Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations (2403.00405v1)

Published 1 Mar 2024 in cs.CR

Abstract: Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how different architectures and their components are related to different vulnerabilities. Throughout this study, we have analysed 60 different bridges and 34 bridge exploits in the last three years (2021-2023). Our analyses identified 13 architectural components of the bridges. We linked the components to eight types of vulnerabilities, also called design flaws. We identified prevention measures and proposed 11 impact reduction measures based on the existing and possible countermeasures to address the imminent exploits of the design flaws. The results are meant to be used as guidelines for designing and implementing secure cross-chain bridge architectures, preventing design flaws, and mitigating the negative impacts of exploits.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (50)
  1. “Blockchain revolution: how the technology behind bitcoin is changing money, business, and the world” Penguin, 2016
  2. “A Survey on Blockchain Interoperability: Past, Present, and Future Trends” In ACM Comput. Surv. 54.8 New York, NY, USA: Association for Computing Machinery, 2021 DOI: 10.1145/3471140
  3. “Bridges Between Islands: Cross-Chain Technology for Distributed Ledger Technology” In 53rd Hawaii International Conference on System Sciences, HICSS 2020, Maui, Hawaii, USA, January 7-10, 2020 ScholarSpace, 2020, pp. 1–10
  4. “Global Web3 Security Report 2022”, 2023 URL: https://beosin.com/resources/Global_Web3_Security_Report_2022_.pdf
  5. Chainalysis “The 2023 Crypto Crime Report”, 2023 URL: https://go.chainalysis.com/2023-crypto-crime-report.html
  6. CertiK “HACK3D: The Web3 Security Report 2022”, 2023 URL: https://www.certik.com/resources/blog/2aHoafYEoeRguK2gE9fD1s-hack3d-the-web3-security-report-2022
  7. “Security Analysis of DeFi: Vulnerabilities, Attacks and Advances” In 2022 IEEE International Conference on Blockchain (Blockchain), 2022, pp. 488–493 DOI: 10.1109/Blockchain55522.2022.00075
  8. “SoK: Not Quite Water Under the Bridge: Review of Cross-Chain Bridge Hacks” In 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2023, pp. 1–14 DOI: 10.1109/ICBC56567.2023.10174993
  9. “Xscope: Hunting for Cross-Chain Bridge Attacks” In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, ASE ’22 Rochester, MI, USA: Association for Computing Machinery, 2023 DOI: 10.1145/3551349.3559520
  10. Briony J Oates “Researching Information Systems and Computing” Sage Publications Ltd., 2006
  11. team “pGALA post-mortem: measures taken to safeguard the ecosystem from malicious actors and recovery plan”, 2022 pNetwork URL: https://medium.com/pnetwork/pgala-post-mortem-measures-taken-to-safeguard-the-ecosystem-from-malicious-actors-and-recovery-6407048f4497
  12. Zhiyuan Sun “GameFi project Gala files $28M lawsuit against pNetwork”, 2023 Cointelegraph URL: https://cointelegraph.com/news/gamefi-project-gala-files-28m-lawsuit-against-pnetwork
  13. “How do bridges work”, 2022 Ethereum foundation URL: https://ethereum.org/en/developers/docs/bridges/#how-do-bridges-work
  14. “Enabling blockchain innovations with pegged sidechains” In URL: http://www. opensciencereview. com/papers/123/enablingblockchain-innovations-with-pegged-sidechains 72, 2014, pp. 201–224
  15. Maurice Herlihy “Atomic Cross-Chain Swaps” In Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing, PODC ’18 Egham, United Kingdom: Association for Computing Machinery, 2018, pp. 245–254 DOI: 10.1145/3212734.3212736
  16. “Protocol Architecture Risk”, 2023 Crosschain Risk Framework URL: https://crosschainriskframework.github.io/framework/20categories/20architecture/architecture/
  17. Odos “Cross-Domain Arbitrage Tracker”, 2023 Odos URL: https://www.odos.xyz/arbitrage
  18. “Burn and Mint”, 2023 Crosschain Risk Framework URL: https://crosschainriskframework.github.io/framework/20categories/20architecture/architecture/#burn-and-mint
  19. Circle “Cross-Chain Transfer Protocol”, 2023 Circle URL: https://www.circle.com/en/cross-chain-transfer-protocol
  20. SlowMist “Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking”, 2022 Slow mist URL: https://medium.com/coinmonks/truth-behind-the-celer-network-cbridge-cross-chain-bridge-incident-bgp-hijacking-52556227e940
  21. Poly Network “PolyBridge”, 2023 Poly Network URL: https://bridge.poly.network/
  22. THORChain “THORChain explorer”, 2023 THORChain URL: https://thorchain.net/dashboard
  23. Rekt “Ankr & Helio - REKT”, 2022 Rekt URL: https://rekt.news/ankr-helio-rekt/
  24. Bifrost “Post-mortem: BiFi-BTC illegal address registration”, 2022 Bifrost URL: https://bifrost.medium.com/post-mortem-bifi-btc-illegal-address-registration-c21ce3ba9fc8
  25. Rekt “Ronin Network - REKT”, 2022 Rekt URL: https://rekt.news/ronin-rekt/
  26. Rekt “Multichain - R3KT”, 2023 Rekt URL: https://rekt.news/multichain-r3kt/
  27. “QANX Bridge wallet disclosure analysis [continuously updated]”, 2022 QAN Platform URL: https://medium.com/qanplatform/qanx-bridge-wallet-disclosure-analysis-continuously-updated-724121bbbf9a
  28. Multichain “Anyswap Multichain Router V3 Exploit Statement”, 2021 Multichain URL: https://medium.com/multichainorg/anyswap-multichain-router-v3-exploit-statement-6833f1b7e6fb
  29. Rekt “Poly Network - REKT”, 2021 Rekt URL: https://rekt.news/polynetwork-rekt/
  30. Rekt “Wormhole - REKT”, 2022 Rekt URL: https://rekt.news/wormhole-rekt/
  31. “QANX Bridge disclosure analysis [continuously updated]”, 2022 QAN Platform URL: https://medium.com/qanplatform/qanx-bridge-disclosure-analysis-continuously-updated-849f7a91d05e
  32. Multichain “Multichain Contract Vulnerability Post Mortem”, 2022 Multichain URL: https://medium.com/multichainorg/multichain-contract-vulnerability-post-mortem-d37bfab237c8
  33. OffcierCia “Post Idea: Found a post-mortem on Zapper Polygon bridge attack, that authors have conducted together with Zapper.fi from their side: My Questions”, 2021 Smart Contract Research Forum URL: https://www.smartcontractresearch.org/t/post-idea-found-a-post-mortem-on-zapper-polygon-bridge-attack-that-authors-have-conducted-together-with-zapper-fi-from-their-side-my-questions/482
  34. Rekt “Nomad Bridge - REKT”, 2022 Rekt URL: https://rekt.news/nomad-rekt/
  35. Immunefi “Aurora Withdrawal Logic Error Bugfix Review”, 2022 Immunefi URL: https://medium.com/immunefi/aurora-withdrawal-logic-error-bugfix-review-c5b4e30a9160
  36. Rekt “THORChain - REKT”, 2021 Rekt URL: https://rekt.news/thorchain-rekt/
  37. Rekt “Qubit Finance - REKT”, 2022 Rekt URL: https://rekt.news/qubit-rekt/
  38. Rekt “Meter - REKT”, 2022 Rekt URL: https://rekt.news/meter-rekt/
  39. Rob Behnke “Explained: The Zenon Network Hack (November 2021)”, 2021 Halborn URL: https://www.halborn.com/blog/post/explained-the-zenon-network-hack-november-2021
  40. Rekt “THORChain - REKT”, 2021 Rekt URL: https://rekt.news/thorchain-rekt2/
  41. team “pNetwork Post Mortem: pBTC-on-BSC Exploit”, 2021 pNetwork URL: https://medium.com/pnetwork/pnetwork-post-mortem-pbtc-on-bsc-exploit-170890c58d5f
  42. Andrew Asmakov “Polygon Dodges 850⁢M⁢H⁢a⁢c⁢k,P⁢a⁢y⁢s⁢R⁢e⁢c⁢o⁢r⁢d850𝑀𝐻𝑎𝑐𝑘𝑃𝑎𝑦𝑠𝑅𝑒𝑐𝑜𝑟𝑑850MHack,PaysRecord850 italic_M italic_H italic_a italic_c italic_k , italic_P italic_a italic_y italic_s italic_R italic_e italic_c italic_o italic_r italic_d2M Bounty”, 2021 Decrypt URL: https://decrypt.co/83997/polygon-dodges-850m-hack-pays-record-2m-bounty
  43. Neptune Mutual “Decoding Omni Bridge’s Call Data Replay Exploit”, 2022 Neptune Mutual URL: https://medium.com/neptune-mutual/decoding-omni-bridges-call-data-replay-exploit-f1c7e339a7e8
  44. Ermyas Abebe “Security of Crosschain Transactions and Bridges”, 2022 Ethereum Engineering Group URL: https://www.youtube.com/watch?v=DJyEJVaXMNo%5C&list=PLNLh1EyDzSGPE8UHJBuKpHPnjdGWm2orL%5C&index=2
  45. Jieliang Yin “Improving Commit-Reveal Scheme and Proposer Builder Separation (PBS) for Better MEV Resistance”, 2023 Ethereum Foundation URL: https://www.notion.so/Ethereum-Grant-Proposal-Resisting-MEV-Attacks-via-Privacy-preserving-Techniques-and-Optimized-PBS-caddad881f9d4d9e901971b84275ca4b
  46. “Unity is Strength: A Formalization of Cross-Domain Maximal Extractable Value” In Arxiv, 2021 URL: https://doi.org/10.48550/arXiv.2112.01472
  47. Rekt “BNB Bridge - REKT”, 2022 Rekt URL: https://rekt.news/bnb-bridge-rekt/
  48. “Introducing Private Transactions On Ethereum NOW!”, 2019 Medium URL: https://tornado-cash.medium.com/introducing-private-transactions-on-ethereum-now-42ee915babe0
  49. Rekt “Harmony Bridge - REKT”, 2022 Rekt URL: https://rekt.news/harmony-rekt/
  50. “U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash”, 2023 U.S. Department of the treasury URL: https://home.treasury.gov/news/press-releases/jy0916
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now