The value of cross-chain protocols is gradually increasing, but they are also facing consecutive hacking incidents! What should an ideal cross-chain bridge look like?

Discussing the development trends of asset cross-chain bridges from the perspectives of technical solutions, security, and value characteristics.

(This article is authorized to be reprinted from Chain News with the original title "What is the Ideal Cross-chain Bridge?" Original article here)

After Chainswap, Anyswap also fell victim to a hack, which to some extent confirms the increasing "value" of cross-chain bridges, worthy of attention. After all, previously the most common targets of attacks were DeFi and exchanges, both considered "valuable."

Advertisement - Please scroll down for more content

Before we start rambling, it is suggested to think back on which cross-chain bridge you have used that was the most user-friendly? I wonder if any of you have the same answer as mine - if we set aside decentralization concerns, the experience of transferring from CEX to the chain is quite pleasant, and there are very few pitfalls!

Remember your answer now, and let's continue.

PS Considering ① the difficulty of implementing cross-chain for heterogeneous chain information and ② asset cross-chain is sufficient to meet the current needs of DeFi, this article temporarily does not involve information cross-chain like Polkadot, only discussing asset cross-chain bridges. (If not specified, the cross-chain bridges mentioned later refer to asset cross-chain bridges).

Cross-Chain Bridges Are Here Now

With the vigorous development of heterogeneous chain ecosystems such as Matic Network, BSC, and Solana in the past year, combined with the congestion of Ethereum, the market has seen a situation where Ethereum users want to explore outside and heterogeneous chain projects need liquidity as a starting point. A user-friendly and non-scammy cross-chain infrastructure has become increasingly important. (Security part in Chapter 6)

(PS Isn't DeFi on a new chain attractive?)

Back to the point, the following market structure diagram shows the network of asset circulation formed by several cross-chain bridges:

Optimization Process of Cross-Chain Bridges

The following figure summarizes some mainstream cross-chain bridges on the market based on the decentralization level of the cross-chain bridge ① (to some extent, the decentralization level is approximately equal to the security level of the cross-chain) and the efficiency of cross-chain ② (covering the time-consuming nature of cross-chain, the convenience of user operations, and capital utilization).

Distinguishing Cross-Chain Bridge Projects Based on Technical Solution Features

To understand the origin and development of asset cross-chain bridges, let's start with the simplest and most mature asset cross-chain bridge solution—wBTC:

Alice plans to transfer 1 BTC to her Ethereum account through wBTC, the steps are as follows:

1. Alice pledges 1 BTC to a multi-signature managed pledge address controlled by wBTC on the Bitcoin network;
2. wBTC detects Alice's pledged operation record in the Bitcoin network and informs its smart contract in the Ethereum network of this operation information;
3. wBTC mints a wBTC based on the received cross-chain operation information in the Ethereum network's smart contract and transfers it to Alice's address in Ethereum, completing Alice's cross-chain operation request.

Let's abstractly summarize the above three operations. In the transfer process that Alice needs wBTC to help her complete, there are two core components:

• Let the target chain know the specific information and progress of Alice's cross-chain needs—referred to as an oracle;
• Provide Alice with the assets she should receive through cross-chain behavior in the target chain—referred to as "sending money."

In a sense, from the top project in Figure 2 to the bottom project, the development follows the optimization along the two core components mentioned above:

Oracle: Decentralization, Wide Coverage

• Decentralization: Binance Bridge (oracle controlled by Binance centralization) >>> Anyswap (oracle controlled by all nodes of the Fusion network through consensus);
• Wide Coverage: wBTC (oracle can only cover the channel from Bitcoin to Ethereum) >>> Shuttle Flow (oracle can simultaneously cover channels from Conflux to Ethereum, BSC, etc.)

Sending Money: Decentralization, Fast Money Transfer, Money Usability

Considering that "sending money" is slightly more difficult to understand than oracles, it is necessary to rely on the innovative DeFi madman Andre Cronje's classification of cross-chain asset into four categories (if you have studied AC's classification of cross-chain assets, you can jump to the section on single-chain bridges vs. multi-chain bridges).

Using the example of transferring 1 USDC from Ethereum to Fantom:

Balance Flow: After the initiator's 1 USDC is locked in the cross-chain contract on Ethereum, the oracle part will notify the cross-chain contract on Fantom, and the contract on Fantom will send its held 1 USDC to the recipient's address on Fantom;

Due to the large amount of assets in the cross-chain bridge, the cross-chain process only involves changes in the balances of various assets on the bridge (reversing the process also only requires changing the balance of assets on the bridge; if the control of the balance is in the hands of a few individuals, there may be a risk of over-issuance), and does not involve the minting and burning of assets >>> This method is most commonly used in centralized cross-chain bridges, such as Binance Bridge;

Mint/Burn: After the initiator's 1 USDC is locked in the cross-chain contract on Ethereum, the oracle part will notify the cross-chain contract on Fantom, and the contract on Fantom will mint the corresponding 1 USDC and send it to the recipient's address on Fantom (when reversing the transfer, the USDC minted on Fantom will be burned);

In the absence of locked assets in the Ethereum smart contract, the cross-chain bridge on Fantom will not hold any assets, meaning it will only hold assets upon receiving minting instructions >>> As a more basic model, many cross-chain bridges now feature minting/burning, especially single-chain bridges, such as Token Bridge transferring Dai to xDAI chain (provided that the minted token can be directly used on the target chain, meaning xDAI can be directly used on the xDAI chain, so this model cannot support many projects of multi-chain bridges very well).

Liquidity Swap: After the initiator's 1 USDC is locked in the cross-chain contract on Ethereum, the oracle part will notify the cross-chain contract on Fantom, and the contract on Fantom will send its held 1 anyUSDC (assuming completed through Anyswap) to the recipient's address on Fantom and provide an exchange of anyUSDC to USDC (mainly considering that applications on Fantom basically only support the use of USDC, not anyUSDC);

In the above process, except for the last step, all are the same as scenario a (i.e., there may be a risk of over-issuance). The last step, compared to scenarios a and b, introduces a requirement for each chain reached by the cross-chain to have a liquidity pool >>> The representative work of this approach is Anyswap v2.

Starting from this approach, since the assets used by users on the target chain after cross-chain are no longer wrapped tokens issued by the cross-chain bridge but universal tokens on the target chain, the assets after crossing the chain have moved away from the endorsement support of the cross-chain bridge. AC calls this a non-custodial solution, which significantly improves security compared to before (the possibility of USDC price collapse is far lower than anyUSDC).

Wrapped + Mint/Burn: This approach combines b and c, meaning that on top of the b approach, each anyUSDC on Fantom is minted 1:1 based on the USDC locked on other chains;

In addition to continuing the security of the non-custodial solution, since anyUSDC is generated based on a 1:1 control by a decentralized contract, it eliminates the risk of over-issuance by the bridge owner >>> This is the approach I most advocate, and it is the safest multi-chain asset generation approach, adopted by Anyswap V3 and Shuttle Flow.

Single-Chain Bridges vs. Multi-Chain Bridges

Summarizing the support for and lack of support for multi-chain cross-chain projects in the current decentralized bridges, a comparison reveals differences at the institutional level:

Single-Chain Bridges: Most single-chain bridge projects place the main structure of the oracle + consensus structure (for cross-chain behavior) on the starting chain or target chain, with a higher degree of binding to one of the chains, enabling easy crossing between two chains.

Multi-Chain Bridges: In contrast to single-chain bridges, most multi-chain bridges independently place the main structure of the oracle + consensus structure (for cross-chain behavior) outside each target chain/starting chain (essentially not overly reliant on any one chain), requiring the number of bridges to be N when achieving cross-chain between N chains, rather than the overwhelming N*(N-1)/2.

Development Direction of Mainstream Cross-Chain Bridges

If you now have an understanding of oracles, "sending money," and single/multi-chain, the following race mapping should be easier to understand:

Prior to formally analyzing the technology, we can actually look at the actual data of each bridge and draw two conclusions:

• In actual business, compared to how good or bad the bridge is, whether the target chain can attract assets is more critical. Bridges that can attract assets to the chain with their bridge will have business volume.
• No matter how difficult the bridge is to use or how centralized it is, as long as the Dapp on the target chain is attractive (e.g., high-yield mining), the official bridge is the most popular!

Returning to the point, the sorting criteria in the second part of the previous section are reflected in the red-marked part in the table: the valuable characteristics of each (or each category) of the cross-chain bridges on the market are marked in red in the table, summarized as follows:

1. Decentralization
2. Multi-Chain Bridges >>> The relay chain may be necessary at the current stage; it would be better if Chain A, B, C, D can be easily crossed with a single interface;
3. Decentralization of the oracle >>> It is best to have chain-level consensus to ensure the correct recording of cross-chain behavior. A small group of individuals is not trustworthy. Improving governance decentralization through issuing governance tokens is also good;
4. Wrapped + Mint/Burn is currently the best "sending money" technical solution >>> If you don't understand, it is recommended to read the original AC article, which has a link at the end; (If the token minted by the cross-chain bridge on the target chain, like USDT, is universally usable, then you can skip the step of creating a liquidity pool);
5. The locked assets should be utilized more efficiently >>> Don't let money lie idle; earn interest in DeFi;
6. The bridge should be able to cross anything without permission >>> Similar to new coins on Uniswap, as long as someone provides liquidity, it's good;
7. Support for non-EVM compatible public chains >>> Be cautious when choosing new projects; development volume is significant;
8. Support for NFTs;
9. Single cross-chain transfer should ideally be completed in minutes;
10. Eliminate the barrier of users needing to reserve Gas Fee assets on each chain;
11. Be able to send to any address, not just to the target chain address bound to your MetaMask >>> Theoretically, by decoupling the address that receives assets transferred by smart contracts from the address of the asset sender, you can achieve this;
12. There should be no transfer limit;
13. It is quite difficult to achieve all 12 items listed above together. Making trade-offs and implementing the most outstanding solutions that can be implemented is the right approach.

About Security

Amid the outbreak of cross-chain bridge hacking incidents, I had a chat with friends and would like to share some perspectives (professional security analysis links are attached at the end of the article for your reference. Here, we will only discuss security issues related to cross-chain solutions):

The hacking of Chainswap is closely related to the selection of cross-chain solutions, while the hacking of Anyswap is a more general risk

Chainswap: In a nutshell, "hackers used Chainswap to call the mint function of the project's native token, printed money, and fled." In terms of selection, it falls into the second category of the four types of cross-chain assets (Mint/Burn);

Anyswap: In a nutshell, "hackers found a code vulnerability in Anyswap, thereby obtaining public and private keys, and stole assets." This is more like a vulnerability that can occur in various projects.

Decoupling the bridge from related projects and leaving efficiency issues more to composability will be safer

Chainswap's ability to directly call functions related to projects is a form of coupling. If decoupled, it can isolate risks to some extent: the third (Liquidity Swap) and fourth categories (Wrapped + Mint/Burn) of cross-chain assets will have an additional layer of security isolation compared to the second category (even if the bridge is attacked, assets in circulation still require one more transaction to obtain).

At the current stage, it is challenging to achieve both efficiency and security simultaneously. Breakthrough innovations are expected

On one hand, among the four cross-chain asset models, the second category is more efficient than the third and fourth categories (requiring fewer exchanges), but has higher risk in Chainswap-like scenarios. On the other hand, if Anyswap can use a sufficient number of nodes for public chain consensus, it can largely avoid similar attacks (MPC is not decentralized enough in the selection). However, it must be admitted that both the fourth category of cross-chain asset models and more decentralized consensus are less efficient solutions.

Advanced Requirements and Special Cases

In the highly innovative field, I have always believed in the principle of "learning from others' strengths to improve oneself." Therefore, I will mention some content that may not be directly related but could spark innovation. After all, before Hayden Adams, no one had explored the potential of AMM for an extremely long time.

Advanced Requirements—Cross-Chain Liquidity

Quality assets beyond Ethereum continue to increase, and the emergence of DeFi projects such as Linear and O3Swap that focus on cross-chain liquidity marks an upgrade in demand under the context of information crossing chains and assets crossing chains. It is not only about transferring assets but also about cross-chain bridges having closer integration with existing DeFi applications.

Advanced Requirements—Cross-Chain Layer2

To prevent liquidity from being fragmented and DeFi composability from being broken, the four major general Layer2 solutions, such as Optimism, will inevitably need a fast asset flow channel, even a channel for asset flow between Layer2 and heterogeneous chains.

Routing through Layer1 is too inefficient, and the consensus mechanism of Layer2 also means that it cannot support the "Wrapped + Mint/Burn" solution in the short term. Therefore, state channels seem to be the most anticipated feasible solution for quick asset flow between Layer2, especially for small and high-frequency cross-Layer2 transactions—e.g., Celer Network, Connext.

Special Cases—Starkware Caspian & ThoreChain

Although one is a brainchild solution for Layer2 (Starkware Caspian) and the other is a lone ranger in the Layer1 cross-chain world (ThoreChain), to some extent, what they want to achieve is the same: above the base layer where cross-chain is needed, complete clearing without compromising the integrity of the base layer's liquidity pools.

Conclusion

Now, looking back at the initial default answer about the ideal appearance of cross-chain bridges, you should have an answer. Write down what you think, and have a good day.