tldr: stop the hack before it ever happens
Today bridges are being hacked semi-regularly for larger and larger sums of money. Most of these hacks are smart contract related and have nothing to do with their transport layer. Yet these transport layers still deliver the final blow in sending the message that leads to catastrophic financial crimes. What if you could prevent that final blow from being delivered?
Introducing Pre-Crime, the ability for a relayer to stop a hack before it happens. Pre-Crime is achieved by forking a destination blockchain before delivery of a message and running the transaction locally. After running the transaction, Pre-Crime can check the state of the blockchain in relation to the other connected blockchains to verify no malicious action occurred. These malicious states are defined by the User Application (UA) and enforced by the relayer.
Pre-Crime provides UAs an additional level of security beyond their audits and bug bounties. Relayers can now run a UA defined set of assertions on a locally forked blockchain to verify that every message being delivered will never result in a compromised state. If the assertions ever fail the Relayer will not deliver the message, preventing the attack and saving the UA from disaster.
Imagine a traditional bridge implemented on LayerZero that functions by locking an asset on the source chain and minting a wrapped synthetic on the destination chain. This bridge has opted in to pre-crime and asserted a set of conditions that must be met for the bridge state to be considered valid. One of those conditions is bridge ‘Solvency’, meaning that it must have equal deposited and locked assets as it issues in wrapped assets.
Unfortunately this bridge had an exploit in its source code that allows a malicious actor to forge a message and mint assets on the destination chain without providing sufficient collateral on the source chain. When this message is sent the Relayer runs the state locally, sees the solvency condition would be invalid and stops the crime before it ever happens.
Pre-Crime is just one of many steps LayerZero is taking to ensure the security of the omnichain future. Currently the LayerZero Labs Relayer is running a light version of Pre-Crime that will be hardened in the coming months. In the future, Pre-Crime will be available to all user applications willing to opt in to help protect their project.