After a lot of large-scale exploits of bridges, lots of oxygen is being given to the narrative that cross-chain know-how is inherently flawed — that cross-chain interoperability means threat. With an estimated $2 billion misplaced throughout 13 bridge hacks this 12 months, it’s changing into more and more tough to disregard this argument.
At deBridge, we expect that it’s not solely crucial however inevitable that each one cross-chain bridges utterly rethink their method to liquidity aggregation.
The constraints of locked liquidity
By locking liquidity to offer cross-chain routing (as virtually each bridge does proper now), bridges have positioned themselves in a contest they’re sure to lose. We’re seeing bridges face off in opposition to established, purpose-built liquidity protocols like AAVE, Compound, and Frax, initiatives that may undoubtedly monetize liquidity extra successfully and securely. Examples abound of bridges with tons of of hundreds of thousands of {dollars} in TVL, with extraordinarily low utilization of locked liquidity.
With this design, bridge initiatives are pressured into working unsustainable liquidity mining campaigns that fail to supply long-term capital effectivity options. Until token incentives are maintained indefinitely — an unsound ambition for any venture — liquidity suppliers will inevitably take away capital to pursue higher-yielding alternatives.
To combination liquidity safely, bridges would wish to accumulate insurance coverage insurance policies to let liquidity suppliers have the power to hedge dangers. That is one other expense that makes liquidity monetization much more tough. That’s why most present bridges aren’t worthwhile, as prices and paid liquidity mining rewards usually exceed the protocol’s internet revenue.
There are additionally architectural issues at play right here, given {that a} cross-chain worth switch is a request that may be settled in several methods. All present bridges settle these orders from their very own liquidity swimming pools the place liquidity is repeatedly locked when it’s wanted solely on the exact second the worth switch needs to be fulfilled.
The dimensions of the order can even differ — if it exceeds the dimensions of the bridge’s liquidity pool, then the sender will find yourself with wrapped tokens or an indefinitely suspended/caught transaction. Then again, if the order is just too small for the liquidity pool’s measurement, the liquidity utilization could be very low and inefficient. This vicious circle additional highlights that this liquidity protocol method to bridge design is ineffective and essentially unsuitable.
Fixing the safety drawback
As necessary of a difficulty as that is, financial unsustainability isn’t the one primary problem right here. Even though bridges discovered a method to make use of the locked liquidity method and keep capital-efficient, by now, it’s evident that constructing a safe liquidity protocol is an all-consuming activity. Certainly, by knowingly or unknowingly changing into liquidity protocols, bridge initiatives are giving themselves the immense activity of safeguarding a multi-faceted assault floor.
To start out excessive degree, one of many evident points with a locked liquidity-style bridge is that it creates a risk-multiplier impact, the place the vulnerabilities of 1 supported chain can spill over to compromise capital held in different ecosystems.
Right here, there’s the problem of safety by proxy. A bridge can have its whole liquidity base compromised if there’s a possible vulnerability within the codebase of 1 supported blockchain/L2. We noticed this chance earlier this 12 months with a vulnerability found in Optimism, which might have allowed attackers to mint an arbitrary amount of belongings and foreseeably trade these for tokens in different ecosystems.
Final week, I found (and reported) a important bug (which has been totally patched) in @optimismPBC (a “layer 2 scaling answer” for Ethereum) that might have allowed an attacker to print arbitrary amount of tokens, for which I received a $2,000,042 bounty. https://t.co/J6KOlU8aSW
— Jay Freeman (saurik) (@saurik) February 10, 2022
Once more, any points with the consensus mechanism of 1 chain can even result in systemic contagion, placing in danger any liquidity locked in different supported chains. On this case, the bridge merely broadcasts the exploit to different chains. This might embody 51% assaults or different protocol-level failures.
Except for most of these inherited dangers, we’re more and more seeing conditions the place errors by the bridge initiatives themselves have, in a technique or one other, inflicting a lack of locked liquidity. From botched protocol upgrades, poor good contract design, or compromised infrastructure of validators, there are various eventualities the place dangerous actors can exploit vulnerabilities within the bridge itself.
All these dangers are rapidly compounded and — as we’ve seen on too many events — are ultimately born by liquidity suppliers once they lose the redeemability of their wrapped belongings. Such a chance needs to be unacceptable.
Few are denying the huge promise of cross-chain interoperability to push Web3 adoption to new heights. However with the sheer measurement and frequency of bridge exploits, it has grow to be painfully clear that the basic design of bridging know-how must be reimagined from first ideas. The bridge-turned-liquidity-protocol design simply isn’t working.
Is there any method we are able to devise a essentially new and distinctive method to bridge design, one which utterly removes dangers for liquidity suppliers, eliminates assault vectors, and on the similar time preserves the best degree of capital effectivity?
There could also be precisely that within the close to future. At deBridge, we’re engaged on a brand new cross-chain liquidity routing that solves all these issues. Keep tuned.
