And why would you want one?
Basically, cross-blockchain bridges are intended to make it easy to transfer tokens from one blockchain to another, e.g., to use Bitcoin to purchase something using Ethereum.
Having had the fun of converting from one token to another last year, I understand that simply selling one and buying the other is painful. So, yeah, I could see the value of an easy way to do it.
(from [2])
This is a simple enough idea, though in Nakamotoland anything can be made complicated. As far as I can tell, the basic implementation would use executable contracts to keep an account that can be denominated in several currencies, with options to execute trades in whichever you want.
(Another way to think of it is basically wrapping the “real” cryptocurrency in your own derived currency, with a promise to pay out whichever “real” cryptocurrency you want. Sort of like selling BobNotes that I promise you can redeem for either Dollars or Euros.)
So, what could possibly go wrong?
This winter we read about troubles at Wormhole, which is (or at least was) a major cross-blockchain bridge service [2]. While Bitcoin, Ethereum, and Wormhole’s Solana) blockchains remain secure, apparently the Wormhole service was hacked to the tune of hundreds of millions. Oops!
Worse, this heist essentially cleaned out the vault of the crypto that was backing all the contracts out there. Which means that users could lose everything, because their wrappers have nothing in them.
As far as I can tell, the security breach was either an impersonation (i.e., a bog standard hack of a user) or a bug in a contract (i.e., a bog standard programming error), or both. Which illustrates the fundamental challenge for these too clever by half bridges: they are at least as vulnerable as any other network service.
This is a good illustration of the computer security principle that the system is only as secure as its weakest link. It doesn’t matter how bulletproof Bitcoin or Ethereum may be, a weakness in the bridge can bring down the whole thing, including all your Bitcoin and Ethereum. And in Nakamotoland, it only takes seconds to clean out the bank.
This particular incident also surfaced the Nakamotoan bete noir, “trust”. In response to the lost crypto, the company was moving to infuse cash to make sure that all the contracts were properly backed. This is normal behavior for a financial service, at least one that wants to be trusted.
But this perfectly reasonable behaior is heretical for some hardline Nakamotoans, who dislike the concept that when you do business with Wormhole you are trusting them to keep their promises. (Hard line Nakamotoans were also unhappy at the supposed “moral hazard” akin to “fiat bailouts” [1], though I don’t completely grok what the hazard is in this case.)
Clearly, simple minded cross chain bridges are probably not going to work. I’m pretty sure that there are other ways to skin this particular cat, though they will be more complicated and take a lot more time and effort to deploy.
I should probably start a “new word of the month” collection. “Governance Attack” and now “Cross-chain bridge”.
- David Z Morris (2022) A Bridge Too Far: Does the Wormhole Hack Mean the Multi-Blockchain Dream Is Dead? Coundesk, https://www.coindesk.com/layer2/2022/02/04/a-bridge-too-far-does-the-wormhole-hack-mean-the-multi-blockchain-dream-is-dead/
- Andrew Thurman (2022) Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M. Coindesk, https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m/
Cryptocurrency Thursday
Robert McGrath's Blog 