Bridging Protocol

The fundamental security assumption of a bridge, ranging from trust-minimized to federated. Native Verification bridges (e.g., IBC, rollup bridges) rely on the underlying blockchain's consensus for security. Federated/Multi-sig bridges use a predefined committee of signers, introducing a trusted third party. Externally Verified bridges employ an external network (e.g., a separate Proof-of-Stake chain) to validate state.

How assets are represented and moved across chains. Lock-and-Mint is the most common model: assets are locked in a vault on the source chain and equivalent wrapped tokens are minted on the destination. Liquidity Network models (e.g., some DEX-based bridges) use pooled liquidity on both sides, facilitating instant swaps without minting new tokens. Burn-and-Mint is used by some canonical bridges, where tokens are burned on one chain to trigger minting on another.

The method for communicating arbitrary data (beyond simple asset transfers) between chains. Arbitrary Message Bridges (AMBs) enable cross-chain calls for DeFi composability, governance, and NFT bridging. Key implementations include Optimistic verification (with a challenge period) and ZK light client verification (using cryptographic proofs). This is the core technology enabling cross-chain smart contract interactions.

The off-chain infrastructure that monitors events and submits data/transactions between chains. Permissionless Relayers allow any node to participate, often incentivized by fees (e.g., IBC). Permissioned Relayers are operated by the bridge protocol or a designated set, common in federated models. Relayers are a critical liveness component but are distinct from the bridge's trust model for security.

An advanced feature where a single liquidity pool on a destination chain (e.g., a DEX pool) can serve as the endpoint for multiple source chains via a canonical bridge router. This reduces fragmentation, improves capital efficiency for LPs, and provides consistent exchange rates for users bridging from different origins. Exemplified by bridges like Stargate.

A critical distinction in asset representation. A Canonical Bridge is the officially recognized, often native, bridge for moving an asset between two specific chains (e.g., the Arbitrum L1<>L2 bridge). The asset on the destination is considered the canonical representation. Wrapped Assets are created by third-party bridges; multiple wrapped versions (e.g., wBTC, renBTC) can exist on one chain, creating fragmentation and composability risks.

Also known as federated or custodial bridges, these rely on a centralized entity or a permissioned set of validators to secure the bridge's assets and validate cross-chain transactions. This model prioritizes speed and low cost but introduces significant trust assumptions.

• How it works: Users lock assets on the source chain; the bridge's operators mint equivalent wrapped assets on the destination chain.
• Security Model: Dependent on the honesty and security of the bridge operator(s).
• Examples: Early versions of the Binance Bridge, Wrapped Bitcoin (WBTC) on Ethereum (where BitGo acts as the custodian).

These bridges use cryptographic proofs and the underlying consensus mechanisms of the connected chains to operate without a trusted third party. Security is derived from the blockchains themselves.

• How it works: They rely on light clients or relay networks to verify state proofs from the source chain on the destination chain. Validators are economically incentivized and can be slashed for malicious behavior.
• Security Model: Trust is minimized to the security of the connected blockchains.
• Examples: The IBC (Inter-Blockchain Communication) protocol used by Cosmos, Near's Rainbow Bridge.

This architecture does not lock and mint tokens. Instead, it uses liquidity pools on both chains and a network of nodes to facilitate atomic swaps. It's often used for fast, low-value transfers.

• How it works: A user sends Asset A to a pool on Chain A. A liquidity provider on Chain B sends Asset B to the user. The nodes use hash time-locked contracts (HTLCs) to ensure the atomicity of the swap.
• Security Model: Relies on economic incentives of liquidity providers and the cryptographic security of HTLCs.
• Examples: Connext, Hop Protocol.

Inspired by optimistic rollups, this model introduces a challenge period during which transactions can be disputed. It assumes transactions are valid by default, reducing immediate verification costs.

• How it works: After a state root is relayed, there is a fraud-proof window (e.g., 7 days). During this time, anyone can submit cryptographic proof that the state transition was invalid.
• Security Model: Security relies on the presence of at least one honest watcher to submit fraud proofs.
• Examples: Nomad (prior to its exploit), some implementations of Chainlink CCIP.

Many modern bridges combine multiple architectural elements to balance security, speed, and cost. They often use a decentralized validator set for attestations but may employ optimistic mechanisms for certain functions.

• How it works: A bridge might use a proof-of-stake validator set to sign off on state, but only settle transactions after a short delay to allow for fraud challenges.
• Security Model: A multi-layered approach that aims to inherit strengths from different models.
• Examples: LayerZero's configuration (using Oracle and Relayer), Wormhole's Guardian network with optional optimistic finality.

The most cryptographically secure model, where one chain directly verifies the consensus proofs of another chain. This requires deep technical integration and compatible consensus algorithms.

• How it works: A light client of Chain B runs as a smart contract on Chain A, continuously verifying block headers and Merkle proofs of transactions.
• Security Model: Trust is reduced solely to the cryptographic security of the two chains, with no external validators.
• Examples: The Cosmos IBC is the canonical example. Ethereum's upcoming Ethereum Light Client on Cosmos is another.

The underlying communication layer that enables bridging protocols. It involves the secure transmission of data and state (like token ownership or smart contract calls) between distinct blockchains. Protocols like LayerZero and Wormhole provide generalized messaging frameworks upon which asset bridges are built.

• Generalized vs. Asset-Specific: While bridges transfer assets, messaging protocols can transfer any arbitrary data.
• Relayers & Oracles: These are the network participants responsible for observing and forwarding messages between chains.

The core security model defining who or what you must trust for a bridge to operate correctly. This is the primary classification for bridge types.

• Trusted (Custodial): Users trust a centralized entity or federation to hold assets and validate transfers. Example: Binance Bridge.
• Trust-Minimized: Relies on cryptographic proofs and decentralized networks. Sub-categories include:
  • Light Client/Relay Bridges: Use on-chain light clients to verify the source chain's consensus (e.g., IBC).
  • Optimistic Bridges: Introduce a challenge period for fraud proofs (e.g., Nomad).
  • ZK-Bridges: Use zero-knowledge proofs to cryptographically verify state transitions.

A bridging approach that uses atomic swaps and routed liquidity pools instead of minting/burning wrapped assets. Protocols like Connext and Hop Protocol create a network of liquidity providers on each chain.

• How it works: A user's assets are swapped for the bridge's liquidity pool assets on the source chain, and a corresponding swap occurs on the destination chain.
• Key Benefit: Reduces custodial risk, as assets are never centrally locked in a single bridge contract.
• Challenge: Requires sufficient liquidity depth on both sides to facilitate large transfers.

Defines the nature of the asset received on the destination chain.

• Canonical (Native) Assets: The original asset exists natively on both chains (e.g., USDC on Ethereum and USDC on Avalanche via the native Circle bridge). This is the most desirable form as it maintains fungibility across all applications.
• Wrapped (Synthetic) Assets: The bridge mints a new, derivative token on the destination chain (e.g., wormholeUSDC). These are IOUs backed by the locked canonical assets on the source chain. They introduce depeg risk and liquidity fragmentation, as wormholeUSDC and circleUSDC are not the same token.

A formal specification that allows different blockchains and applications to communicate in a predictable way. The most prominent is the Blockchain Interoperability Alliance and standards like IBC (Inter-Blockchain Communication Protocol).

• IBC: A TCP/IP-like protocol for sovereign chains, defining packet structures, handshakes, and proof verification. It is the standard for the Cosmos ecosystem.
• XCMP (Cross-Chain Message Passing): The native messaging protocol for Polkadot parachains.
• CCIP (Cross-Chain Interoperability Protocol): Chainlink's proposed standard for generalized cross-chain messaging and computation.

The critical risks and historical failure modes associated with bridging protocols. Bridges are high-value targets, with over $2.5 billion stolen in exploits as of 2023 (source: Chainalysis).

• Common Attack Vectors:
  • Validator Compromise: Gaining control of the multi-sig or oracle network.
  • Smart Contract Vulnerabilities: Bugs in the bridge's minting or locking logic.
  • Signature Verification Flaws: Accepting fraudulent transaction proofs.
• Notable Examples: The Ronin Bridge hack ($625M) and Wormhole exploit ($326M) highlight the catastrophic impact of centralization and code vulnerabilities.