Mar 13, 2023

Blockchain Bridges and Crosschain Interoperability: A Security Perspective

Share on social media

Interoperability is becoming an increasingly important feature of any blockchain to facilitate the exchange of value with other blockchains. Without interoperability, the assets would be fragmented resulting in isolated chains with limited use cases. Bridges are the solutions to ease fragmentation and allow users to hop from one blockchain to another seamlessly. 

Coinchange together with LI.FI and Hacken recently produced a report on “Crosschain Interoperability and Security”. It provides a comprehensive analysis of bridge technology, its challenges and solutions to risk aspects. In this blog we provide the main insights from the report. 

Read the full Crosschain Interoperability and Security report here.

Bridge types and underlying infrastructure

Bridges which enable interoperability between different blockchains, rely on a messaging infrastructure that enables data transfer across chains. Bridges are applications built on top of this infrastructure. The type of bridge used can vary based on its purpose, such as token bridges, NFT bridges, governance bridges, lending bridges, and ENS bridges. 
The way crosschain messages are validated can also determine the type of bridge, including decentralized, centralized, or hybrid validation. Decentralized validation is the most secure, but also the most complex to build, whereas centralized validation is less secure but easier to build. Hybrid validation seeks to find a balance between security and complexity. Bridge aggregators provide a solution for efficient crosschain transfers by combining multiple bridges under the same UI and considering factors such as cost, speed, slippage, and security, similar to Decentralized Exchange aggregators. 

Bridges - a prime target

Bridges however, present a challenge when it comes to trust and validation of external information. Various trust assumptions need to be minimized to verify the validity of the message, making fully secure bridges one of the most difficult to develop in the Blockchain ecosystem. Bridge hacks have constituted a substantial ~70% of total funds stolen in the DeFi sector over the past two years, mainly due to the novel technology, vast attack surface, and high value at stake.

Bridge security challenges

The security of bridges is based on three main elements: Economic Security (cost of attack), Implementation Security (design security), and Environment Security (safety of connected chains). These can be vulnerable in many ways such as stealing signer keys, collaborating with validators, maliciously updating smart contracts, exploiting smart contract bugs, compromising RPC endpoints, or undergoing re-org attacks, among others. Out of the most expensive five hacks, three were due to inadequate Implementation Security and two due to inadequate Economic Security. Notably, none have been caused by compromised Environment Security so far. 

Mitigation solutions for bridges

The frequency of bridge hacks is rising as they are becoming a popular target for attackers. However, there are certain steps developers can take to prevent these attacks and respond promptly in case of a hack, while users of the bridge can assess the safety of a bridge by evaluating its risk score.

Threat mitigation

Hence, in order to safeguard the security and reliability of blockchain bridges, developers must implement proactive threat prevention strategies. This involves adopting best practices such as conducting smart contract testing and audits, implementing security updates, monitoring for real-time threats, avoiding reliance on third parties, and utilizing transaction simulation methods. Threat mitigation can also be enhanced through horizontal scaling, making messaging layer upgrades optional, and open-sourcing code for white-hat security

Threat response

Despite these measures, a hack may still occur, so having a well-planned response is crucial. This includes quick response time through continuous monitoring and maximizing chances of recovering lost assets. Finally for users, we propose a two-part risk assessment framework to help choose the right bridge based on their transaction needs and desired security level. The first part of the framework entails gathering relevant information about the protocol, while the second part involves scoring questions based on that information. 

To read the detailed 50 page research report on the Crosschain Interoperability and Security, please visit here. This report has been written by the Coinchange Research Team, co-authored by Li.Fi team especially for the bridge aggregation section, and co-authored by Hacken audit firm especially for the threat mitigation section. This effort by Coinchange Research Team is an ongoing one, where we are collaborating with some of the most prominent Interoperability players in the space, helping educate developers and users about the risks, building industry standard risk frameworks and participating in brainstorming conversations with key enterprise players to help build the most secure version of the Interoperability space.

Stay informed - Subscribe today!

Receive monthly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.