Cross-Chain Bridge

The most common bridging model where assets are locked or burned on the source chain, and an equivalent wrapped or synthetic version is minted on the destination chain. This requires a trusted custodian or decentralized validator set to hold the original assets.

• Example: Locking ETH on Ethereum to mint WETH on Avalanche.
• Key Concept: Represents assets as IOU tokens on the destination chain.

A decentralized model that uses liquidity pools on both chains. Users swap assets directly via these pools without a central custodian, facilitated by liquidity providers (LPs). Transfers are often secured by hash time-locked contracts (HTLCs).

• Example: Using a bridge that swaps USDC on Ethereum for USDC on Polygon via paired pools.
• Key Concept: Relies on economic incentives and cryptographic proofs rather than asset locking.

Bridges differ in how they verify and relay transactions, which defines their trust assumptions. The main models are:

• Federated/Multi-Sig: A defined set of trusted entities signs off on transfers.
• Light Client/Relay: Relayers submit cryptographic proofs (e.g., Merkle proofs) for verification.
• Optimistic: Assumes transactions are valid unless challenged during a dispute period.

This is the core security and decentralization spectrum for bridges.

Beyond simple asset transfers, advanced bridges enable arbitrary message passing. This allows smart contracts on one chain to trigger functions and state changes on another, enabling cross-chain decentralized applications (dApps).

• Example: A yield aggregator on Ethereum instructing a deposit into a lending protocol on Avalanche.
• Key Concept: Transfers data and instructions, not just token balances.

A critical distinction in bridge architecture:

• Canonical Bridge: The officially endorsed bridge for a blockchain's native assets (e.g., the Ethereum-Polygon POS bridge). The destination asset is the canonical representation.
• Wrapped Bridge: A third-party bridge that creates its own wrapped asset (e.g., Multichain's anyETH). This can lead to fragmentation, where the same underlying asset has multiple non-fungible wrappers on one chain.

Bridges are high-value targets due to concentrated liquidity. Primary risks include:

• Validator Compromise: Attackers gain control of the multi-sig or relayers.
• Smart Contract Bugs: Vulnerabilities in the bridge contracts on either chain.
• Economic Attacks: Manipulating oracle prices or exploiting liquidity pool imbalances.
• Censorship: Validators refusing to process withdrawal requests.

A cryptographic architecture where light clients (simplified blockchain verifiers) on each chain verify the state of the other. Relayers submit cryptographic proofs (like Merkle proofs) of transactions. This model aims for trust minimization by leveraging the underlying chains' consensus security, but it can be computationally expensive.

• Example: The IBC (Inter-Blockchain Communication) protocol used by Cosmos.
• Security Foundation: Depends on the security of the connected blockchains themselves.

A model inspired by optimistic rollups, where bridge operations are assumed valid unless challenged. A fraud proof window allows watchers to dispute invalid state transitions. This design improves efficiency but introduces a challenge period delay for withdrawals.

• Example: Nomad bridge (prior to its exploit) used an optimistic mechanism.
• Trade-off: Sacrifices finality speed for reduced on-chain verification costs, assuming honest watchers exist.

An advanced trust-minimized architecture where zero-knowledge proofs (ZKPs) are used to cryptographically verify the validity of the source chain's state transition. A light client only needs to verify a succinct ZKP, making it highly secure and efficient. This is considered the gold standard for decentralized bridges.

• Example: zkBridge, which generates proofs for Ethereum and other chains.
• Advantage: Provides strong cryptographic security with near-instant finality, though proof generation is computationally intensive.

A generalized architecture that enables the secure transfer of any data, not just tokens. These bridges allow smart contracts on different chains to call each other, enabling cross-chain composability. They often underpin more complex applications like cross-chain decentralized exchanges or governance.

• Example: LayerZero is a protocol for omnichain interoperability using this model.
• Core Function: Passes arbitrary payloads with configurable security guarantees (oracle and relayer sets).

Bridge security fundamentally depends on its trust model. Custodial bridges rely on a centralized entity or multi-signature wallet, creating a single point of failure. Trustless bridges use decentralized mechanisms like light clients or optimistic verification, but their security is tied to the underlying blockchains they connect. The choice involves a trade-off between speed/cost and decentralization.

Bridges are primary targets for exploits due to the complexity of their smart contracts. Common vulnerabilities include:

• Reentrancy attacks on deposit/withdrawal logic.
• Logic flaws in validation or relayer mechanisms.
• Upgradeability risks if admin keys are compromised.
• Oracle manipulation feeding incorrect price or state data. Notable examples include the Wormhole ($326M) and Ronin Bridge ($625M) exploits.

Many bridges depend on a set of external validators or relayers to attest to events on one chain and submit proofs to another. Risks include:

• Collusion attacks where a majority of validators act maliciously.
• Liveness failures if relayers go offline.
• Sybil attacks where an attacker creates many fake identities. Security scales with the number and independence of these participants, making permissioned sets a significant risk.

Bridges can be attacked by manipulating the consensus mechanisms of the connected chains. Key risks are:

• Long-range attacks on proof-of-stake chains to rewrite history.
• Reorg attacks where a blockchain reorganization invalidates a bridged transaction.
• Transaction ordering (MEV) exploits in bridge mempools.
• Insufficient economic backing for minted assets, leading to insolvency during a bank run.

Wrapped or synthetic assets minted by a bridge must maintain a 1:1 peg with the original asset. Risks include:

• Liquidity pool depletion on the destination chain's DEX.
• Minting cap exploits if the bridge's collateral is insufficient.
• Asymmetric information leading to arbitrage attacks. A broken peg can cause cascading liquidations and protocol insolvency, as seen in the Terra UST collapse.

Beyond protocol-level risks, users face operational threats:

• Phishing attacks on bridge frontend websites.
• Malicious token approvals that drain wallets.
• Network congestion causing stuck transactions and lost funds.
• Interoperability standard conflicts between different bridge message formats. Users must verify contract addresses, use hardware wallets, and understand the specific bridge's withdrawal guarantees.

A user experience paradigm that hides the complexity of interacting with multiple blockchains. It allows users to transact using assets from one chain while interacting with applications on another, often facilitated by underlying cross-chain bridges and messaging protocols. The goal is to make the multi-chain ecosystem feel like a single, unified network to the end-user.

A token on one blockchain that represents a native asset from another chain, created and managed by a bridge. Examples include Wrapped Bitcoin (WBTC) on Ethereum or Wrapped SOL (wSOL) on other chains. These assets are custodial or collateralized representations, where the underlying asset is locked in a vault on the source chain, enabling its use in the destination chain's DeFi ecosystem.