The working principle of 9 cross-chain bridges and their security

After a series of devastating hacks, are cross-chain bridges safe?

Cross-chain bridges play an integral role in a multi-chain world by enabling data and funds to flow freely between blockchains. However, these cross-chain bridges have been subject to controversy over the past few months following a series of damaging hacks.

On August 2, hackers stole over $190 million from Nomad, the cross-chain bridge between Ethereum and Moonbeam. Combined with this latest hack, Defi cross-chain bridge users have lost nearly $2 billion in less than 12 months.

This article is not intended to recommend which bridges to use, but rather to state the facts in order to help users make an informed choice. In this article, we will detail the pros and cons of each cross-chain bridge and how they actually work.

The working principle of 9 cross-chain bridges and their security

How to classify cross-chain bridges: by transmission type

  1. Lock & Mint Examples: Polygon official bridge, StarkNet official bridge, Shuttle. 
  2. Token Issuer Burn & Mint MakerDao, Arbitrum Teleport. 
  3. Specialised Burn & Mint Hop, Debridge. 
  4. Atomic Swap Stargate. 
  5. Third Party Networks/Chains Thorchain. 

Cross-chain bridges are distinguished in two types: transport type and trust assumption type. Let’s start with the transmission type. The cross-chain aggregation protocol Lifi identifies three main types of cross-chain bridges based on the type of transfer. Because the demarcation line is a bit blurry, it can actually be divided into five types.

Lock & Cast

The simplest and most common cross-chain bridge involves locking and minting tokens and burning them. The following is the work flow chart:

The working principle of 9 cross-chain bridges and their security

When the asset is cross-chain, the token from the source chain is locked into the smart contract of the cross-chain bridge, and then a new version is generated on the target chain, which can be a mapping token & a standard token.

  • Wrapped token: It will maintain a 1:1 anchor with the native token.
  • Standard token (canonical token): refers to the native token circulating on each chain.

Both tokens are minted with their underlying assets fully collateralized. When assets go back across the chain, the new token is burned on the target chain, and the native token is then unlocked/released on the source chain. This formula is very common: most “official” layer1>


100% collateral backs the target chain token, making scale possible.


  • The smart contracts on the source chain are easy to become the target of hackers. If the funds of the source chain are stolen, the token of the target chain may be worthless. The hacker attacks targeted cross-chain bridge smart contracts that hold a large number of tokens. For example, in March 2022, hackers used the Ronin Bridge vulnerability to steal $600 million.
  • Projects and applications on the target chain rely on this cross-chain bridge, and are hampered by cross-chain bridge operators in terms of security, runtime, cost, and more. This is also known as “lock in problem”.
  • Slow cross-chain speed – when it comes to cross-chain from Polygon to Ethereum or from StarkNet/Ex to Ethereum, users may be willing to wait a few hours, but for cross-chain on OP rollups such as Arbitrum and Optimism, users are not willing to wait a few days.

Burned & minted by the token issuer

This approach is slightly different, and it provides liquidity across chains by incentivizing token issuers. In other words, token issuers can step in when trying an OP rollup for a longer challenge period, rather than relying on third parties to “provide” liquidity.

The working principle of 9 cross-chain bridges and their security

For example, the MakerDao Arbitrum Teleporter. MakerDAO enables Wormhole to quickly obtain cross-chain asset DAI when it cross-chain from Arbitrum back to Layer 1. In this case, the MakerDAO protocol tracks the final settlement of funds in the background through a network of oracles.


This approach removes friction costs for the most users, while also providing security for publishers (such as the MakerDao protocol) through fraud prevention redundancy when the oracle network is offline.


If the MakerDao Arbitrum Teleporter is exploited, bad debts are generated within Dao (such as MakerDao), and the token issuer needs to bear the risk of liability. 

Specific Burning & Casting

Some cross-chain bridge protocols combine a “burn and mint” model with AMM liquidity pools. This liquidity pool can contain two or more assets, including specially minted cross-chain assets. Importantly, just like Lock and mint bridges, this model facilitates rapid asset cross-chain and back-to-source chain between Layer 2 and other chains. deBridge Finance and HOP fall into this category. When users lock ETH on a layer of Ethereum, deBridge mints specific cross-chain bridge tokens (such as deETH) on Arbitrum and other chains.

The working principle of 9 cross-chain bridges and their security

As far as deETH itself is concerned, it has few use cases on Arbitrum, as there are other forms of ETH that are more widely used in the ecosystem. Liquidity providers can deposit a combination of ETH and deETH into the DeBridge liquidity pool, and can also (at Curve Factory) receive transaction fees and arbitrage opportunities from cross-chain bridge users. Cross-chains are then setup/initialized by minting specific cross-chain bridge tokens on each chain, and then via the AMM liquidity pool.

When a user wants to cross-chain USDC from one Layer2 to another (eg, between Arbitrum and Optimism), the user’s Arbitrum USDC is first exchanged for deUSDC using the AMM pool on Arbitrum, then deUSDC is burned on Arbitrum and Casting on the OP. The final step is to exchange deUSDC for USDC using the AMM pool on Optimism. The amount of USDC locked in the Layer1 cross-chain bridge contract remains the same throughout the process, which means that deUSDC on Arbitrum and Optimism is still 100% collateralized and fully redeemable for Ethereum locked USDC.

When slippage occurs in the AMM pool (when deUSDC or USDC is removed or added from the pool), external LPs rebalance the liquidity pool by depositing or withdrawing funds. In contrast, ordinary Lock&mint requires a longer waiting period when redeeming the collateral. Hop bridges work in much the same way, and both Hop and DeBridge have reward and punishment systems for node validators to ensure that cross-chain bridges operate within a certain service level agreement.


By using the specific cross-chain bridge assets in the AMM pool as an intermediate step in the cross-chain, the liquidity within the ecosystem can be effectively increased, and at the same time, LPs can earn arbitrage income due to slippage.


This method is more expensive for users because the AMM liquidity pool does not provide a 1:1 exchange rate, resulting in slippage. There are also risks to LPs that deposit funds in dedicated cross-chain bridge liquidity pools or hold cross-chain bridge assets (in the form of IOUs).

Atomic exchange

Atomic swap bridges leverage pre-existing standard/mapping tokens (eg USDC) that have been cross-chained to the target chain and pool these tokens in a single asset pool on the source and target chains.

The working principle of 9 cross-chain bridges and their security

When users use Stargate to cross-chain USDC from Ethereum to Polygon, USDC is deposited into the USDC pool controlled by the Stargate smart contract on the source chain, and withdrawn from the USDC pool on the target chain. This method can be thought of as “left hand over right hand”.

On the basis of the atomic exchange bridge, some bridges also add automatic market maker trading functions at the end to build additional services.


Users will no longer rely on the security of this cross-chain bridge to ensure token value preservation on the target chain. You can rely on another cross-chain bridge (in the case of a non-native token), or you can just hold the native token on the target chain. Asset transfers can also be very fast and cheap.


Since the target chain pool requires a large amount of tokens to scale, incentivizing token deposits through liquidity mining can be costly. The pool is also easily depleted when there is a lot of one-way traffic.

3rd party network/chain

It can be said that this type of transfer is not a cross-chain bridge at all, but a completely independent chain or network acting as an intermediate chain. When smart contracts and messaging are incompatible (such as the Bitcoin network), or when cross-chain protocols need to achieve generalization goals (such as cross-chain communication), a decentralized way to cross-chain assets requires a third-party network/chain to act as a Accounting and middle tiers. Such a network relies on a threshold signature system (node ​​network) on the source and target chains, and individual nodes need to be incentivized to guarantee honesty.


Third-party networks and chains enable more blockchains to cross-chain in a decentralized manner.


These cross-chain bridges need to deploy a lot of capital, one is to incentivize nodes on each chain to maintain honesty, and the other is to build a liquidity pool that requires constant injection of funds. These systems are also more complex in architecture, the most famous example being ThorChain, which suffered three hacks. In another case, third-party network Synapse prevented an $8 million hack by the end of 2021 after discovering unusual activity in its AMM pool.

Distinguish cross-chain bridges with trust assumptions

In addition to different transports, we also need to consider different trust assumptions.

The different levels of trustworthiness can be divided into the following categories:

  • Centralized Bridge: Binance to Arbitrum
  • Verification/Multisig Bridge: Wormhole, Axelar, Connext.
  • State Proof Bridges: StarkEx to Ethereum, ZKSync to Ethereum, Nomad, Hop, Axelar and Mina.
  • Protocol level bridge: Cosmos IBC.

Centralized bridge

Centralized bridges typically rely on unilateral signatures to process and control the flow of funds. For example, when you advance from Arbitrum to Binance, you are relying on Binance to credit your account with the funds stored in the smart contract.

Both Binance and Binance’s Arbitrum smart contracts require collateral to facilitate transfers. There is also no automatic failsafe if the operator goes offline.

Centralized bridges address the short-term need for quick transfers. However, they are opaque, not scalable or censorship resistant, and thus limited to simple cross-chains.

Validation/Multisig Bridge

These types of bridges are more secure than centralized bridges and have weaker trust assumptions.

It incentivizes several different types of agents to act as oracles to monitor activity on both ends of the bridge and report ongoing deposits/withdrawals. However, this mechanism requires a certain amount of trust in a centralized validator, which in most cases is nothing more than a basic multi-signature.

Because collateral is still required on both sides of the bridge, especially for infrequent cross-chain paths, this increases costs. So this solution either needs to be backed by large brick-and-mortar companies, or liquidity mining schemes are expensive.

This is an example of a Connext bridge.

The working principle of 9 cross-chain bridges and their security

State Proof Bridge

A proof-of-state bridge requires weaker trust assumptions than a validator. They prove state between chains, which means that validators do not need to act as oracles (these can be ZK proofs or optimistic proofs). Furthermore, the proof-of-state bridge does not need to trust any third party, although a repeater may still be required. No collateral is required on both sides of the bridge, as these state proof bridges can be used to securely lock assets on the source chain and then “mint” the assets on the destination chain.

State proof bridges can be slow, especially OP proof bridges like Nomad and Hop. As such, these projects often work with solutions that provide temporary liquidity while waiting for settlement across the cross-chain bridge. For example, Nomad has partnered with Connext. Hop’s waiting period for OP verification will incentivize LPs to provide liquidity in the short term.

This is the mechanism of the Hop Bridge.

The working principle of 9 cross-chain bridges and their security

Protocol level cross-chain bridge

Protocol-level cross-chain bridges are the most friendly to trust assumptions. Perhaps the most notable example of this is the Interworking Blockchain Protocol (IBC) in the Cosmos ecosystem. This is indeed a proof-of-state bridge, but it is also protocol level that can operate on different chains.

By implementing at the protocol level, you can:

  1. Completely eliminates the need for collateral on both sides of the bridge.
  2. Make sure all chains have the same assets to mint and burn.
  3. Standardize the interface on each chain.
  4. Reduce the risk of hacking of smart contract-based cross-chain bridges.

This is the visual interface of IBC:

The working principle of 9 cross-chain bridges and their security

In general, all mainstream public chains and ecosystems will adopt protocol-level cross-chains to maximize the liquidity and security of assets on the chain. Until now, the cross-chain bridge has failed to give a promise of asset security.

That doesn’t mean you can’t trust bridges: hacking attacks are still a small probability event, despite all the media coverage, and cross-chain bridges help users solve the problem of asset circulation between chains, albeit a difficult process (though is trying to solve this problem with its multi-chain feature).

Of course users also need to do some research. Before using a bridge, you should look at its type (using our guide above) and find out if it has been hacked in the past. With the continuous development of technology, bridge security is more usable and convenient, and this part of the work is also eliminated.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-09-25 11:04
Next 2022-09-25 11:06

Related articles