such as NBA Topshot. Ronin hosts Axie Infinity and its gamefi economy. Ethereum attracts high-value defi and NFT transactions, given its battle-tested security. Polygon offers EVM-compatibility but very cheaply. There is a data-storage focused layer 1 in Arweave. The list goes on.
While Layer 1 blockchains are not generally meant to communicate with each other, users increasingly want to move value across to specialized chains. Unless they are using Cosmos Inter-Blockchain Communication (IBC, more of which later) or one of less than a handful of similar solutions, however, interchain bridging (more here) turns out to be fraught with dangers. A handful of misbehaving multi-sigs could easily steal the assets on Polygon, and many other links between chains and L1s to L2s are rather centralized, and not completely trustless.
Bridges, Rekt?
Not only do many bridges rely on some degree of centralization to function, the complexities in operating across chains open the protocols and chains involved to third-party exploitation.
Thorchain’s cross-chain swap platform has been successfully hacked. More than once. It might have been an inside job, or someone with a chip on their shoulder, as the thieves took much less than they could have done.
In any event, Thorchain losses pale in comparison to the two largest hacks in DeFi, both bridges, where nearly $1 billion was stolen. Worse still, the eighth largest hack occurred on a bridge, Qubit Finance, less than a week before number 2, on Wormhole.
With more bridging comes more exploits?
Wormhole, Rekt
The largest of the latest of three most recent hacks, coming in only a 10 day span, Wormhole has focused the mind on the risks to cross-chain bridging, as reported in this Coindesk article:
Wormhole bridges seven of the highest-value chains, with billions of dollars of bridging on each of Solana, Ethereum, BSC and Terra, so the exploit was huge news.
On February 2, a hacker was able to forge a signature to mint 120,000 wrapped ETH on Solana, worth $325 million wETH. Those fake wrapped ETH were swapped back to ETH via Wormhole, leaving a major deficit in ETH backing Solana’s We-WETH. Effectively, the backing for the tokens on Solana disappeared. That Jump Capital compensated all the victims fully (and all Poly hack funds were returned) does not in any way lessen security concerns.
Is cross-chain bridging futile?
The ideal bridge needs to be low-cost, scalable, trustless and bulletproof. Yet such bridge hacks reveal that interchain security is hard. Perhaps even futile. I mean, even Gandalf couldn’t defend the bridge from the evil forces at work in Moria.
In reporting on the latest exploit, affecting meter.io and Hundred Finance on BSC, rekt.news is pessimistic in the short run, but holds out some hope that cross-chain bridging is somehow “solvable”, stating:
…on-chain crime rarely has off-chain consequences, and it won’t be long until we see another attack of this type.
There will be more bridge attacks, and more users will lose money, but eventually someone will succeed in building a safe bridge.
Vitalik Buterin disagrees, believing that bridges expose chains to undue vulnerabilities. He started out a recent Reddit post with
The fundamental security limits of bridges are actually a key reason why, while I am optimistic about a multi-chain blockchain ecosystem, I am pessimistic about cross-chain applications.
Effective bridging, now
But what if there is a middle ground? What if separate blockchains can be responsible for their own security and economic models and are otherwise independent from each other, but where bridging is fast, low cost, and secure? While Vitalik has Ethereum L2s in mind when supporting a multi-chain future that doesn’t have to cross chains, Avalanche, Polkadot and Cosmos have their own solutions for effective bridging.
Polkadot allows the connecting of “parachains” through its relay chain, but Polkadot’s layer 1s are not only permissioned, but require the locking up of the native DOT token. The relay chain’s validator set is responsible for securing all the parachain transactions. If it goes down, they all go down.
Avalanche’s version of IBC uses subnets. Subnets solve the problem of scaling by “horizontally” increasing the number of blockchains such that each application has its own chain (in this case an EVM) and the option of its own validator set. More transactions can be processed in parallel. Cross-asset transfer will be easy between subnets.
Cøsmos
Cosmos is the only ecosystem currently relying on the Inter-Blockchain Communication protocol (IBC) for token transfer and, later, so much more. Unlike several competitors, IBC is live, already connecting 36 layer 1s built using the Cosmos software development kit (SDK). Each chain operates permissionlessly, and is responsible for its own security and data availability. Less than a year in, Cosmos IBC is handling over 2 million transfers per week:
Cosmos was late in gaining the attention of the majority of non-ETH L1 enthusiasts, lagging far behind in price and market cap terms compared to 2021 darlings Solana (SOL), Terra (LUNA), Avalanche (AVAX, together sometimes known as Solunavax).
This might be because the founders of Cosmos have had a different vision than most. Fast and cheap finality on an EVM-compatible stand-alone blockchain was nojust as gas fees exploded just over a year ago.
Sure Matic and BSC gained a lot of users last year. And Solunavax have carried on from there. But Cosmos has always been focused on the long term.
Cosmos has been building its techstack for years and has moved slower than other blockchain ecosystems in shipping their product, with the goal of perfecting interchain security. In web2, developers move fast and try to break their system; but in web3, if you move too fast in your development and neglect the rigor in engineering, there’s a high chance of losing users’ money. “Testing in prod” attitudes favoured in DeFi by the likes of Andre Cronje can be fatal in the case of bridges such as Wormhole, that hold so much value and often have many potential attack vectors.
As co-founder of Cosmos and CEO of Informal Systems Bucky asked of layer 1 devs on a recent podcast,
Are you trying to pump a token or are you trying to rebuild the entire internet and financial system, which is going to take a few decades?
Bridging, solved
By now hopefully no-one needs reminding that Cosmos is not a blockchain. It is at its most basic level a blueprint and a toolkit (SDK) for building layer 1 chains. What has so far been unique to Cosmos is its implementation of IBC for token bridging and, eventually, other interchain communications. Other chains are also working on implementing IBC. But, since April 2021, Cosmos is the only ecosystem that has token bridging between chains via IBC built into its SDK. Any L1 blockchain, or “Zone”, implementing the module can send tokens to another L1 with the same implementation.
The IBC protocol website describes IBC as analogous to TCP/IP.
Just like TCP/IP is a messaging protocol to connect servers and computers with different hardware implementations, geographical locations and operating systems, IBC intends to connect blockchains with different consensus algorithms and state-machines.
The protocol has a transport layer (TAO) and an application layer, which together standardizes the methods to establish secure connections with, and authenticate data packets between, two sovereign blockchains.
To further the internet analogy, communication is structured much like the internet, with no single point of failure. Instead the Cosmos Hub and potentially other chains optimized for token transfer act as the connectivity intermediaries.
There are several methods for bridging between layer 1 blockchains as described here and here. IBC is a trustless efficient light client protocol, which prioritizes security over speed. There is no need for a trusted multi-sig: The security of the sending and receiving chains together determine the safety of the bridge. Relayers, who are unable to alter any interchain communication, constantly monitor for outbound relay packets.
When a user submits a cross-chain transaction, the source blockchain establishes a standardized handshake with the receiving chain, allowing mutual authentication. The next step in an IBC token transfer is for the sending chain to lock the original tokens. The relayer then sends the standardized packet to the receiving chain. The receiving chain mints an equal number of representative “voucher” tokens native to this second chain.
This is a slow process, but Cosmos prioritizes state over speed. On one call, a dev admitted that , even“if the system has to go down to preserve safety, preserve safety.” Additionally, the Cosmos IBC was tested by both internal devs, collaborating to attempt to break the system, and external auditing.
All of this is why, according to Jack Zampolin, core Cosmos Hub contributor and founder of Strangelove Ventures, a Wormhole-like disaster is much less likely to occur on IBC: Cosmos will “pick safety over liveness, every time”.
Ease of movement = fewer moats, happier customers
With low cost, safe and seamless flows between chains, we could see brutal competition. If it’s easy to switch chains, layer 1s who compete for users in such products as DEXs will have to offer more than just the (easily-breachable) moat around their blockchain. Gravity DEX on Cosmos Hub, Junoswap (on Juno) and Osmosis will all need to compete on UX: speed, price and reliability.
This could cause frictions within the Cosmos community, and there have been some nasty-ish “PvP” arguments on crypto Twitter between competing projects. On the other hand, many founders agree that healthy competition will improve the user experience and therefore benefit the entire Cosmos ecosystem. As Gregory Landau from Cosmos L1 Regen Network recently stated, “We have to out-collaborate the competition”.
No matter how the community behaves, customers should benefit.
Final thoughts
According to Vitalik, we will live in a multi-chain world but where cross-chain bridging might make little sense. Layer ones will operate mostly in isolation. But there will be exceptions. Ethereum will scale with L2s, and perhaps eventually with sharding. Avalanche will have DApp-specific subnets. Polkadot has its parachains. And Cosmos has IBC.
With L2s still primarily in the development stages, Avalanche yet to launch subnets and Polkadot late to launch the first parachains, Cosmos has the opportunity to lead in DApp-specific multi-chain L1 connectivity.
IBC allows each chain to optimise its own parameters in its own community, but create outsized network effects that are difficult to compete with, by offering seamless and frictionless inter-blockchain interaction.
IBC can actually be implemented on any chain with finality, which currently only excludes PoW chains like Bitcoin. Soon, therefore, there may be IBC bridging between non-Cosmos chains. But in the meantime, the Cosmos ecosystem will be maximizing its first-mover network effects.
Cosmos is already truly both cross-chain and multichain.
