Optimistic bridges are a subsidy for attackers. Their security model externalizes the cost of verification, creating a negative-sum game where honest users pay for the fraud proofs that secure their own funds.
cross-chain-future-bridges-and-interoperability
Blog
Why Optimistic Bridges Are a Subsidy for Attackers
Optimistic bridges trade security for speed, creating a risk-free window for attackers. This analysis deconstructs the economic model where users bear the cost of failure while validators face minimal downside.
introduction
THE VULNERABILITY
Introduction
Optimistic bridges create a systemic risk by subsidizing the cost of attacks against the entire network.
The challenge period is a free option. Attackers can launch unlimited attempts, only paying the gas fee for a failed challenge. This is a classic asymmetric risk, similar to the oracle problem in DeFi lending.
This model inverts economic security. Unlike proof-of-stake bridges like LayerZero or IBC, where capital is slashed, optimistic bridges like Across or Nomad rely on a watchtower economy that often fails to scale with TVL.
Evidence: The Nomad bridge hack exploited a flawed one-block fraud proof window, resulting in a $190M loss. The economic design made a profitable attack inevitable.
thesis-statement
THE INCENTIVE MISMATCH
The Core Argument: Asymmetric Risk
Optimistic bridges create a fundamental economic asymmetry where attackers have a low-cost, high-reward option that honest users subsidize.
The economic model is inverted. Users pay a fixed, small fee for security, while a potential attacker's cost is the entire bonded value. This creates a massive risk asymmetry where the attacker's potential reward (stealing the entire bridge TVL) vastly outweighs their upfront cost.
Honest users are the subsidy. Every transaction fee paid on Across or a similar optimistic bridge funds the liquidity pool that an attacker ultimately targets. Users are paying for a security promise that is only validated after a successful theft is attempted.
Compare this to light clients. Zero-knowledge or validity-proof bridges like zkBridge force attackers to first break cryptographic assumptions, making the cost of attack astronomically high and independent of user fee revenue. The security budget is cryptographic, not economic.
Evidence: The Nomad bridge hack exploited this exact model. Attackers needed only to copy-paste a fraudulent Merkle root, turning a $200 million TVL into a costless bounty funded by user fees. The security delay was a subsidy window.
market-context
THE SUBSIDY
The State of Play: Speed Over Safety
Optimistic bridges prioritize user experience by subsidizing security costs, creating a systemic risk that is exploited by arbitrageurs.
Optimistic bridges are a subsidy. Protocols like Across and Hop Protocol finalize transfers before verifying them on-chain. This creates a risk window where attackers can steal funds if fraud proofs fail. The protocol's liquidity providers, not the attacker, bear the ultimate loss.
Arbitrageurs are the primary beneficiaries. This design flaw is a free option for MEV bots. They exploit the delay between a user's fast withdrawal and the slow verification on the source chain, capturing value that should secure the system.
The security budget is misallocated. Capital efficiency metrics for bridges like Stargate ignore the real cost of insurance. The liquidity locked for fast withdrawals is a direct subsidy paid by LPs to users and arbitrageurs, not a sustainable security model.
Evidence: The $190M Nomad hack. It was not a sophisticated cryptographic attack. It was a race condition exploit in the fraud proof mechanism, demonstrating how optimistic assumptions fail under adversarial pressure. The bridge's speed became its vulnerability.
WHY OPTIMISTIC BRIDGES ARE A SUBSIDY FOR ATTACKERS
Bridge Security Model Comparison
A first-principles comparison of dominant bridge security models, quantifying the economic and operational trade-offs that define systemic risk.
| Security Feature / Metric | Optimistic (e.g., Across, Hop) | Light Client / ZK (e.g., IBC, zkBridge) | Liquidity Network (e.g., Chainlink CCIP, LayerZero) |
|---|---|---|---|
Trust Assumption | 1/N of M-of-N honest relayers | Cryptographic verification of state | Decentralized Oracle Network (DON) consensus |
Challenge Period (Vulnerability Window) | 30 min - 7 days | ~0 seconds (instant finality) | ~0 seconds (pre-attested) |
Capital Efficiency for Attack | Low. Requires bond > transferred value for duration of challenge window. | Prohibitively High. Requires breaking cryptography (e.g., forging a zk proof). | High. Requires compromising >1/3 of DON nodes simultaneously. |
Economic Finality Time | Challenge Period + 1 block | Source Chain Finality + Proof Generation (~2-20 min) | Source Chain Finality + DON Attestation (~2-5 min) |
User Subsidizes Security? | Yes. Attackers can repeatedly attempt fraud, forcing honest relayers to repeatedly lock capital. | No. Security is cryptographic; cost is fixed protocol fee. | No. Security is amortized across the DON and paid via service fees. |
Canonical Asset Support | True | True | True |
Native Gas Abstraction | False | False | True |
Programmable Payloads (Arbitrary Messaging) | False | True | True |
deep-dive
THE VULNERABILITY
Deconstructing the Subsidy
Optimistic bridges create a systemic, quantifiable subsidy for attackers by design.
The challenge window is a bounty. Optimistic bridges like Across and Hop Protocol require a delay for fraud proofs. This period is a free option for attackers to exploit price discrepancies or chain reorganizations without immediate risk, subsidizing their operations with protocol capital.
Capital efficiency funds the attack. The optimistic security model requires less locked capital than a fully-backed system. This 'efficiency' directly reduces the attacker's cost of capital, lowering the economic barrier to mounting a profitable attack on the bridge's liquidity pools.
The subsidy is quantifiable. The attack ROI is the profit from an exploit minus the capital cost during the challenge period. For a $10M pool with a 7-day window, an attacker needs to lock only the potential penalty, not the full sum, creating a leveraged attack vector absent in ZK-based or native systems.
Evidence: The Nomad bridge hack exploited this model, where a failed fraud proof and low capital requirement led to a $190M loss. This demonstrated that the optimistic delay is not just a feature but a priced-in vulnerability.
case-study
THE ATTACKER'S ARBITRAGE
Case Studies in Deferred Verification
Optimistic bridges trade finality for speed, creating a systemic risk window that sophisticated actors exploit for profit.
01
The Wormhole-Nomad $200M Heist
The 7-day challenge period on Nomad's optimistic bridge was a known vulnerability. An attacker found a single bug, executed a copy-paste exploit, and drained funds before the fraud proof mechanism could react. This highlights the asymmetric risk where a single failure can compromise the entire system's TVL.
- Vulnerability: Single bug in message verification.
- Impact: $200M+ drained in hours.
- Lesson: Long windows turn bridges into honeypots.
7 Days
Vulnerability Window
$200M+
Capital at Risk
02
The Arbitrum-Nitro Upgrade Dilemma
While a rollup, Arbitrum's ~1-week exit period for its AnyTrust chains (like Nova) functions as an optimistic bridge to Ethereum. This creates a liquidity subsidy: LPs must lock capital to provide instant withdrawals, while attackers can freely probe for faults. The economic cost of securing fast liquidity is borne by honest users.
- Mechanism: Fraud proofs secure a fast withdrawal pool.
- Cost: LP capital is idle >99% of the time.
- Result: Users pay for attacker insurance.
~1 Week
Challenge Period
>99%
LP Idle Time
03
Across Protocol's Optimistic Relayer Model
Across uses an optimistic verification layer with a 2-hour challenge window, secured by a bonded relayer and UMA's oracle. This shorter window reduces risk but still creates an arbitrage opportunity: relayers can front-run or censor transactions if the economic penalty is less than the MEV potential. The system's security is a direct function of its bond size.
- Window: 2-hour optimistic delay.
- Security Model: Bonded relayers + oracle fallback.
- Risk: MEV extraction vs. bond slashing.
2 Hours
Challenge Window
Bond-Sized
Security Budget
04
The Polygon Plasma Exit Games
Polygon's original Plasma-based bridge required a 7-day challenge period for exits. This led to chronic liquidity fragmentation: users avoided the bridge due to slow withdrawals, while attackers continuously tested exit fraud. The model failed because it externalized security costs onto users, who then abandoned the system.
- Legacy Model: 7-day exit challenge period.
- Failure Mode: User abandonment due to latency.
- Outcome: Pivoted to ZK-based (zkEVM) security.
7 Days
Exit Period
High
User Friction
counter-argument
THE SUBSIDY
The Rebuttal: "It's Good Enough"
Optimistic bridges' security model creates a systemic subsidy for attackers, making large-scale theft inevitable.
The security subsidy is explicit. Optimistic bridges like Across and Nomad rely on a watcher network to flag fraud. This creates a positive expected value (EV) for attackers: the cost of a successful attack is the bond, but the reward is the entire bridge TVL. This is a direct subsidy for sophisticated adversaries.
Watchers are not validators. Unlike proof-of-stake chains where validators slash each other, watchers have no skin in the game. Their incentive is a small bounty for reporting fraud, which fails against zero-day exploits or sophisticated MEV-based attacks that front-run watcher transactions.
The delay is the attack surface. The challenge period (e.g., 20 minutes) is not a security feature; it is the vulnerability window. Protocols like Arbitrum use this model for rollups because the state is verifiable. Bridges move opaque assets, making fraud proofs economically impractical for users to verify.
Evidence: The $190M Nomad hack. The exploit was a public, replayable transaction. The watcher system failed catastrophically because the economic design did not align incentives. Attackers were subsidized by the protocol's own mechanics, turning a bug into a free-for-all.
takeaways
OPTIMISTIC BRIDGE VULNERABILITIES
Key Takeaways for Builders
Optimistic bridges trade security for speed, creating a systemic risk that subsidizes sophisticated attackers at the protocol's expense.
01
The Free Option Problem
The challenge period is a free, at-the-money put option for attackers. They can execute a fraudulent withdrawal and only lose gas if caught. This creates a perverse incentive where honest users subsidize the attacker's potential upside.
- Economic Mismatch: Attacker risk is capped at gas fees; protocol risk is the full stolen amount.
- Asymmetric Payoff: Creates a profitable strategy even with a low probability of success.
0 Cost
Attacker Downside
Uncapped
Protocol Downside
02
The Capital Inefficiency Trap
Optimistic models like Across and Nomad require massive, idle capital reserves (bonded collateral) to secure a fraction of that value in transit. This creates a negative-sum game for liquidity providers.
- Low Capital Efficiency: ~10x over-collateralization is common to cover challenge periods.
- Yield Compression: Security costs are socialized, crushing LP returns and creating fragile liquidity.
10:1
Collateral Ratio
-90%
Capital Utility
03
The Liveness-Security Tradeoff
You cannot have fast, cheap, and secure withdrawals. A 7-day challenge period (e.g., early Optimism) is secure but useless for UX. Shortening it to ~1 hour (e.g., some modern implementations) dramatically increases settlement risk.
- Fundamental Trilemma: Choose two: Fast, Cheap, Secure.
- Attack Window: A shorter challenge period must be secured by more expensive, active watchtowers.
7 Days
Secure Window
1 Hour
Risky Window
04
Intent-Based Bridges as a Solution
Architectures like UniswapX and CowSwap solve this by removing the bridge's custodial role. They route user intents via a network of solvers who compete to fulfill cross-chain swaps atomically.
- No Bridge Capital: Solvers post bonds, but users never face custodial risk.
- Atomic Completion: Eliminates the fraudulent withdrawal vector entirely, moving risk to solver competition.
0
User Custodial Risk
Atomic
Settlement
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall