DeFi security: How trustless bridges can help protect users
Blockchain bridges allow decentralized finance (DeFi) users to use the same tokens across multiple blockchains. For example, a trader can use USD Coin (USDC) on the Ethereum or Solana blockchains to interact with decentralized applications (DApps) on those networks.
While these protocols can be convenient for DeFi users, they are at risk of being exploited by attackers. For example, last year the Wormhole bridge, a popular cross-chain crypto bridge between Solana, Ethereum, Avalanche and others, was hacked. The attackers stole over $321M worth of wrapped Ethereum (wETH) in what is the largest DeFi hack ever. history of that time.
A little over a month later, on March 23, 2022, the Ronin Network bridge — the Ethereum-based Axie Infinity sidechain — was hacked for over $620 million, and on August 2, the Nomad bridge was hacked for over $190 million. In total, more than $2.5 billion has been stolen from cross chain bridges between 2020 and 2022.
Untrusted bridges, known as non-custodial or decentralized bridges, can increase the security of users in cross-network transfers.
What is a blockchain bridge?
A bridge is a technology that allows you to send assets or data from one blockchain network to another. These bridges allow two or more separate blockchain networks to communicate with each other and exchange information. The interoperability provided by bridging allows assets to be moved from one network to another.
Recent: SEC vs. Kraken: One Shot or First Salvo in Cryptocurrency Attack?
Most bridge technologies use smart contracts on both blockchains to enable cross-chain transactions.
Bridges can move many assets such as cryptocurrencies, digital tokens, and other data. The use of these bridges makes it easier for different blockchain networks to work together and allows users to take advantage of the unique features and benefits of each network.
Trusted Bridges vs. Trusted Bridges
When it comes to bridge protocols, there are two main types: centralized (trusted) bridges and decentralized (non-trusted) bridges. Trusted bridges are managed by centralized organizations that take care of the custody of tokens after they have been transferred to the bridge. The main risk of custodial bridges is a single point of failure (centralized storage), which makes them an easier target for hacking attempts.
Instead of using centralized custodians to transfer tokens across blockchains, trustless bridges use smart contracts to complete the process.
Smart contracts are automated programs that perform certain actions when conditions are met. As such, trustless bridges are seen as a more secure alternative, as each user retains their tokens during the transfer.
However, trustless bridges can still be compromised if there are vulnerabilities in the smart contract code that have not been identified and fixed by the development team.
Pascal Berrang, blockchain researcher and principal developer of Nimiq, a blockchain-based payment protocol, told Cryptooshala: “In general, the use of cross-chain bridges comes with additional risks compared to using a single blockchain.”
“This increases the attack surface through blockchains, potential custodians and smart contracts. There are different types of cross bridges that come with different trade-offs in terms of these risks.” He continued:
“Cross-chain bridges naturally involve two or more blockchains, usually using different security mechanisms. Therefore, the security of bridge assets depends on the weakest blockchain involved in the bridge. For example, if one of the chains is attacked, this will allow the exchange between chains in one of the chains to be canceled, but not in the other, which will lead to asset imbalances.”
Berrang also highlighted the vulnerabilities associated with blocking bridge assets in the bridge. “Funds are usually stored or locked in a central location, which constitutes a single point of failure. Depending on the type of bridge, these funds are subject to different risks: in a smart contract bridge, errors in these contracts can render bridge assets worthless,” Berrang said.
“An example would be a bug that allows new bridge tokens to be minted indefinitely. Bridges operated by trusted custodians are exposed to counterparty risk if custodians misbehave or their keys are stolen,” he added.
Jeremy Musigi, head of development at Balancer, an automated market maker, believes additional risks come from the complexity of blockchain bridges, telling Cryptooshala that “Bridges between chains come with several significant risks. Security is one of the biggest risks; due to the complexity and complexity of implementing bridges, they are prone to bugs and vulnerabilities that attackers can use to steal assets or perform other malicious activities.”
Mushigi also noted that scalability issues pose additional risks to the bridging process, stating, “Another risk is scalability, as bridges between networks may not be able to handle large amounts of traffic, resulting in delays and increased costs for users.”
Exploit protection for bridges
Developers can prevent cross-bridge attacks by implementing several security measures that help ensure the confidentiality, integrity, and authenticity of transferred assets.
One of the most important measures is to ensure the security and absence of vulnerabilities in the smart contract code that forms the basis of inter-network bridges. This can be achieved through regular security reviews, bug bounty programs, and code reviews that help identify and fix potential security issues.
Another measure that developers can take is the use of cryptographic algorithms such as digital signatures and hash functions to ensure the transfer of assets and information between different blockchain networks. This helps ensure that the assets being transferred are protected and prevent malicious actors from interfering with the transfer process.
Moreover, regular network monitoring is essential to detect suspicious activity and prevent attacks. By monitoring the network, developers can detect any security issues and take appropriate action to fix them before they cause any harm.
Finally, designing and deploying secure circuit bridges requires following best practices such as secure coding practices, testing and debugging, and secure deployment practices. In doing so, developers can help ensure the security and stability of bridges.
Preventing bridge attacks requires a combination of secure code, cryptographic algorithms, strong consensus mechanisms, network monitoring, and best practices.
Are unreliable bridges the best solution?
Trustless bridges can only provide a more secure solution for connecting assets between blockchains if the smart contract code has been fully tested for vulnerabilities.
The main security benefit of trustless bridges is that users keep their tokens throughout the process, and smart contracts take care of the transfer process. In addition, the lack of a central authority to lock tokens makes it difficult to attack bridges because there is no single point of failure.
Recent: Binance Banking Troubles Highlight Gap Between Crypto Firms and Banks
Mushigi told Cryptooshala: “I generally consider trustless bridges to be more secure than trust bridges because they operate transparently and rely on a decentralized network to verify and facilitate the transfer of assets between chains, whereas trusted bridges rely on a centralized third party, which means which is a single point of failure and a concentrated attack surface for hackers.”
“Untrusted bridges are easier to audit and have the benefit of minimizing trust. Since many centralized bridges also use (simpler) smart contracts, trustless bridges can be considered a less risky, but not risk-free option,” Berrang said.
As the decentralized finance space develops, developers need to take additional steps to provide inter-chain bridges. However, as crypto users become more interested in self-storage and decentralization, the popularity of untrusted bridges may grow.
Credit : cointelegraph.com