Cross-Chain Bridge with Industry-First Defender Architecture goes LIVE!
We are happy to announce that another major milestone from the Hydra 2.0 roadmap has been completed —The Cross-Chain Bridge with Industry-First Defender Architecture!
The technology upgrade to the Hydra/Ethereum cross-chain bridge comes with a number of new features and security enhancements. We will explore some of them in this article.
A Public Learning Experience
Learning from failures and mistakes is an essential part of progress. Making step-by-step improvements based on real-world data and knowledge gathered by peer projects is the foundation for a much more robust and resilient environment.
Luckily, it is not necessary to make all the mistakes yourself, in order to learn from them.
For every mistake you make, there will be plenty of mistakes others make.
As a result, there is a massive pool of collective experience, publicly accessible and highly valuable.
Cross-chain bridges have made frequent headlines in 2022, albeit mostly for bad reasons. On average, 1 bridge was hacked/exploited every month. This made us invest a sizeable amount of time and effort to develop ideas and mechanisms on how to prevent something similar from happening to the Hydra bridge. Today’s announcement is the result of it!
Introducing Defender Nodes
Roughly speaking, cross-chain bridges usually have a governance structure composed of independent observers that place votes validating a given off-chain event. For example, in the context of HYDRA, any event that takes place on Ethereum is an off-chain event. The consensus among observer votes is therefore needed to validate a given transaction.
Defenders are nodes that have isolated authority for only one task: independently monitoring the lockup activity on each chain and double-checking if the observers have done a proper job. To put it in simpler terms: Defenders have the job of making sure the observers don’t lie.
When a discrepancy between the locked up and voted amount is detected, defenders will have the authority to drop a transaction, even after observers voted for it.
Through this mechanism, we are essentially adding a significant defensive layer that is pre-organized to intercept and react in a “denial of service” manner to potential attacks.
This becomes significantly potent as a security component, because of an additional mandatory delay before execution. The delay acts as a cooldown period, during which no one else but the defenders can interact with the bridge, essentially leaving the attacker fully exposed and defenseless.
Previous Version 1 Flowchart
Version 2.0 With New Defenders Flowchart
With the introduction of defender nodes, the Hydra bridge arguably becomes the safest bridge in existence as it covers a wide range of possible security breaches. It is no longer a question of “what if a breach happens”. The narrative changes to “this is what should happen when one among many type of breaches take place”.
Examining Real-World Case Studies
Let’s look into some of the biggest cross-chain exploits that happened in 2022 and discuss how defender nodes could have helped prevent them.
Case Study 1 — Binance Smart Chain Bridge Hack
Attack Vector: Message verification in the validators
Estimated Damage: $568,000,000
Bridging-transactions were corrupted via an exploit that sustained the valid cryptographic hash despite altering the message itself. As the hash remained the same, the bridge didn’t notice the message being changed and minted a total of 2 million BNB out of thin air.
→ Defender nodes are outcome-oriented and therefore immune against exploits arising from the validator processing logic. Having a dedicated mechanism looking at the output is a much more direct and safe way to prevent issues as opposed to trying to predict every potential vulnerability within the system.
Case Study 2 — Nomad Cross Chain Bridge Exploit
Attack Vector: Message verification in the target chain contract
Estimated Damage: $200,000,000
A smart contract function was exploited in a way that the bridging request returned true at all times, without actually checking the request message. The smart contract therefore falsely assumed the corresponding amounts to be locked up in the originating chain.
→ Defenders add a second layer of protection, which the attacker needs to target simultaneously to the actual bridge mechanism itself. Finding two independent and at the same time symbiotic exploits is exponentially more difficult than finding just one.
Case Study 3 — Harmony Bridge Leakage
Attack Vector: Private key leakage
Estimated Damage: $100,000,000
The Harmony bridge required 2 out of 5 observer nodes to vote in favor of a bridge transfer, in order to execute it. The attacker gained access to two of the private keys, thus gaining full control over the bridge and making it possible to execute arbitrary transfers.
→ Since Defender-nodes don’t add a security risk on their own (they can only object existing swaps, but can’t propose new ones), they can be unlimited in count and distributed in a decentralized way. A single defender exercising its VETO-right would have been enough to prevent the attack, even in the unlikely event of all observers being compromised.
Case Study 4— Ronin Bridge Compromise
Attack Vector: Private key leakage / Unrevoked external permissions
Estimated Damage: $600,000,000
The Ronin bridge required 5 out of 9 observer nodes to vote in favor of a bridge transfer, to execute it. The attacker gained access to five of the private keys (some through permissions to external operators that were forgotten to be revoked), thus making it possible to execute arbitrary bridge transfers.
→ Contrary to observer-nodes, which are always online and thus exposed, defender-nodes strike from the dark and can not all be attacked at the same time. The attacker would not even know how many defenders exist or who they are. Even if the attacker somehow managed to compromise multiple nodes, just a single operational defender could prevent the entire attack from happening. This dramatically shifts the risk/reward in favor of the bridge, as the defense system needs a small number of resources to counter a large-scale security attack.
Considering that more than $2 Billion were lost in bridge-related incidents over the past 12 months, we believe that investing in this additional layer of security will give piece of mind to everyone involved in the Hydra ecosystem.
For the start the defenders will be operated by the team and monitored with real-world activity. In the future we will be electing additional defenders from the community, to further strengthen the security factor and add redundancy.
But wait, there is more!
Compatibility with Multiple Chains
While the defenders are an important new feature, security is not all that matters.
We are excited to announce that the new bridge version has all prerequisites to be compatible with multiple chains!
In other words, expanding the bridge to more chains is now technically possible without having to make changes to its architecture. Essentially this paves the way to tap into additional and more efficient markets in the future.
One of the feedback we received from existing bridge users is that the transaction fees are high. Since the main source of these are the unpredictable and high Ethereum transaction fees, it makes sense to explore lower-cost options as part of our scaling initiative (especially once the campaigns to attract higher TVL go into effect).
👉 Join the Hydra Community
HYDRA is a proof-of-stake blockchain optimized for real-world businesses. It tackles some of the most profound and challenging issues with existing blockchain economies and introduces a truly shared economy with fair treatment to all network participants. Some of the more notable features:
🔥 100% Burn of all Transaction Fees
💎 50% Royalty on Gas for Smart Contract Creators → More Info
📌 Fixed Coin Transaction Fees of $0.20 → More Info
📌 Fixed Token Transaction Fees of $0.50 → More Info
💰 20% Minimum APR Staking Income → Staking Calculator
📈 Up to 540 TPS Elastic Capacity
🔏 EVM Compatible Smart Contract Platform
⚙️ Wallet-Level Scalability → More Info
🗳 Unique Decentralized Governance Protocol
