Third-Party Bridge

This defines who controls the assets during the bridging process.

• Custodial Bridges: Rely on a centralized entity or multi-signature wallet to hold the locked or minted assets on the source chain. Users must trust this custodian's security and solvency.
• Non-Custodial Bridges: Use smart contracts and cryptographic proofs (like optimistic or zero-knowledge proofs) to manage assets. Users retain control, with the bridge's code serving as the trusted intermediary.

Example: A custodial bridge might pool user funds in an exchange's wallet, while a non-custodial bridge like Hop Protocol uses bonded liquidity pools and automated market makers (AMMs).

Most bridges rely on liquidity pools to facilitate instant transfers without waiting for finality on the destination chain.

• Lock-and-Mint: Assets are locked in a smart contract on the source chain, and a wrapped, representative token is minted on the destination chain (e.g., Wrapped BTC on Ethereum).
• Liquidity Pool-Based: Users swap assets directly into a pool of liquidity on the destination chain. Bridges like Synapse and Hop use this model, which relies on liquidity providers (LPs) to fund the pools and earn fees.

This mechanism separates the bridge's liquidity security from the underlying blockchain's consensus security.

The security of a bridge is defined by its weakest trust assumption, which varies significantly by design:

• Federated/Multi-Sig: Trust is placed in a committee of known validators (a federation) who sign off on transfers. This is common but introduces a centralization risk.
• Optimistic: Assumes transactions are valid unless challenged within a fraud-proof window. This model, used by Nomad (prior to its exploit), aims for efficiency but has specific vulnerability periods.
• Light Client/Relay: Uses cryptographic proofs (like Merkle proofs) verified by a smart contract on the destination chain. This is more trust-minimized but computationally expensive. LayerZero's Ultra Light Node (ULN) is a variant of this.

These models create a spectrum from trust-based to cryptographically secure.

Modern bridges extend beyond simple asset transfers to enable arbitrary data and contract calls across chains.

• Arbitrary Message Passing (AMP): Allows smart contracts on one chain to trigger functions on a contract on another chain. This enables cross-chain DeFi composability, governance, and NFT bridging.
• Protocols like LayerZero and Axelar specialize in this generalized messaging. Instead of just minting a wrapped token, a bridge can instruct a destination chain contract to mint an NFT, execute a swap, or update a state.

This transforms bridges from simple asset pipes into cross-chain communication layers.

The process of observing an event on one chain and proving it on another requires off-chain infrastructure.

• Sequencer/Oracle: A network of nodes (often permissioned) that monitors source chain events, packages data, and submits proofs or transactions to the destination chain. This is a common centralization point and failure vector.
• Relayers: These are the agents that pay gas fees to submit the final transaction on the destination chain. They may be operated by the bridge team or incentivized third parties.

The security of the bridge is often contingent on the honesty and liveness of these external actors.

Bridges are sustained by economic models that pay for security, liquidity, and operations.

• Liquidity Provider (LP) Incentives: LPs deposit assets to enable instant swaps and earn fees from user transactions. They often receive bridge-specific governance tokens as rewards.
• Relayer/Validator Incentives: Nodes in the bridge's security or messaging network are compensated, often via fees or token emissions, to ensure liveness and honesty.
• Fee Tiers: User fees typically cover destination chain gas costs, bridge protocol fees, and liquidity provider fees. Some bridges implement dynamic pricing based on network congestion.

These incentives must be carefully balanced to ensure the system remains secure and liquid.

A third-party bridge's primary function is to lock or burn tokens on a source chain and mint or release corresponding wrapped or native tokens on a destination chain. This process, often called token bridging, enables assets like ETH, USDC, or NFTs to move between ecosystems (e.g., Ethereum to Polygon). The bridge acts as a trusted custodian or uses cryptographic proofs to secure the assets during transfer.

Bridges operate under different trust and security models:

• Lock-and-Mint/Custodial: Assets are locked with the bridge operator or a multi-sig, which mints wrapped tokens on the destination chain. Centralized but simple.
• Burn-and-Mint: Tokens are burned on the source chain, with a verifiable proof allowing minting on the destination chain.
• Liquidity Network/Atomic Swap: Uses liquidity pools on both chains; users swap assets via providers without a central custodian (e.g., Hop Protocol).
• Light Client/Relay: Relayers submit cryptographic proofs (like Merkle proofs) to verify state changes on the source chain, enabling trust-minimized transfers.

Third-party bridges are major attack vectors due to their centralization of value. Key risks include:

• Smart Contract Risk: Bugs in the bridge's locking, minting, or verification contracts.
• Custodial Risk: Compromise of the private keys controlling locked funds in a multi-sig or federated model.
• Validator Risk: Malicious or faulty relayers in proof-based systems.
• Liquidity Risk: Insufficient liquidity in pool-based models, causing failed swaps or high slippage.
• Economic Attacks: Manipulation of oracle prices or proof verification to drain funds.

Bridges serve as critical infrastructure for DeFi and NFT interoperability.

• Wormhole: A generic message-passing protocol that uses a network of guardians to attest to events, used by Solana, Ethereum, and others.
• Multichain (formerly Anyswap): A cross-chain router using a federation to manage locked assets across many chains.
• Axelar: A blockchain network providing a universal overlay for cross-chain communication via its proof-of-stake validators.
• Use Case: A user bridges USDC from Ethereum to Avalanche to access higher-yield farming opportunities, then bridges profits back.

Developers integrate bridges via SDKs and APIs to enable cross-chain functionality in their dApps. This involves:

• Front-end Integration: Adding bridge widget UIs (like Socket/Li.Fi) for users to select source/destination chains and assets.
• Smart Contract Interaction: dApp contracts may call bridge contracts to initiate transfers or verify incoming cross-chain messages.
• Message Passing: Using bridges like LayerZero or Celer's cBridge to trigger actions on a destination chain based on events on a source chain (e.g., cross-chain governance, NFT minting).

Bridge design often involves trade-offs between three properties, known as the Interoperability Trilemma:

• Trustlessness: Security equal to the underlying chains it connects. Truly trustless bridges are rare.
• Extensibility: Ability to support a wide range of assets and arbitrary data/messages.
• Generalizability: Ability to connect to many different blockchain architectures (EVM, Cosmos, Solana, etc.). Most bridges optimize for two, sacrificing the third. For example, a liquidity network may be trust-minimized and general but not easily extensible to arbitrary data.

A bridge where the validity of cross-chain transactions is verified by an external set of validators or a light client. This is the most common architecture for third-party bridges.

• Mechanism: Validators monitor the source chain, reach consensus on an event, and sign off to mint assets on the destination chain.
• Security Model: Trust is placed in the validator set's honesty and the robustness of its cryptographic multi-signature or threshold signature scheme.

The officially recognized and often most secure bridge for a blockchain ecosystem. It is typically a native bridge and establishes the 'canonical' representation of an asset on a new chain.

• Importance: DApps and protocols often mandate using the canonical bridge to ensure asset compatibility and reduce fragmentation.
• User Choice: Third-party bridges compete by offering better speed, lower fees, or access to more chains, but may involve wrapping canonical assets.

A token on a destination chain that represents a locked asset on a source chain. It is the primary output of most third-party bridge transactions.

• Mechanism: When bridging ETH to Avalanche via a third-party bridge, you receive wETH.e (wrapped Ether on Avalanche).
• Key Consideration: Wrapped assets from different bridges are not fungible; wETH from Bridge A is different from wETH from Bridge B, creating liquidity fragmentation.