General Message Passing (GMP)

Unlike simple token bridges, GMP protocols can transmit arbitrary data, including contract calls, state updates, and complex instructions. This enables cross-chain smart contract execution, allowing a contract on Chain A to trigger a function on Chain B.

• Example: A user on Ethereum can mint an NFT on Polygon via a single transaction.
• Core Component: The payload includes the destination contract address, function signature, and encoded parameters.

Messages are transmitted by a permissionless network of off-chain relayers. These nodes listen for events, package proofs, and submit transactions to the destination chain.

• Security Model: Relayers are economically incentivized and slashed for malicious behavior.
• Fault Tolerance: A decentralized set of relayers ensures liveness and censorship resistance, unlike a single centralized operator.

The destination chain verifies the message's authenticity using light client technology. Instead of trusting relayers, it cryptographically verifies that the message was finalized on the source chain.

• Mechanism: A light client contract on Chain B stores and updates the block headers of Chain A.
• Proof Verification: Relayers submit a Merkle proof that the message was included in a verified source chain block.

Users can pay transaction fees on the destination chain using tokens from the source chain, a feature known as Gas Abstraction or Gas Payment on Source.

• User Experience: Simplifies cross-chain interactions; users don't need to hold native gas tokens on every chain.
• Mechanism: The relayer pays the gas fee on the destination and is reimbursed from the user's sent assets on the source chain.

Advanced GMP systems include mechanisms for guaranteed message delivery and fallback execution to handle failed transactions.

• Automatic Retry: If execution fails (e.g., due to low gas), the system can retry with higher gas limits.
• Fallback Address: Users can specify a fallback address on the source chain to receive refunds if the destination call permanently fails.

When transferring value, GMP often integrates with a cross-chain liquidity network. This separates the messaging layer from the liquidity layer.

• How it works: The message instructs a liquidity provider (e.g., a Chainlink CCIP router, Axelar Satellite) on the destination chain to release tokens from a pooled reserve.
• Efficiency: Enables fast transfers without locking and minting assets on a bridge contract.

GMP security is defined by its trust model. Light client bridges (e.g., IBC) verify block headers and cryptographic proofs, assuming the underlying chain's consensus is secure. Oracle-based bridges rely on a committee of external validators to attest to events, introducing a social trust assumption in the honesty of the majority. Optimistic systems add a fraud-proof window, delaying finality but allowing challenges.

The core security primitive is how a destination chain verifies a message's origin. Key mechanisms include:

• Merkle Proofs: Prove inclusion of a transaction in a source chain block.
• ZK Proofs: Cryptographic proofs (e.g., zk-SNARKs) that verify state transitions without revealing all data.
• Attestation Signatures: Multi-signatures from a validator set confirming an event occurred.
• Fraud Proofs: Allow watchers to challenge invalid state transitions during a dispute window.

Many GMP systems use cryptoeconomic security to deter malicious behavior. Validators or relayers must stake native tokens as collateral. Provably malicious actions (e.g., signing conflicting messages) trigger slashing, where the stake is burned or redistributed. The security budget is directly tied to the total value staked, creating a measurable cost for attacks.

GMP requires active relayers to submit proofs and data. Without proper incentives, the system risks liveness failures. Solutions include:

• Fee Payment: Users pay fees in gas or the destination chain's token.
• Inflation Rewards: Protocols subsidize relayers from token emissions.
• Priority Gas Auctions: Relayers compete to include messages, paying gas themselves and being reimbursed. Mismanaged incentives can lead to centralized relayers or message censorship.

Common GMP attack vectors include:

• Signature Collusion: A malicious majority of oracle/validator keys authorizes a fraudulent withdrawal.
• Replay Attacks: Reusing a valid message on multiple chains.
• Time-Bandit Attacks: Reorganizing the source chain to invalidate a proven message.
• Congestion Attacks: Spamming the destination chain to delay or censor fraud proofs. Mitigations involve delay periods, nonce enforcement, source chain finality guarantees, and decentralized validator sets.

GMP protocols exist on a spectrum from trust-minimized to trusted. IBC is highly trust-minimized, relying only on the security of the connected chains. Multisig/Oracle bridges introduce a trusted committee. Liquidity Networks (e.g., some cross-chain DEXs) often have centralized upgradability and admin keys. The security assumption shifts from cryptographic verification to the honesty and competence of specific entities.

Arbitrary Message Passing (AMP) is the broader category of protocols that allow any data to be sent between chains. GMP is a specific, more advanced implementation of AMP that includes guaranteed execution of a target contract function, not just data delivery. Key differences include:

• AMP: Transfers raw data (e.g., an NFT URI).
• GMP: Transfers data and triggers a specific function call on the destination chain (e.g., mint an NFT).

Most cross-chain bridges are built using GMP protocols. They use GMP as the communication layer to lock assets on a source chain and mint representations or perform actions on a destination chain. For example:

• A bridge locks ETH on Ethereum.
• It uses a GMP protocol to send a message to Avalanche.
• A contract on Avalanche receives the message via GMP and mints wrapped ETH (WETH.e).

GMP relies on external networks of relayers and oracles to transport and verify messages. These are distinct but often integrated roles:

• Relayers: Handle the physical transmission of messages and payment of gas fees on the destination chain.
• Oracles: Provide the cryptographic proof (e.g., block headers) that the source transaction is valid and finalized. Networks like Axelar and LayerZero operate decentralized networks of both.

A critical feature of advanced GMP is gas abstraction, where the user doesn't need the destination chain's native token to pay fees. This is enabled by:

• GMP Paymasters: The relayer pays the gas fee in the destination chain's native currency.
• Fee Payment in Source Token: The user pays for the entire cross-chain operation (including destination gas) using only the source chain's token, which is automatically converted.

Leading GMP protocols provide the infrastructure for developers. Axelar uses a proof-of-stake validator set to reach consensus on cross-chain states, supporting arbitrary data and function calls. LayerZero employs an Ultra Light Node (ULN) model, where on-chain oracles and off-chain relayers work together to validate transactions, aiming for minimal trust assumptions.

GMP enables composability across chains, allowing developers to build applications that leverage the unique strengths of multiple ecosystems. Examples include:

• Cross-Chain DEXs: Swap a token on Chain A and receive a different token on Chain B in one transaction.
• Cross-Chain Lending: Use collateral on Ethereum to borrow an asset on Polygon.
• Omnichain NFTs: An NFT that can change its metadata or unlock features based on activity on another chain.