Taking Hop, Connext, and Nomad as examples, this article details how Trustless bridges optimize capital utilization efficiency

Author: Hakeen, Marina, Evelyn, W3.Hitchhiker
Original Title: 《Trustless Bridges: Solving the Interoperability Crisis and Optimizing the Efficiency of Liquidity Utilization》

With the advent of the multi-chain era, the demand for interoperability among blockchain networks has been increasing. Since 2021, cross-chain bridges have experienced explosive growth. Cross-chain bridges can transmit "information," which includes not only assets but also smart contract calls, identity proofs, and state interactions. As of the end of April 2022, over 65 cross-chain bridges have emerged in the crypto world.

Cross-chain bridges can effectively address the issue of insufficient liquidity. In addition to playing a crucial role in asset transfer, cross-chain bridges can also solve the performance issues of underlying public chains. For example, the current Ethereum Layer 2 can help transfer transaction throughput from Layer 1 to off-chain systems, with the entire process managed by the bridge to safeguard funds and alleviate the pressure of massive transaction volumes on Layer 1. However, such bridges also have certain drawbacks. As independent blockchain networks, most focus solely on their own security models, which introduces a degree of security risk.

The ideal cross-chain bridge can ensure a highly transparent and tamper-proof cross-chain environment while facilitating the exchange of information such as assets and providing high security guarantees. It should achieve higher performance compatibility with various public chain protocols, applications, and transaction consensus categories. By developing along this model, the "middleware" role of cross-chain bridges can gain market recognition and achieve more frequent use, leading the industry into an era of indistinguishable cross-chain interactions.

This article will primarily focus on the security of asset cross-chain bridges, categorizing them based on who validates the system, and selecting three recently popular Trustless cross-chain bridges to summarize their respective operating principles, teams, funding, and costs, highlighting their advantages and disadvantages.

1. Classification of Cross-Chain Bridges

Security and speed have always been the primary tasks of cross-chain bridges. Since most Layer 2 cross-chain bridges are built on Ethereum, if we place funds on Layer 2, those funds are still protected by Ethereum validators. If we transfer assets from Arbitrum to Optimism via a cross-chain bridge, both Arbitrum and Optimism are secured by Ethereum. Validators on Ethereum provide a strong consensus foundation that offers high security. However, bridge protocols use a set of external validators, meaning that funds are no longer protected by Ethereum but by the bridge's validators. According to the principle of a barrel, the security is determined by its weakest part.

Therefore, based on who validates the system, we can categorize them into the following three types:

1. Native Validation

This type completes validation by running a light client of the source chain in the virtual machine of the target chain.

Examples include IBC, BTC Relay, Near Rainbow Bridge, Polkadot SnowBridge, LayerZero, Movr, Optics, Gravity Bridge, etc.

2. External Validation

This validation method involves one or a group of validators who need to monitor specific addresses on the source chain. Users send assets to a specific address on the source chain to lock them, and third-party validators verify this information and reach a consensus. Once consensus is reached, corresponding assets are generated on the target chain.

This type of cross-chain bridge includes Synapse, Thorchain, Anyswap, PolyNetwork, WBTC, WormHole, Qredo, Ronin, etc.

There are mainly two types of validators in this category:

One is custodial entities. The transferred assets are held by custodians, which requires complete trust in the custodians. This model entirely depends on the credibility of the bridge operator. Essentially, they could take away users' native assets, rendering cross-chain assets worthless. For example, if the custodian of wBTC takes all the BTC that supports the value of wBTC, then wBTC would become worthless, although this probability is very low.

The other is a group of validators. To become a validator, they need to bind assets to prevent malicious behavior. Asset binding can be divided into two categories. One is binding the corresponding cross-chain assets. For instance, to achieve cross-chain for BTC or ETH, validators need to bind BTC or ETH. The other category involves binding token assets to their own protocol. For example, Thorchain binds RUNE, and Synapse plans to bind its own token SYN in the future to ensure the security of its chain. In this model, bridge participants have the opportunity to steal users' funds, but due to the existence of a "game" mechanism (i.e., staking their own funds with a penalty mechanism for stealing funds), they are unlikely to do so.

The local validation protocol mentioned below transforms the complex multi-party validation problem into a simpler two-party interaction, where each party only verifies the other party. As long as both parties are economically adversarial, this model is effective—meaning that both parties cannot collude to obtain funds from the broader chain.

3. Local Validation

Local validation is a partial validation model and a peer-to-peer liquidity network. Each node itself acts as a "router," providing the original assets of the target chain rather than derivative assets. Additionally, through locking and dispute resolution mechanisms, routers cannot extract user funds.

Models of this type include Hop, Connext, Celer, Liquality, etc. This peer-to-peer model performs relatively well in terms of security, cost, speed, and multi-chain connection scalability.

Comparison of the advantages and disadvantages of each validation system

4. Summary

The external validation model for building cross-chain bridges has advantages such as faster speed, lower costs, universal data transmission, easier multi-chain connections, and better user experience. However, the potential drawback of this model is its security. By introducing the role of external participants, user security depends not only on the security of the source or target chain but is also limited by the security of the bridge. During the process of cross-chain asset transfer, if the bridge is not secure, the assets will be at risk.

The native validation model is a trustless cross-chain bridge that does not have the potential security trade-offs of third-party validators and can transmit various universal data. The security of cross-chain bridges is related to the security of the blockchain itself. Users' financial security is not affected by the bridge itself. If there are security issues, they are issues of the chain itself. Additionally, there is no need to stake assets (resulting in higher capital efficiency). However, this model currently lacks sufficient activity and multi-chain connections. Developers need to develop and deploy new light client smart contracts on both the source and target chains. Furthermore, it also has the drawbacks of being slower and more expensive.

The local validation model uses a liquidity network model. It employs local validation, eliminating the need for global validation, thus achieving faster speeds and lower costs. Relatively speaking, its capital efficiency is higher than that of the external validation model but lower than that of the native validation model. At the same time, the throughput of the peer-to-peer liquidity network is also larger. Of course, it also has its shortcomings. It has limitations in information transmission and cannot achieve universal information transfer.

2. Development Trends

Different models of cross-chain bridges have different trade-offs. Therefore, at different stages, based on users' varying demands for speed, cost, universality, and security, different models of cross-chain bridges may achieve different outcomes. In the early stages, external validation models and local validation models may achieve faster development speeds due to their advantages in cost and speed. As people pay more attention to security and technology advances, the native validation model may gradually develop in later stages.

Over time, some cross-chain bridges will gradually gain an advantage and become major players in the cross-chain bridge market. With the continuous development of Layer 2, cross-chain bridges will become an essential component of the future multi-chain era.

3. Examples of Cross-Chain Bridges

1. Hop Protocol

• Operating Principle

roll up to roll up transfer

ETH minted by Arbitrum is converted to hETH through AMM, then locked on the Arbitrum chain via the bridge contract. On another bridge, hETH is minted and then converted to ETH minted by Op through an AMM deployed on Op.

In this process, there is no need to interact with Layer 1.

Users send a redemption ETH request from the Op chain in the Hop protocol. The Hop protocol informs the Bounder, who confirms the advance of assets, sends ETH to the user on Layer 1, and the user receives it immediately. Once the challenge period ends, the Bounder receives the ETH withdrawn from Layer 1.

At this point, interaction with Layer 1 is required. The Bounder, due to competition, needs to cover gas fees themselves and will mix multiple transactions into one to reduce costs, so the time required for completing the interaction is variable.

Hop Protocol has three important roles:

1. AMM: Acts as an automated market maker, providing liquidity for different cross-chain transfers.
2. Bridge Contracts: Responsible for transferring liquidity across the network.
3. Bounder: Advances assets for chains with a challenge period.

• Fees

Note: The data in this table is calculated based on Ethereum at $2650. Fees vary with Ethereum gas prices. Due to different calculation times and network congestion, results may vary significantly and are for reference only.

• Team Information

Shane Fontaine: Ethereum developer, co-founder of Authereum, and organizer of Ethereum meetups in the Los Angeles area. He was the chief cryptographic developer at CoinCircle, participated in the development of Level K, and has served as a technical advisor for UNIKOIN and Synapse Capital, writing many smart contract codes in Solidity.

Lito Coen: Founder of Crypto Testers and responsible for business growth at Hop Protocol. He has invested in over ten projects in the Web3 space. Previously, he served as the business development manager at SatoshiPay.

Christopher Whinfrey: Co-founder of Authereum and developer of decentralized applications, previously the founder of Level K.

• Funding

Funding information is unclear, with disclosed investors including 1confirmation, 6th man ventures, infinite capital, etc.

2. Connext

• Operating Principle

Auction: Users are paired with liquidity providers, who provide liquidity for the transfer. Lock your DAI on Op and provide DAI on Arbitrum.

Preparation: At this stage, both parties lock funds for the transfer—sending users on the sending chain and routers on the receiving chain.

Execution: At this stage, both parties unlock funds for the transfer. Users provide a signature to unlock their funds on the receiving chain, and liquidity providers use the same signature to unlock funds on the sending chain.

• Specific Process

1. The sender broadcasts a transaction request to the NATS messaging network.
2. The router listens to the network, quotes, and the network automatically selects the router with the lowest fees.
3. The sender is paired with the router.
4. The sender sends asset and quote information to the nxtp contract, which broadcasts a signal that the transaction preparation is complete.
5. The router sends transfer preparation to nxtp.
6. The sender sends the required information and signature to the relayer, who assists in sending the transaction to the receiver chain's nxtp contract.
7. The router obtains the local signature from the nxtp contract and funds the address.
8. The user receives the asset on another chain and signs.
9. The router obtains the signed message and retrieves the advanced assets from the sender chain's nxtp contract.

• Operating Costs

Note: The data in this table is calculated based on Ethereum at $2650. Fees vary with Ethereum gas prices. Due to different calculation times and network congestion, results may vary significantly and are for reference only.

• Team

Arjun Bhuptani: Founder, Colgate University (liberal arts college), co-founder of Moloch DAO.

Layne Haber: Chief Operating Officer, University of California, Los Angeles, CEO of two startups.

Rahul Sethuram: Chief Technology Officer, University of California, Santa Cruz, former NASA research assistant, TESLA test engineer, Ethereum developer.

• Funding

Total funding of $15.7 million, currently completed Series A funding.

Investors include: #Hashed, Ethereum Foundation, Consensys, 1kx, OK Ventures, Huobi Ventures, Coinbase Ventures, Polychain, Jinglan Wang (Optimism), Sandeep Nailwal (Polygon).

3. Nomad

• Operating Principle

Inspired by the Optimism team, Nomad is an implementation and extension of Optimistic Interchain Communication. The system's security guarantee is that any participant can publish all fraud proofs, and all participants have a window to respond to any fraudulent behavior.

Nomad forms the foundational layer of a cross-chain communication network capable of sending universal messages, with higher universality but a delay of 30 minutes.

The sending chain (home chain) generates a series of messages (documents), which are signed by the notarizing updater. If the notary presents a forged copy, they will be penalized and broadcasted, making all clients aware of their maliciousness, thus preventing access to their accounts.

Nomad uses optimistic proofs as a prototype, sending some data proofs that are accepted as valid after a timer expires, while introducing challengers to submit fraud proofs.

Nomad spans multiple chains. The sending chain is the source of messages, which are submitted to a Merkle tree ("message tree"). The root of this tree is notarized by the updater and relayed to the receiving chain through the relayer in an "update." Updates are signed by the updater, who commits to the previous root and a new root. Any chain can maintain a "replica" contract containing knowledge of the updater and the current root. Signed updates are held by the replica and accepted after a timeout.

This leaves the possibility for the updater to sign fraudulent updates. Unlike optimistic rollups, Nomad allows for fraud, which is the most significant change in the security model. Importantly, fraud can always be proven to the Home contract on the sending chain. Therefore, the updater must submit collateral on the sending chain. Fraud can always be proven on the sending chain, and collateral can be cut as a penalty.

• Fees

Note: The data in this table is calculated based on Ethereum at $2540. Fees vary with Ethereum gas prices. Due to different calculation times and network congestion, results may vary significantly and are for reference only.

• Team

The specific members of the Nomad team are unclear, but the founding team has over four years of experience dedicated to interoperability.

• Funding

Seed round funding of $22.4 million, led by Polychain Capital, with other investors including The Graph, Celestia, Amber Group, Mina, Circle, Avalanche, 1kx, Polkadot, A&T Capital, Coinbase, and 27 others.

Nomad and Connext Integration

Connext's advantage lies in achieving cross-chain and L2 Trustless value transfer and contract calls, but its drawback is that it does not allow for fully universal communication, although its latency is indeed much lower. It relies on Nomad's high security, absorbing Nomad's trust/risk.

Utilizing Connext's low-latency liquidity pool allows end users to complete transfers within minutes instead of experiencing delays of over 30 minutes. According to Connext's official report, whales and institutions will require a longer 35 minutes to complete Nomad's bridging time.

The integration of Connext and Nomad represents a combination of low-latency liquidity and security. As Connext's liquidity grows, Nomad's adoption may gradually lean towards institutional capital or large fund volumes.

4. Summary

From the perspective of off-chain popularity, the Hop bridge currently stands out, while the integration of Connext and Nomad has led to increasing public attention.

Overall, due to its higher security and the high cost of fraud on it, Nomad is an ideal protocol for more universal cross-chain operations, which are typically executed by DAOs or other organizations rather than end users. Therefore, the corresponding usage and cross-chain time are not as convenient and fast; however, integration with Connext can mitigate some of these issues.

Reflecting on the recent hacking incidents:

Currently, the largest hacking incidents in blockchain are almost all from cross-chain bridges, such as Ronin Network's $624 million, Poly Network's $611 million, Wormhole's $326 million… These attacks remind us that regardless of user perceptions, decentralization has practical security necessities for large-scale applications.
We can see the high temptation and high cost-benefit ratio of attacks on cross-chain bridges. For cross-chain bridges to succeed, the primary prerequisite is security; in the future, billions or even hundreds of billions of dollars in assets cannot be compensated by any institution. The ideal state for cross-chain bridges should be secure, interconnected, fast, capital-efficient, low-cost, and censorship-resistant. With future technological iterations, native validation will gain an advantage, but considering the current economic aspects and security trade-offs, local validation is currently the best solution overall.

Of course, cross-chain bridges should not be limited to asset transfers; message and contract calls, data interactions, and state interactions are all application directions for cross-chain bridges. The diversified demand for cross-chain capabilities creates unlimited potential for the entire sector's future.