In an article posted on Reddit on Friday, Vitalik Buterin, the co-founder of Ethereum (ETH), describe Critical security issues regarding cross-chain bridges in the blockchain ecosystem. As Buterin said, direct-chain native asset storage (Ethereum on Ethereum, Solana on Solana, etc.) provides some degree of immunity against 51% of attacks. Even if hackers manage to censor or reverse transactions, they cannot offer blocks to take away their crypto.
The rule also applies to the Ethereum application. For example, if hackers launch a 51% attack (controlling 51% of all outstanding ETH supply) while an investor exchanges 100 ETH for 320,000 DAI stablecoin, the end state remains unchanged, i.e. that is, the investor would always get 100 ETH or 320,000 DAI.
However, Buterin continued, the same level of security does not apply to inter-chain bridges. In the example he mentioned, if an attacker deposited his own ETH on a Solana (SOL) to get Solana Packed Ether (WETH), then rolled back that transaction on the Ethereum side as soon as the Solana side confirmed it, this would lead to devastating losses for other users whose tokens are locked in the contract. SOL-WETH, as the wrapped tokens are no longer supported by the original in a 1: 1 ratio.
Buterin further explained how the security exploit could evolve negatively as more bridges are added in a cross-chain network. In a theoretical network comprising 100 chains, the high level of interdependence and overlap of the derivatives would mean that a 51% attack on a chain, especially a small cap, can cause system-wide contagion. According to At Crypto 51, it costs hackers up to $ 1.78 million per hour to mount a 51% attack vector against the Ethereum network. However, the cost drops to as little as $ 13,846 per hour for blockchains such as Bitcoin Cash.
My argument for explaining why the future will be * multi-chain *, but it will not be * cross-chains *: there are fundamental limits to the safety of bridges that cross several “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
– vitalik.eth (@VitalikButerin) January 7, 2022
Related: Vitalik offers a new “multidimensional” Ethereum pricing structure