Trusted relayers are rent extractors. They are centralized, permissioned entities that charge fees for validating and forwarding messages between chains, creating a recurring operational cost for protocols like Stargate and Synapse.
layer-2-wars-arbitrum-optimism-base-and-beyond
Blog
The Cost of Trusted Relayers in Today's Cross-L2 Bridges
An analysis of the systemic risks and hidden costs—vendor lock-in, censorship, and perpetual hack threats—inherent in the centralized message-passing infrastructure powering major L2 bridges.
introduction
THE TAX
Introduction
Trusted relayers impose a systemic cost on cross-chain liquidity, creating a hidden tax on every transaction.
This cost scales with volume, not security. Unlike decentralized verifiers that amortize costs, relayers charge per-transaction fees, making high-frequency L2-to-L2 swaps via Across or LayerZero disproportionately expensive.
The tax distorts economic incentives. Projects must subsidize relayers or pass costs to users, creating a competitive disadvantage against native solutions like Arbitrum's canonical bridge or future intent-based systems.
thesis-statement
THE TRUST TAX
The Core Argument
The dominant cross-chain bridge model imposes a recurring, opaque cost on users by centralizing trust in a small set of permissioned relayers.
Trusted relayers are rent extractors. Bridges like Across, Stargate, and Synapse rely on a small committee of whitelisted entities to attest to state and relay messages. This committee charges fees for a service that is fundamentally a data delivery task, creating a persistent economic overhead for every cross-chain transaction.
This model contradicts blockchain's value proposition. Users migrate from L1 to L2s for decentralization and lower cost, only to re-introduce a centralized choke point when moving assets between them. The trusted relayer model reintroduces the very counterparty risk that decentralized systems were built to eliminate.
The cost is systemic and hidden. Relayer fees are often bundled into a single 'bridge fee', obscuring their true economic weight. Unlike L1 gas, which is a transparent auction for a public resource, relayer fees are a private toll for a permissioned service, creating an inefficient market.
Evidence: An analysis of Across Protocol's fee structure shows that relayer compensation constitutes a significant portion of total user cost, especially for smaller transactions, acting as a regressive tax on cross-chain activity.
key-trends
THE COST OF TRUSTED RELAYERS
The Three Pillars of Risk
Today's dominant cross-L2 bridges centralize risk and cost around a single, trusted entity for message delivery.
01
The Centralized Bottleneck
Every message must pass through a single, permissioned relayer. This creates a systemic risk point and a rent-seeking intermediary.
- Single point of failure for censorship and liveness.
- Monopoly pricing on transaction ordering and speed.
- Opaque fee extraction from users and protocols.
1
Relayer
100%
Trust Required
02
The Capital Inefficiency Tax
To secure liquidity pools and backstop withdrawals, relayers must lock up significant capital, a cost passed directly to users.
- Billions in TVL sit idle as economic security.
- High gas overhead for on-chain verification and fraud proofs.
- Slow finality due to challenge periods and dispute windows.
$10B+
Idle Capital
~7 Days
Withdrawal Delay
03
The Protocol Capture Problem
The bridge's trusted relayer becomes a gatekeeper, extracting value from the ecosystem and stifling competition.
- Protocols like UniswapX and CowSwap must integrate with and pay the relayer.
- No permissionless relay market to compete on speed or cost.
- Vendor lock-in prevents modular security and execution layers.
0
Relay Competition
High
Switching Cost
THE COST OF TRUSTED RELAYERS
Bridge Architecture & Risk Profile Matrix
Quantifying the security and economic trade-offs of dominant cross-L2 bridge models, focusing on the trusted relayer as the central point of failure.
| Architecture & Risk Metric | Native Validator Bridge (e.g., Arbitrum, Optimism) | Third-Party Liquidity Network (e.g., Across, Hop) | Light Client / ZK Bridge (e.g., zkBridge, Succinct) |
|---|---|---|---|
Core Trust Assumption | L1 Smart Contract & Native Protocol Validators | Off-Chain Relayer Committee (e.g., 8-of-15 multisig) | Cryptographic Proof (ZK or Fraud Proof) & Light Client |
Relayer Can Censor? | |||
Relayer Can Steal Funds? | |||
Time to Finality (L2 -> L2) | ~1 week (Dispute Period) | 3-5 minutes | ~20 minutes (Proof Generation) |
User Fee Premium for Trust | ~0% (Protocol Native) | 0.3% - 0.5% (Relayer Profit) | ~0.1% (Prover Cost) |
Capital Efficiency | Low (Locked in L1 Escrow) | High (Liquidity Pool Based) | High (No Locked Liquidity) |
Key Failure Mode | L1 Reorg > Finality Period | Multisig Collusion | Light Client Implementation Bug |
deep-dive
THE COST OF TRUST
The Anatomy of a Systemic Threat
The centralized relayers powering major bridges like Across and Stargate create a single, expensive point of failure that undermines the security of the entire multi-chain ecosystem.
Centralized Relayers are the Attack Surface. Every transaction on a canonical bridge like Arbitrum's or Optimism's requires a trusted third party to relay state. This creates a single point of failure that hackers target, as seen in the Wormhole and Nomad exploits.
Trust is a Recurring Cost. Protocols like Across and Stargate must pay for off-chain compute and capital lockup for their relayers. This operational expense is passed to users as higher fees, making simple transfers economically inefficient.
The Systemic Risk is Contagion. A compromise of a major relayer for a liquidity network like LayerZero doesn't just drain one bridge. It can cascade across dozens of chains and hundreds of integrated dApps, freezing billions in value.
Evidence: The 2022 Wormhole hack exploited the trusted guardian model for $325M. Today, over 70% of cross-chain TVL relies on similar trusted verification assumptions, according to DeFiLlama bridge classifications.
counter-argument
THE COST OF TRUST
The Defense of Centralization
Trusted relayers in bridges like Across and Stargate are not a bug but a deliberate, cost-effective design for today's fragmented L2 ecosystem.
Trusted relayers are efficient. A centralized entity executing a cross-chain swap on Across or Stargate operates with near-zero latency and predictable gas costs, which is impossible for a decentralized network of validators that must achieve consensus for every transaction.
Decentralization is expensive. The gas overhead for a fully on-chain, trust-minimized bridge like a canonical rollup bridge is an order of magnitude higher, a cost ultimately passed to users. For high-frequency, low-value transfers, this is prohibitive.
Security is a spectrum. Protocols like Across use a bonded relayer model with fraud proofs, trading absolute decentralization for practical security with economic slashing. This creates a viable security model where the cost of corruption outweighs the reward.
Evidence: The TVL and volume dominance of trusted relayers in Stargate and Across proves the market's preference for low-cost, fast finality over pure decentralization for most asset transfers. Users vote with their gas fees.
protocol-spotlight
THE COST OF TRUSTED RELAYERS
The Trust-Minimized Alternatives
Today's dominant bridges rely on centralized multisigs, creating systemic risk and rent extraction. These models are the cost center of interoperability.
01
The Problem: The Multisig Tax
Centralized relayers and MPC committees charge a premium for their trust assumption, extracting value from every transaction. This is a structural inefficiency baked into the business model of bridges like Multichain (formerly Anyswap) and cBridge.
- Fee Obfuscation: Relayer fees are hidden in slippage and exchange rates, not transparent gas costs.
- Rent-Seeking: Operators have no incentive to minimize costs, only to maximize transaction volume.
- Vendor Lock-in: Liquidity becomes trapped within a bridge's proprietary pool system.
10-30 bps
Hidden Fee
$1.5B+
Risked in '23
02
The Solution: Native Verification (Rollup-Centric)
Bridges that leverage the underlying L1 (Ethereum) as a verification layer, like Hop and Across, minimize external trust. They use on-chain light clients or optimistic verification to prove state transitions.
- L1 Security: Inherits the full security of Ethereum for message verification.
- Transparent Costs: Fees are primarily L1 gas, moving value, not paying a trusted third party.
- Protocol-Owned Liquidity: Models like Across's single liquidity pool reduce fragmentation and rent extraction.
~3-20 min
Delay for Safety
L1 Gas + ~0
Fee Model
03
The Solution: Intent-Based & Atomic Swaps
Frameworks like UniswapX and CowSwap's CoW Protocol remove the bridge operator entirely. Users express an intent to swap, and a decentralized network of solvers competes to fulfill it atomically across chains.
- No Bridging Asset: No wrapped tokens or intermediate pools; direct asset-for-asset settlement.
- Competitive Pricing: Solver competition drives fees toward the true cost of execution (MEV + gas).
- Failure Proof: Transactions either succeed atomically or fail, eliminating principal risk.
~1-5 min
Solver Auction
0
Bridge TVL Risk
04
The Frontier: Light Client & ZK Bridges
Projects like Succinct Labs and Polygon zkBridge are building trust-minimized bridges using zero-knowledge proofs to verify state. A light client's state transition is proven in a ZK-SNARK on the destination chain.
- Maximum Security: Cryptographic guarantees equivalent to running the source chain's node.
- Fast Finality: Proof generation (~minutes) is faster than optimistic challenge periods (~days).
- Universal: Can connect any two chains, not just Ethereum L2s, without new trust assumptions.
~5-10 min
Proof Gen Time
~$1-5
Prover Cost (est.)
future-outlook
THE COST OF TRUST
The Inevitable Shift
The current cross-chain model, reliant on trusted relayers, imposes a hidden but unsustainable tax on security and user experience.
Trusted relayers are rent extractors. Bridges like Stargate and Across embed a security premium into every transaction fee, paying for centralized watchtowers and multisig signers. This cost scales linearly with value secured, creating a permanent drag on capital efficiency.
The security model is inverted. Users trust a bridge's multisig council more than the underlying Ethereum or Avalanche consensus. This creates systemic risk, as seen in the Wormhole and Nomad exploits, where a single bug or key compromise drained hundreds of millions.
The user experience is fragmented. Each new bridge like LayerZero or Axelar introduces its own trust assumptions and liquidity pools. This Balkanization forces protocols to integrate dozens of bespoke SDKs and users to manage multiple wrapped asset representations.
Evidence: The 2022 bridge hacks accounted for over $2.5B in losses, a direct subsidy to attackers funded by the trusted relayer model's inherent vulnerabilities.
takeaways
THE COST OF TRUSTED RELAYERS
Key Takeaways for Builders
Today's dominant bridging models outsource security to centralized entities, creating hidden costs and systemic risks.
01
The Liquidity Lockup Tax
Trusted relayers require massive, idle capital pools on each chain to facilitate transfers, creating a permanent liquidity tax on the system. This capital could otherwise be earning yield in DeFi protocols.
- Cost: Protocol pays for relayers' opportunity cost.
- Risk: Capital inefficiency scales linearly with TVL.
- Example: A $1B bridge locks ~$200M+ per chain.
$200M+
Idle Capital
0% APY
Opportunity Cost
02
The Oracle/Relayer Monopoly Fee
A small set of permissioned entities (e.g., multisigs, enterprise nodes) control message attestation, allowing them to extract monopoly rents via high fees. There is no competitive market to drive costs down.
- Result: Fees are opaque and non-competitive.
- Vulnerability: Single points of failure for censorship.
- Trend: Drives protocols like Across and LayerZero to explore decentralized verification.
10-50 bps
Fee Range
~5 Entities
Typical Quorum
03
Intent-Based Architectures as the Antidote
Networks like UniswapX and CowSwap demonstrate the model: users express a desired outcome (intent), and a decentralized solver network competes to fulfill it. This eliminates the need for a centralized, capital-heavy relayer.
- Mechanism: Auction-based fulfillment drives cost to marginal.
- Benefit: No upfront capital lockup; liquidity stays in DeFi.
- Future: This is the core innovation behind shared sequencers and cross-chain intent networks.
>90%
Capital Efficiency
Competitive
Fee Discovery
04
The Regulatory Attack Surface
A centralized relayer is a legal entity in a jurisdiction, making the entire bridge susceptible to sanctions, seizure, or shutdown. This counterparty risk is often overlooked in protocol design.
- Consequence: Sovereign risk becomes protocol risk.
- Mitigation: Trustless, cryptographic verification (e.g., light clients, ZK proofs).
- Priority: Builders must architect for censorship resistance from day one.
1 Entity
Single Point of Failure
High
Sovereign Risk
05
Latency vs. Finality Trade-Off
To offer "instant" transfers, trusted relayers must front liquidity before destination chain finality, assuming enormous reorg risk. This creates a hidden insurance cost.
- Dilemma: Faster UX requires more trusted capital.
- Solution: Optimistic or ZK-based attestation can reduce this risk.
- Data Point: Native bridge finality can take ~12 mins (Ethereum); relayers promise <2 mins.
<2 min
Promised UX
~12 min
Real Finality
06
The Modular Endgame: Light Clients & ZK
The only way to remove the trusted relayer cost is to verify the source chain state directly on the destination chain. Light client protocols (like IBC) and ZK validity proofs are the cryptographic primitives to make this economically viable.
- Challenge: Historically computationally expensive.
- Innovation: Succinct and Polygon zkEVM are driving proof cost down.
- Outcome: Shifts cost from operational (relayers) to computational (proof generation), which is commoditizable.
~$0.10
Future Proof Cost
Trustless
Security Model
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall