bartek.eth Profile picture
Oct 20 20 tweets 6 min read
A long thread about Optimistic Bridges and why we think @HopProtocol falls into this category (@l2beat will change the classification). Optimistic bridges are an exciting new class of bridges with @nomadxyz_ / #Optics and @AcrossProtocol falling into this category as well 👇🧵
All these constructions are different but they have one thing in common - when message is passed from source to destination chain, it is assumed to be genuine/valid unless proven otherwise by some independent Watchers /2
The main question then is - are these Watchers actually watching the bridge and how long is a “fraud-proof window” during which the validity of message can be challenged /3
The ultimate security of optimistic bridge relies on the fact that there will be at least one honest Watcher and fraud proof window is long enough to enable this Watcher to raise an alarm in the most adversarial network conditions /4
Optimistic Bridges - if implemented correctly - are exciting because this is quite weak security assumption. You never know if the Watcher is watching. Typical downside is finality - users might need to wait for the end of the fraud proof window to consider the message valid /5
We have already seen few unsuccessful theft attempts from RainbowBridge (it has an optimistic component) and one failed whitehack attempt from Fuel 1.0 () to prove the point that Optimistic constructions are far more secure than most people think /6
Let’s look at the details of @HopProtocol and its optimistic settlement process. Hop uses L1 Ethereum as a settlement layer. L2->L1 message bundle will travel via a regular, “slow", 7-day long path using the canonical bridge of a given L2 (say @optimismFND , @arbitrum, etc…) /7
To facilitate faster withdrawals an entity called Bonder can “pre-announce” the message bundle via bondTransferRoot() Bridge method. If it does that, it has to “overcollateralise” the bundle by providing extra liquidity to the Bridge and withdrawals can start immediately /8
As an example, for a bundle containing withdrawals of total amount of 92,448 DAI the collateral put by the Bonder needs to equal 101,692 DAI (110%)
ethtx.info/0xeb83e1e46920… /9 Image
This collateral is taken off the overall stake put earlier into the bridge - you can see 1,500,000 DAI staked by this Bonder e.g. in this transaction:
ethtx.info/0xd91c48d7947c… /10
After 24hours, if nobody challenges the validity of the Bonder’s message, Bonder can withdraw all collateral. However any other Bonder can challenge the validity of Bonder’s message bundle by putting a bounty of 10% of the challenged amount themselves. /11
If challenge is placed, Bonder’s collateral will be locked for the full 7 days until the “correct” message bundle finally settles on Ethereum and we will know for sure who was right - Bonder or Challenger /12
If challenge is successful, all potential withdrawals that happened in the meantime will be settled with Bonder’s collateral (as opposed to funds locked in a Bridge). Successful Challenger will get 3/4 of Bonder’s extra 10% while 1/4 will be burned /13
If challenge is unsuccessful, Bonder will suffer from a week-long lock of collateral but will get a full Challenger’s bounty as a compensation and withdrawals will be settled with funds locked in a Bridge /14
The setup - in theory - is completely trustless, albeit it does require some upfront capital from Bonders that can be problematic for big withdrawals /15
Interestingly, because Hop requires message bundles to be collateralised, withdrawals can start immediately and users don’t have to wait till the end of the challenge window (currently set to be 1 day) /16
Also note that at the moment both Challengers and Bonders have to be whitelisted. Having said that the next version promises to have fully permissionless setup so that any one can be a Bonder and Challenger /17
The current length of fraud proof window in Hop is 1 day. Compare it to Nomad (30 min), Across (2 hours) and typical Optimistic Rollup (7 days). Fraud proof length is important - if malicious Bonder is not challenged within 1 day in @HopProtocol it can drain the Bridge /18
To reiterate - suppose I am malicious Bonder and I want to steal 1,000,000$. I have to put 1,000,000$ of my own capital upfront first + 100,000$ extra bond. If I am successfully challenged within 24h, I will loose that 100,000$ /19
For the thief, hoping that there will be not a single one honest Watcher that might want to grab that 100,000$ for free is like hoping that there are no MEV bots in a dark forest. Small chance these days on Ethereum. End /20

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with bartek.eth

bartek.eth Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bkiepuszewski

Oct 7
Are you confused by the recent @samczsun thread regarding Binance Bridge hack ? I will explain this in the simplest terms possible: 🧵👇
Binance has two chains - older Binance Chain (now renamed to Binance Beacon Chain) and newer Binance Smart Chain. If newer is Smart, not sure how should I name the older, but there you go /2
The older one is built using Cosmos SDK, it's using Tendermint, and its main purpose is fast token transfers and DEX. It is not meant to be generalised smart contract platform /3
Read 8 tweets
Sep 21
With the lock-mint bridge you normally expect that the amount of locked tokens in a bridge is greater than amount of tokens minted on a destination chain. That's true for *most* bridges, but not all. Let's have a closer look at @MultichainOrg 👇🧵
Multichain is a massive ecosystem supporting many different chains and over a 1000 of tokens: docs.multichain.org/getting-starte… /2
One of the first chains they supported is @FantomFDN which, generally, regards tokens minted by @MultichainOrg as their "standard" tokens /3
Read 16 tweets
Sep 4
As a final sneak-peak before full bridge risk framework is launched at @l2beat, let's have a look at @SynapseProtocol in details. Hopefully interested community members will be able to similarly analyse other bridges - we are looking for contributors ! 🧵👇
First a quick look at the documentation - Synapse promises cross-chain messaging, optimistic verification similar to Celo's Optics (the team moved to @nomadxyz_ ) - that sounds very interesting docs.synapseprotocol.com/protocol/optim… /2
Documentation aside, we need to examine the deployed bridge code - turns out the main bridge is deployed at etherscan.io/address/0x2796… and, according to Etherscan, it acts as an Escrow holding 75M$ of assets (mostly $gOHM, $USDC, $WETH, $USDT). /3
Read 17 tweets
Aug 29
In the last thread on bridging assets I claimed that the security of an asset that you hold depends on which Token bridge you used. Let's explore more complex example, bridging $FRAX to @arbitrum 👇🧵
There are at least four different Token Bridges that you can use to bridge $FRAX to Arbitrum, namely @arbitrum standard ERC20 bridge, @MultichainOrg , @CelerNetwork and @SynapseProtocol /2
In the result you will get four different non-fungible tokens. They look similar on ArbiScan but they are very different, e.g arbiscan.io/address/0x7468… and arbiscan.io/address/0x667f…. Can you tell the difference ? /3
Read 12 tweets
Aug 24
One of the most common questions from DeFi users, especially after seeing so many bridge hacks is "Once I received my tokens on a destination chain, am I still at risk ?". The answer to this question is surprisingly hard but it is important that we get it right 🧵👇
I will use some examples to introduce three important architectural concepts - Messaging Bridge, Token Bridge and Liquidity Network. Let's take the simplest example - you want to move $MKR to @optimismFND and you use their "standard" bridge (app.optimism.io/bridge) /2
What happens in the background is your $MKR tokens are locked in L1 Token Bridge's escrow and on L2 the same amount (hopefully) will be minted /3 Image
Read 20 tweets
Aug 2
With the recent hack of @nomadxyz_ I think it is time to reflect more broadly on bridges security as by now they became by far the most critical piece of blockchain infrastructure. Here are some things to consider: 👇🧵
Externally validated bridges (i.e. bridges that require a kind of MSig to process messages) can obviously be drained by the key owners and keys might be compromised but the smart contract logic there is very simple to implement, audit and independently verify /2
Other than attacking key holders there is not much the exploiter can do there. Their simplicity is their strength. The reward for the simplest bridge must go to Avalanche Bridge. It has zero lines of smart contract code: etherscan.io/address/0x8eb8… /3
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(