Blockchain Bridges: The Obvious Benefits And Not So Obvious Risks

Long gone are the years when Ethereum was the only viable network for developers. Modern blockchains are slowly but surely catching up, whether it’s BnB Chain, Solana, Avalanche, Cardano, or forks like PulseChain. Whether we want to unify or disperse these ecosystems, blockchain needs bridges.

Or at least, interoperable solutions. Out of all options, bridges might be the most controversial. If you search for the most expensive DeFi attacks of all time, bridges make most of the list.

Namely, Wormhole, Ronin, Harmony, and Nomad lost $1.3B worth of ETH, all in 2022. Is it a coincidence? For the Ethereum co-founder, bridges are far from risk-free, and bigger losses will follow as the next bull market starts and further motivates attackers.

So even if we can design around those risks, we might not discover them until millions of tokens are again stolen.

Should we even use bridges instead of other interoperability tools? Or will we discover the perfect bridge system before it’s too late?

Let’s start with the basics to find out.

Quick Takes:

• Blockchain bridges are decentralized platforms that enable the transfer of data and tokens across blockchains. Without this interoperability solution, platforms can’t interact with others unless they’re from the same network or machine (e.g. EVM).
• Developers have designed several bridge types to manage its inherent risks. Besides being a multiple-point-of-failure with liquidity issues, a bigger flaw is the anti-network effect.
• While they aren’t the only solution, bridges are by far the most expensive one when things go wrong. Developers should at least consider limiting the data format supported or allow bridging only for the most robust, time-tested networks.

Bridges: Interoperability in a Multichain World

Bridges are meant to give users the flexibility to transfer their assets to the most convenient blockchain at any given time. For developers, this is an opportunity to build decentralized applications (dApps) on other chains for a newer market. Even if those dApps are almost identical to existing ones on Ethereum, there still is product market fit.

Why? For the same reason crypto investors diversify their assets, it’s wise to diversify balances across different chains. Maybe Ethereum Mainnet becomes congested during the next Bitcoin halving, which could mean 10x more fees and transaction time.

Would you rather switch to another chain with the best cost-efficiency that doesn’t have as many dApps as Ethereum? Probably not.

But if there were a seamless bridge between both chains, it would speed up dApp development on the new chain, attracting more users, and also reduce congestion from networks like Ethereum.

Blockchain Bridge Definition

By definition, blockchain bridges are that enable the transfer of data and/or digital assets between separate networks. It’s the seamless exchange between blockchains where the bridge ensures the trust (or trustlessness) and integrity of transactions.

At its core, the bridge is a dApp built on one blockchain (sender) that verifies and sends tokens to your other address in the second chain (receiver). When you build the same dApp on this second chain, you have a two-way bridge.

Both dApps are independent of each other and have slight differences because of the networks. The most seamless bridges among sub-chains (Ethereum-Arbitrum) or compatible chains (BnB Chain, Avalanche, Pulsechain, Polygon, Ethereum). For example, the EVM (Ethereum Virtual Machine) is a software environment that allows the easy deployment of dApps on other chains from this environment.

E.g. It’s easier to secure a bridge between Ethereum and Avalanche (EVM) than Solana (non-EVM).

Key Components: How Bridges Work

From the blockchain bridge definition, we know that to transfer tokens across networks, we need:

• One bridge dApp on each blockchain
• Core smart contracts for each side of the bridge (which are autonomous programs that manage tokens without human intervention)
• An inter-chain layer that connects both (the actual bridge)

Because both blockchains are different, there will be different smart contracts to manage tokens on each side. For example, the bridge on blockchain A might lock and unlock tokens when you deposit. The bridge on blockchain B could do the same or use another method, like generating or destroying tokens on deposits or withdrawals.

After you deposit tokens into the bridge, contracts have to find and verify that transaction. Once validated, they need a way to transfer this message to smart contracts on the other chain. This is a lot simpler to automate when both networks are compatible with the same virtual machine (e.g. EVM).

Assuming they’re not, there are two other ways to create this inter-chain layer. Either use a built-in peer-to-peer (P2P) validator network or a third-party decentralized oracle. 

While not technically a bridge, Polkadot is one example of the former. It works as a central blockchain that connects to many others. These blockchains still have their own validators for on-chain operations, but to transfer data to other networks, they use the Polkadot validators.

Decentralized oracles are the simplest solution when done right. Tellor and Fetch are P2P networks of “data reporters” with the incentive to provide the most accurate and recent data for other blockchains to import. This could be market stats like prices, real-world data like weather, or transaction details from other blockchains.

E.g. After you deposit, the first bridge sends your details to an oracle and once verified, it sends them to the second bridge and triggers smart contracts.

This is called off-chain validation and isn’t secured by the blockchain. These oracles have to be decentralized to prevent manipulation.

Types of Blockchain Bridges

Bridges are simple in practice but complex in their development. There’s no standard way of building one, among other reasons, because each network is a different ecosystem/ consensus model/ language. And bridge dApps can belong to different “types” simultaneously.

Without getting too technical, here are four valid classifications.

By bridge (de)centralization:

• Trustless: Bridges like Ren, Thorchain, and Celer transfer assets without central entities. Instead, they use decentralized validators and self-executing programs.
• Trusted/Federated: Bridges like WBTC's (originally), Wanchain, and Ronin Bridge have very few validators or one company verifying every transfer. For this reason, they’re scalable but not so secure.

By bridge network utility:

• Layer 1 (Multichain): Bridges like Polkadot, Cosmos HUB, and Pulsechain Bridge serve to connect primary blockchains to each other. Especially non-EVM ones.
• Layer 2 (Scalability Solutions): Bridges like Polygon and Arbitrum connect to Ethereum to further help its scalability. Layer 2 blockchains leverage the ecosystem while Ethereum benefits from their transaction efficiency.

By bridge exchange method: 

• Lock and Unlock: Bridges like Threshold tBTC and Sovryn keep your tokens in a trustless wallet when you transfer. Then, they release equivalent tokens from another in the second chain to your address. The risk is that these may not be 100% trustless and someone might access those wallets.
• Burn and Mint: Bridges like BnB Smart Chain and Avalanche “exchange” tokens by creating and destroying them every time. For example, sending to Avalanche burns BnB and generates an equivalent like wBnB. The risk is that someone could find an exploit to infinite-mint tokens and devalue yours.
• Atomic Swap: Bridges like Thorchain and Komodo can exchange tokens from any blockchain that uses the same scripting language and hash algorithm. They swap tokens for another currency of equivalent value/quantity on the second chain. They’re limited to compatible networks mostly.

By bridge verification type:

• Natively Verified: Bridges like Thorswap, and Anyswap verify transactions with validators from the native or destination blockchain.
• Externally Verified: Bridges like Razor Network and Paraswap have 3rd-party data providers to validate transactions.
• Locally Verified: Bridges like Hop or Connext have validators exclusive to their dApp. These could either be the same validating from different blockchains or organized groups by networks.

Other classifications are:

• By convertibility: one-way and two-way bridges.
• By purpose: asset-specific (tBTC), chain-specific (Ronin), app-specific (Celer), and generalized bridges (Orbit).

You may wonder: Why are there so many different bridges? It’s possible that they’re specializing in use cases, but for the most part, they’re just different ways of managing the risks of interoperability. It’s unlikely that we’ve yet discovered the best bridge type. Here, best means trustless, extendable, and generalizable.

Some call it the interoperability trilemma. It shares similarities with the blockchain trilemma, which compares centralization to security and scalability. But essentially, the ideal cross-chain bridge would transfer any kind of data from any blockchain, where each of them has equivalent security to prevent weak links for this bridge.

In practice, no blockchain technology is created equal. And if bridges can’t reach all three absolutes, the best one to leave out is extensibility. There’s no need in linking all networks to one bridge, and having multiple— although intricate— can prevent potential hacks from spreading to other networks.

Benefits: Why Use Blockchain Bridges?

The benefits of blockchain bridges are similar to those of any interoperable solution:

• Lower network congestion, better efficiency: Ethereum still is the largest dApp ecosystem, and many stay even if (sometimes) it means +$100 fees and hours for transactions to go through. But what if you have a similar ecosystem on Polygon, Arbitrum, or Pulsechain, that’s low-cost and faster? These bridges can reduce traffic on big networks (for good) until they upgrade their capacity, all while supporting smaller networks. Network congestion will still occur, but less often and for shorter.
• More liquidity: Bridges make it easier to direct transaction volume from smaller to larger ecosystems and the other way around. If the switch is easy and inexpensive, then arbitrageurs can quickly cover any market inefficiencies and balance all blockchains.
• More dApp innovation: It’s difficult for smaller ecosystems to innovate because there are many foundational dApps that they lack and have to reinvent. Especially for EVM networks, bridges make it easier to replicate those dApps, so there’s less time wasted on basic tools and more invested in whatever developers want to specialize in. The large ecosystem is the reason Ethereum and its forks (e.g. Pulsechain) have and will lead dApp innovation.
• Overall decentralization: Users no longer need to rely on the best blockchain when they can seamlessly switch among them. Developers can also leverage the best of each network, similar to the way globalization has improved supply chains. The more networks linked, the more developers and users are available for either side.

But are the bridge benefits enough to compensate for not-so-obvious risks?

Risks of Blockchain Bridges

We know blockchain bridges can be complex. There are countless variants, each of them with two big challenges. To solve the interoperability trilemma and to connect networks that have their own blockchain trilemma.

Simply put, complexity is risky. Here are some risks associated with bridges:

• The Anti-network Effect: Mentioned by Vitalik Buterin, it means that security risks are inversely proportional to the bridge volume and size. No one wants to 51%-attack Ethereum just to steal 100 ETH, but if the bridge has 1M ETH, things change. If it doesn’t incentivize outside attackers, there may arise conflicts of interest among validators. The Anti-network effect refers both to increasing trading volume and the number of networks connected.
• Conflicts of interest/ Malicious operators: Since there’s no perfect communication among blockchains, it’d be unrealistic if there wasn’t some* human involvement. Bridges often rely on P2P validation and proof-of-stake models, which favor big holders and don’t incentivize smaller ones enough. With millions in daily volume, these could coordinate 51% of the network to steal user funds while following the rules.
• Single point of failure: When you have dozens of blockchains connected to the same bridge, the failure of a single one is enough to affect the others. If one network bridge uses lock-unlock, the tokens might no longer be backed 1:1 when you transfer back (e.g. 60 instead of 100 ETH). If on another network it’s mint and burn, attackers might have found an infinite-mint glitch and sold until the token is worth ~$0. 
• Unbalanced liquidity: While it’s good to easily transfer liquidity across blockchains, it’s likely to magnify existing issues. If Ethereum is particularly congested today, users would switch to a scalable network with a similar ecosystem. It eases the congestion, but there isn’t enough liquidity on Ethereum to back as many orders as before. For holders, this may affect ETH prices and rewards from staking/lending/pools/yield farming.
• More market volatility and dependency: The trade-off of connecting all blockchain ecosystems is more price dependency and factors that could destabilize the market. For example, coins ranked 100+ by market cap usually mirror Bitcoin’s big movements with 3x-10x magnitude and 1-2 weeks of lag. If this bridge doesn’t gather enough liquidity, Bitcoin would instead move all token prices instantly, which becomes essentially leverage trading.
• Bridge failure/paused: In DeFi, we assume that dApps always run 24/7 because of blockchain validators. But this bridge could be locally verified, halted due to cyber-attacks, or even blacklisted by governments. This is critical for big dApps even when other bridges offer the same. If Uniswap halted for a week, a flash crash would be very likely.

In October 2022, the BnB Chain “lost” ~$100M worth of BNB from a mint exploit. So the 21 validators halted the network briefly until the issue was solved. How can you pause a decentralized dApp? Either you have too few validators or some secret admin tools.

• Admin keys: Classic. A governance-free dApp with no admin keys wasn’t trustless after all. Maybe developers hid those keys in the code, or they waited to get audited and then added them on the next update. Either way, admin keys allow developers to drain user funds and get away without consequence— better known as rug pulls.

Regardless of our control over those risks, it comes down to the anti-network effect. New risks will appear when you increase the stakes. Is it really a good idea to allow the free transfer of any data anywhere?

Are Bridges Worth The Risk?

There’s no doubt there's value in bridges as the solution to interoperability. But are they enough to offset the risks? In 2022, bridges lost about $2B in cyber-attacks. 

The number doesn’t include the times when funds were returned by attackers or retrieved by US authorities. Notably, a white hat hacker returned $610M to cross-chain dApp Poly Network as a way to bring awareness to those security flaws. Another $32M out of $190M was returned to Nomad Bridge. Besides bridges, other DeFi dApps share similar stories: Team Finance, Cream Finance, Clover Protocol, Akropolis.

Whatever benefits bridges bring to blockchain have so far come at a very steep price. Thankfully things have gone well for EVM-compatible networks like Polygon, Arbitrum, Optimism, and Pulsechain. For every other network, not so well.

Whether developers decide to look for other options or keep searching for the ideal bridge system, there are a few immediate solutions that can help to limit most risks.

One could be to simply not link reputable networks to experimental ones, or perhaps implement one-way bridges instead. Bridge operators could also limit the data they want to transfer. Maybe it’s just information, maybe it’s all tokens and contracts. 

But the most problematic approach is trying to connect all chains and data formats with a single bridge. If you have three networks per bridge across ten rather than one with thirty, you’re preventing a potential contagion and reducing complexity. Chances are the average trader isn’t using tens of blockchains anyway, and by specializing in a few, you’re less likely to miss on unintended features.