In a much-publicized tweet this past week, Vitalik Buterin voiced his opposition to the use of cross-chain solutions by Ethereum and other blockchains, in favor of a multi-chain future.
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty". From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
For Buterin, cross-chain bridges are not ideal because they increase the security risks in the process of transferring assets. This tradeoff to security happens because the attack vectors of the assets are increased across a wider network surface area as it is moved across an increasing number of chains and decentralized applications with different security principles.
If your ETH is contained within Ethereum, then it depends only on the security validation of Ethereum’s network. But when ETH is moved across different chains on cross-chain bridges, ETH’s security is now dependent not only on Ethereum, but also on the security verification of the destination chain and any other cross-chain solutions which are used to transfer, wrap and lock up the asset.
Buterin puts it aptly in his tweet:
“Now, imagine what happens if you move 100 ETH onto a bridge on Solana to get 100 Solana-WETH, and then Ethereum gets 51% attacked. The attacker deposited a bunch of their own ETH into Solana-WETH and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully backed, and perhaps your 100 Solana-WETH is now only worth 60 ETH. Even if there’s a perfect ZK-SNARK-based bridge that fully validates consensus, it’s still vulnerable to theft through 51% attacks like this.”
Spreading assets across different blockchain security networks also means that chains become more interdependent on one another, since the same capital assets are being collateralized and used for different purposes. This increased contagion risk could lead to a domino effect that would ripple through different blockchain ecosystems if one were to suffer an attack, as opposed to if the asset remained in one blockchain:
“The problem gets worse when you go beyond two chains. If there are 100 chains, then there will end up being dapps with many interdependencies between those chains, and 51% attacking even one chain would create a systemic contagion that threatens the economy on that entire ecosystem.”
Additional security risks with cross-chain bridges
Buterin highlights a key security problem of cross-chain bridges, but its risks do not stop there. The mass majority of cross-chain bridges today typically facilitate asset transfers through centralized federations and external validators.
These solutions bypass the arduous and more expensive process of decentralized chain validation, making transactions cheaper and quicker. Popular examples include BitGo’s Wrapped Bitcoin (WBTC), Axie Infinity’s Ronin bridge, Terra’s Shuttle bridge, and much more.
However, this also means that transactions are moving away from a trustless form of verification, thereby increasing reliance on the operator of the cross-chain bridge, rather than the decentralized security of the underlying blockchain network.
In short, the key risks of cross-chain solutions can be summarized as being grounded in two points. First, cross-chain solutions increase the number of attack vectors for the crypto assets, intensifying contagion risk across chains. Second, the transferred assets are funneled through a variety of external validator networks that may no longer remain decentralized and trustless, thereby increasing the risk across those same attack vectors.
Users are going to lose *so much* money in cross-chain bridges over the next year. pic.twitter.com/d0nntkpde7
— Dmitriy Berenzon (@dberenzon) August 27, 2021
The multi-chain future
Cross-chain bridges remain popular among users for the simple reason that it offers a premium in speed and low costs. It is a temporary band-aid on a larger problem. But as with all band-aids, they must come off.
Like Buterin, Kadan Stadelmann, CTO of Komodo, believes that this security risk will gradually become heightened in awareness and accelerate crypto’s path towards the multi-chain future:
“In the future, we’ll have both multi-chain ecosystem networks like Polkadot and Cosmos where chains rely upon a shared security mechanism as well as cross-chain bridges like AtomicDEX that connect blockchains ecosystems that would otherwise be siloed. This will likely mean that DEXs and bridging solutions will reach mass adoption.”
Multi-chain ecosystems (sometimes referred to as Layer-0 chains) such as Cosmos and Polkadot are designed to avoid the security problems of cross-chain bridges. The Polkadot blockchain allows Dapp developers to set up their own customized blockchains (named “parachains”) on top of its foundation. All parachains are interconnected through the Polkadot’s main Relay Chain hub, which serves to coordinate security and the transfer of assets across all its parachains.
The concept is similar for Cosmos, which consists of an ecosystem of multiple independent Cosmos chains (called zones) that can send tokens and data to one another. Unlike Polkadot however, there are multiple central hubs that zones can plug into in order to reach other zones. Terra, THORChain and Crypto.com’s Cronos chain are among the most popular names that have settled on Cosmos.
Both Polkadot and Cosmos strive to achieve interoperability of assets while guaranteeing the trustless transfer of assets that do not require users to place their trust in intermediary entities like cross-chain solutions.