Cross-chain Bridging is Broken – But We Know How to Fix It. Kadan Stadelmann is the Chief Technology Officer (CTO) of Komodo (KMD). A decentralized, open-source blockchain and a leading player. In blockchain interoperability and atomic swap technology.
2022 has illuminated problems in cross-chain bridge architecture
As of August 2022, crypto losses have totaled $2 billion. With 69% of stolen crypto funds originating from hacking protocols that bridge different blockchains. Cross-chain token bridge Nomad lost $190 million in an exploit a few weeks ago. Layer-1 blockchain bridging protocol Harmony Horizon lost $100 million. After a hack in June. Earlier this year, Ronan lost $650 million and Wormhole $325 million. Attackers initiate fake deposits and fool verifiers into approving withdrawals of equal size. What do these hacks have in common? All these bridges used automated market maker technology (AMMs). Here are three ways we can make cross-chain bridges safer.
Use peer-to-peer bridges instead of AMMs
The major hack mentioned above could have been avoided by using peer-to-peer (P2P) powered bridges instead of AMMs and here’s why. P2P brides do not rely on complex smart contracts or liquidity pools. They use atomic swaps and order books, making cross-chain swaps fully trustless and decentralized without Bachman. The exchange is described as “atomic” because of each order. Either the trade is completed and the two users exchange funds.
Cross-chain Bridging is Broken – But We Know How to Fix It. AMMs use liquidity pools, which are essentially centralized pools of money that depend on smart contracts.
Pay attention to the number of validators for AMM bridges
If it is necessary to use an AMM bridge instead of a P2P platform. Users should use an AMM bridge with a higher number of authenticators. A small group of validators makes it easy for hackers to target. The more verifiers a bridge has. The more decentralized and secure it is. With the Ronin hack. Hackers were able to gain control of five of the nine authenticators. The attacker only had to hack one person to get four validators from the device, and then hack the Axie DAO to get the 5th validator.
Cross-chain Bridging is Broken – But We Know How to Fix It. We need to see more validators on AMM bridges. Using a multi-signature wallet is critical, but it doesn’t matter if it only takes an attacker to exploit two or three wallets. For example, the Horizon Bridge attacker allegedly took control of a leveraged multi-signature wallet in Harmony’s bridge. Since the bridge was a two-in-five multi-signature scheme, anyone with access to the private keys for two of those addresses could take control of the bridge.
Use bridges that have received professional audits
Project developers should take extra care and use audits before deploying any bridges. Developers can use real-time threat monitoring solutions to prevent or at least minimize damage from hacks. Audit companies guide developers in the right direction, suggesting what changes to make before deploying applications. Before deploying new smart contracts, it’s important to test their warfare and be aware of different attack vectors.
Audit companies typically review a project’s smart contract, which is the contract code that interacts with the blockchain and cryptocurrency, to find the most glaring flaws. They pay extra attention to contract stability and efficiency. Auditors can also view the project team’s financial records, including cryptocurrency trade history, bank account statements, credit card payments, loan payments, tuition expenses, and insurance payments.
Weakening the hacker’s power
The most important safety measures for users to follow are to know which bridge they are trading on and where possible, to use P2P bridges on AMMs. If you’re using an AMM bridge, research the number of authenticators required to secure transactions and seek a professional audit before trusting the bridge. In 2020, just two years ago, there was about $4 billion in crypto, now all current cryptocurrencies are worth about $1 trillion.
We will continue to see more money circulate through the crypto ecosystem, so users need to establish safety and security protocols to proactively protect their funds. This will give the blockchain industry a deep foundation for years to come.