Back to Blog
header-image

Cross-Chain Immutability: Security Considerations

Understanding the concept of cross-chain immutability and its security implications for bridging protocols and multi-chain applications.

March 14, 2023
3 min read
developer notesbridgecross-chainsecurity

Immutability is a strong value proponent for cross-chain applications. Today, various off-chain solutions exist, including Layerzero’s PreCrime and Hyperlane’s WatchTower.

They all exist to solve one major problem in the cross-chain paradigm, data immutability.

WHY IS IT A BIG DEAL TODAY, TOMORROW & FOREVER?

In today’s cross-chain world, AMBs (Arbitrary Message Bridges) are core components for delivering state across chains.

P.S. I use the word state instead of data because in blockchain, everything points to a state, the current state of the network. But both would convey the same meaning in this context.

JUST SOME FLEX that I KNOW A FEW TERMS IN BLOCKCHAIN. NVM. LOL.

Back to business, today’s cross-chain messaging paradigm is highly concentrated on fewer validator groups. These validator groups aren’t as secure as PoW (or) PoS.

No matter how secure your blockchain is, if your AMBs are weak, then you’re done.

Instead, they’re all protected by TRUST. Dudes don’t even trust their partners; how could they trust a handful of validators for our billion-dollar TVL cross-chain app?

AN EXAMPLE

Imagine myself launching a cross-chain lending protocol like Aave but allowing users to borrow from pools on different chains.

Alice wants to borrow 2 ETH (2*10**18) from my protocol’s ETH pool on Chain A, maybe Ethereum from Chain B (maybe Solana), by depositing SOL as collateral on Chain B.

NOT SO IMPORTANT Now, my protocol utilizes an AMB that says 21 validators secure it. AMBs are not cost-intensive like blockchains, and hence their ability to diversify their validator set is highly unlikely in the short run because this may force Alice to pay for on-chain gas costs alongside the cross-chain delivery fee.

The cross-chain delivery fee is a function of demand and the cost of operation for the validator set to remain profitable.

Now the transaction on Chain A is mined, and a cross-chain message is sent using an AMB. Now those validators got corrupted/bribed by Alice to overwrite her message by adding a couple more zeros.

The validators accepted the bribe and sent the cross-chain message by overriding the borrowed amount to 200 ETH (instead of 2* ETH). BOOM, I’M HACKED

If Alice is wise and to avoid Twitter hack thread bros, she would ask the AMBs to override her borrow amount to 2.2 ETH and can do this process for months on different pools going unnoticed, draining large values from my pools.

SOLUTION

I don’t know if what I’m trying to solve makes sense (or) maybe already been completed by someone else.

I don’t recognize a solid on-chain solution for this use case. I am against using off-chain keeper/monitoring networks (as, again, centralization), so I plan to explore on-chain validation & data integrity mechanisms that are AMB agnostic, cheap, and easy to integrate.

Nothing bad to spend the next 30 days on this nice task that I set for myself. You wasted some time reading my random thoughts, hahaha.