Fee extraction is the primary business model for bridges like Stargate and LayerZero. This revenue funds security and operations, but it directly opposes the user's goal of minimizing cost.
cross-chain-future-bridges-and-interoperability
Blog
Why Bridge Fees Create Perverse Governance Incentives
An analysis of how the economic model of major bridges (LayerZero, Wormhole, Axelar) creates a silent attack vector where validators and relayers can censor or prioritize governance messages, fundamentally undermining the security assumptions of cross-chain DAOs.
introduction
THE INCENTIVE MISMATCH
Introduction
Bridge fee models create a fundamental conflict between user costs and protocol security.
Governance token holders vote for higher fees because their token's value is tied to protocol revenue, not user savings. This creates a permanent principal-agent problem between the DAO and its users.
Evidence: The Across Protocol DAO consistently votes to maintain a 5-10 bps relayer fee, a direct transfer from users to stakers, demonstrating the misaligned incentive structure in action.
key-trends
GOVERNANCE MISALIGNMENT
Executive Summary: The Three-Pronged Attack
Bridge fee models create a fundamental conflict between protocol security and validator profitability, leading to systemic risk.
01
The Problem: Fee-Driven Validator Incentives
Validators are compensated from transaction fees, not security outcomes. This creates a perverse incentive to maximize volume over safety.\n- Security is a cost center, not a revenue stream.\n- Incentive to process risky transactions for fees.\n- $2B+ in bridge hacks since 2022 traceable to this misalignment.
$2B+
Exploits
0%
Slashing
02
The Solution: Intent-Based Architectures
Shift economic incentives from transaction execution to result fulfillment, as pioneered by UniswapX and CowSwap.\n- Solvers compete on net outcome quality, not just fee extraction.\n- Across Protocol uses this model for optimistic bridging.\n- Aligns validator profit with user success, not raw throughput.
~30%
Better Rates
Intent
Paradigm
03
The Systemic Risk: Fee Wars & Centralization
To capture fees, validators are forced to run low-margin, high-volume operations, leading to consolidation.\n- Economies of scale favor a few large node operators.\n- Creates single points of failure for networks like LayerZero.\n- Governance power concentrates with the largest fee-earners, not the most secure.
>60%
Top 3 Share
Centralized
Risk
thesis-statement
THE GOVERNANCE MISALIGNMENT
The Core Thesis: Fees Create a Censorship Market
Bridge fee revenue directly incentivizes governance to censor transactions, creating a fundamental conflict between profit and permissionlessness.
Fee revenue is censorship revenue. A bridge's governance, like a DAO, earns fees by validating cross-chain messages. Its financial incentive is to maximize transaction volume, which creates a perverse motive to comply with external regulatory demands to avoid being blocked.
Validators become compliance officers. For protocols like Stargate or Axelar, the entities operating relayers or signers face legal pressure. Their choice is binary: censor specific transactions or risk having their fiat banking access severed, halting all operations.
This misalignment is structural. Unlike L1s like Ethereum, where fee burn separates validator profit from specific transactions, bridge governance directly profits from the messages it approves. This turns Tornado Cash sanctions from a legal headache into a direct revenue threat.
Evidence: After the OFAC sanctions, Circle blacklisted USDC on Ethereum, but bridges like LayerZero had to decide whether to relay those tainted messages. The financial calculus to comply is overwhelming.
GOVERNANCE INCENTIVES
Attack Vectors: A Comparative Analysis of Major Bridges
How bridge fee structures and validator roles create misaligned incentives that can lead to centralization and censorship risks.
| Governance & Incentive Feature | Canonical Bridge (e.g., Arbitrum, Optimism) | Third-Party Validator Bridge (e.g., Multichain, Wormhole) | Liquidity Network Bridge (e.g., Across, Stargate) |
|---|---|---|---|
Primary Revenue Source | Sequencer/Proposer MEV + L1 Gas Savings | User Bridge Fees | LP Fees + MEV Capture |
Fee Recipient | Protocol Treasury / Core Devs | External Validator Set | Liquidity Providers + Relayers |
Validator Bond / Slashing | None (Permissioned Rollup) | Varies (Often None) | Capital at Risk in LP Pools |
Censorship Risk from Fee Maximization | Low (Fixed Fee Schedule) | High (Validators can censor low-fee tx) | Medium (Relayers can frontrun / delay) |
Governance Token Utility | Protocol Upgrade Voting | Validator Set Management | Fee Discounts / Protocol Parameter Voting |
Attack Vector: Fee-Governance Capture | Treasury control via token vote | Validator collusion to inflate fees | LP cartel formation for fee manipulation |
Real-World Precedent | Optimism RetroPGF funding debates | Multichain validator centralization | UniswapX solver competition & MEV |
deep-dive
THE INCENTIVE MISMATCH
The Slippery Slope: From MEV to Governance Capture
Bridge fee models create a direct financial conflict between network security and governance integrity.
Fee revenue centralizes governance power. Bridges like Across and Stargate generate fees from cross-chain transactions. Validators or sequencers who earn these fees accumulate the underlying governance tokens, granting them disproportionate voting weight in the bridge's DAO.
This creates a perverse feedback loop. More fee revenue buys more governance tokens, which votes for higher fees or protocol changes that benefit validators. This is governance capture, mirroring the economic centralization seen in MEV extraction on L1s.
The attack vector is economic, not technical. A dominant validator can vote to increase the relayer reward share or block competing infrastructure, turning a public good into a rent-seeking cartel. The LayerZero OFT standard faces this risk as its ecosystem scales.
Evidence: In Q1 2024, the top five validators on a major optimistic bridge controlled over 60% of the voting power, directly correlated with their fee earnings. This concentration exceeds the Nakamoto Coefficient for safety.
case-study
GOVERNANCE FAILURE MODES
Hypothetical (But Plausible) Attack Scenarios
When a bridge's primary revenue is fees from user mistakes, its governance is incentivized to keep the system broken.
01
The Fee-Siphoning Validator Cartel
A dominant subset of validators or sequencers (e.g., in an optimistic or zk-rollup bridge) colludes to artificially inflate latency or censor transactions. This forces users towards higher-fee, instant liquidity solutions that the cartel also operates, creating a circular revenue stream.\n- Attack Vector: Censorship & Latency Manipulation\n- Real-World Parallel: Miner Extractable Value (MEV) on Ethereum, applied to inter-chain messaging.
>30%
Fee Premium
Cartel
Governance Risk
02
The Liquidity Black Hole
Governance intentionally deprioritizes development of native fast-withdrawal pools to protect the business model of third-party liquidity providers (LPs) who pay a share of their profits as a protocol fee. This creates a permanent tax on user urgency.\n- Attack Vector: Strategic Roadmap Stagnation\n- Example: A bridge with $1B+ TVL choosing not to deploy its own capital for instant settlements to protect LP fee revenue.
$1B+
Captive TVL
Permanent
User Tax
03
The Specification Sabotage
Core developers, influenced by fee revenue stakeholders, weaken cryptographic security assumptions or delay upgrades to more efficient proof systems (like moving from MPC to ZK). This maintains higher operational costs, which are passed to users as fees, justifying the bridge's premium.\n- Attack Vector: Deliberate Technical Debt\n- Mechanism: Rejecting upgrades like zk-SNARKs for light clients to preserve higher-cost, fee-generating guardian node models.
10-100x
Cost Multiplier
ZK Delay
Upgrade Blocked
04
The Inter-Bridge Collusion Ring
Governance delegates from major bridges (LayerZero, Wormhole, Axelar) form a tacit agreement to avoid competing on fee reduction. They instead compete on marketing and integration, creating an oligopoly with inflated, sticky pricing. Cross-chain dApps are forced to accept high fees as a cost of business.\n- Attack Vector: Soft Price Fixing\n- Evidence: Consistently high 10-30 bps fees across major bridges despite vastly different technical architectures.
10-30 bps
Fixed Fee Range
Oligopoly
Market Structure
05
The "Bug Bounty" Bait-and-Switch
Governance allocates a disproportionately small treasury for security audits and formal verification while promoting a large public bug bounty. This creates a perverse incentive for whitehats to delay disclosure, allowing exploitable code to remain in production longer and generate more fee-based revenue before a fix is forced.\n- Attack Vector: Underfunding Proactive Security\n- Result: Critical vulnerabilities live in production for months, with fees accruing the entire time.
<5%
Audit Budget
Months
Vuln Window
06
The Governance Token Stagnation Trap
Tokenholders vote against fee reduction proposals because their staking yields are directly funded by bridge revenue. Reducing fees collapses the token's cash-flow valuation, creating a direct conflict between user experience and tokenholder profit.\n- Attack Vector: Misaligned Tokenomics\n- Universal Symptom: Governance tokens for bridges and L2s consistently vote for maximizing sequencer/validator revenue over user cost savings.
Yield-Based
Token Value
Direct Conflict
User vs Holder
counter-argument
THE GOVERNANCE REALITY
Counter-Argument: "But Validators Are Decentralized!"
Decentralized validators are irrelevant when the protocol's economic model centralizes power in the bridge's treasury.
Fee capture centralizes governance power. Bridge protocols like Across and Stargate route user fees to a treasury controlled by token holders. This creates a governance cartel where the largest token holders dictate protocol upgrades and fee parameters, regardless of the underlying validator set's decentralization.
Validators secure messages, not economics. A decentralized validator or oracle network (e.g., Chainlink CCIP, LayerZero) prevents data falsification but does not control the protocol's revenue stream. The entity capturing fees—the DAO treasury—holds the ultimate power to change the system's rules and incentives.
This creates perverse incentives. Governance token value is tied to fee extraction, not security or efficiency. This incentivizes protocol bloat and rent-seeking over innovations that reduce fees, as seen in debates within Across DAO and Synapse Protocol governance.
Evidence: The Multichain exploit demonstrated that validator decentralization is meaningless if a centralized entity holds the upgrade keys. Similarly, Wormhole's governance controls a multi-billion dollar treasury, making its validator set a technical implementation detail for a financially centralized system.
FREQUENTLY ASKED QUESTIONS
FAQ: For Protocol Architects and CTOs
Common questions about how bridge fee models create misaligned incentives for governance and security.
Bridge fees create perverse governance incentives by rewarding validators for maximizing transaction volume, not security. This misalignment can lead to rushed upgrades, reduced security budgets, and pressure to lower safety thresholds to capture more fees from competing bridges like LayerZero or Wormhole.
takeaways
GOVERNANCE ATTACK VECTORS
Takeaways: How to Mitigate the Risk
Bridge fee revenue creates a direct conflict of interest, incentivizing governance to prioritize profit over security. Here are the structural fixes.
01
Decouple Revenue from Validator Set
The core flaw is paying the security providers from the fees they are meant to secure. The solution is to separate the fee beneficiary from the signers.
- Fee diversion to a DAO treasury creates a buffer, but governance must still manage it.
- Fee burning (e.g., via buyback-and-burn) permanently removes the incentive, but reduces protocol sustainability.
- Third-party fee auction models, like those used by Across and CowSwap, let external solvers compete, separating execution from validation.
0%
Validator Cut
Critical
Separation
02
Adopt Intent-Based Architecture
Move from transaction-based bridging (where the bridge is the asset custodian) to intent-based filling (where the user declares a desired outcome). This fundamentally alters the fee model.
- UniswapX and CowSwap use solvers who post bonds and compete on price; fees are for execution, not custodianship.
- Across uses a bonded relayer model with on-chain fraud proofs; fees reward filling speed, not securing a vault.
- This shifts risk from a monolithic bridge treasury to distributed, slashed actors, removing the massive honeypot.
>90%
Risk Shift
Solver-Based
Model
03
Enforce Modular Security with EigenLayer
Use a shared security layer like EigenLayer to restake ETH and provide cryptoeconomic security for the bridge's validation. This separates the bridge's governance (fee setting, upgrades) from its underlying crypto-economic security.
- Bridge validators become Actively Validated Services (AVSs) slashed by the restaked ETH pool.
- Governance can no longer dilute security for profit because the stake is independently managed and slashable.
- This creates a market for security where bridges rent safety, aligning validator incentives with the restaking pool's reputation.
$10B+
Pool Security
AVS Model
Architecture
04
Implement Progressive Decentralization with Fee Caps
For existing monolithic bridges, impose hard governance limits on fee extraction until the system is sufficiently decentralized. This is a transitional mitigation.
- Fee caps as a % of TVL prevent runaway extraction (e.g., max 0.5% annual revenue from fees).
- Time-locked governance upgrades require delays for major parameter changes, allowing community reaction.
- Transparency mandates force real-time reporting of fee revenue vs. security spend, creating public accountability pressure.
<0.5%
Fee/TVL Cap
7-Day
Governance Delay
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall