Bridges: Path Forward

Summary

• Following the Nomad exploit, our community has to start putting up signal votes to poll for which bridge they would like to use going forward. Below is a robust process of analysis for key design decisions affecting the community largely reproduced verbatim from this article by StellaSwap. The credit for this analysis belongs to the StellaSwap team.
• Three bridges: Multichain, Axelar, and Wormhole are compared on the basis of three aspects: Security, Financial Coverage, and User Experience. The bridges were chosen on the basis of being likely candidates to become ecosystem partners.
• The proposed vote is a Ranked Choice vote that also offers “Other” (use forum) and “No Bridge” as options.

Introduction

Moonwell Artemis mitigated the damage from the Nomad exploit by quickly disabling borrowing when the attack started, but the ecosystem needs to fill the void left over after the exploit. Looking ahead entails planning for the infrastructure towards rebuilding. It is therefore vital to ensure that there is a robust and rigorous process of analysis for key design decisions affecting the community.

Potential Bridges on Moonbeam

• MultiChain: Multichain is a cross-chain router protocol that is currently one of the most popular bridges in DeFi. With a total TVL exceeding $2.5 billion across 62 different blockchain networks, Multichain has possibly the largest market share in the space.
• Axelar: Axelar is a permissionless overlay network that has been at the forefront of pioneering work on cross-chain communication with its general message passing (GMP). Axelar was recently chosen as the official cross chain service provider for Osmosis, the largest DEX on Cosmos.
• Wormhole: Wormhole is a generalized cross-chain messaging platform connecting high-value blockchains together, with applications leveraging the messaging layer to facilitate interoperability between ecosystems. Wormhole is backed by Jump, a behemoth with tentacles across market-making, a venture capital arm and, increasingly, a team of in-house developers who contribute to projects on several major blockchains.

Bridge Evaluation Parameters

This section discusses several parameters to evaluate a bridge.

• Security: The most vital factor for evaluation, covering trust mechanism and security assurances. The former covers the spectrum of trust assumptions embedded within their logic and (operational) verifiers instituted in the system, while the latter covers the depth of audits, code deployment process and external bounties.
• Financial Coverage: The degree of financial backing, whether internally embedded within the protocol’s model (i.e. reserve fund) or externally via a network of backers, in the adverse event of any exploit.
• User Experience: The overall experience when using a bridge including usability, intuitiveness, speed and slippage, amongst other things. We shall explore each parameter for each of the aforementioned protocols together with the context of the general Moonbeam ecosystem.

Evaluation Parameter #1: Security

It is no surprise that the biggest hacks recorded in DeFi are bridge exploits, as the cumulative amount of funds locked in bridges make them a primary target for attackers. The Nomad exploit underlined the need for a comprehensive and fully robust security framework; it is simply not enough to have a secure architectural logic without a corresponding emphasis on secure operational measures. In fact, 3 out of 4 of the biggest bridge hacks — Ronin, Womhole and most recently Nomad — was due to operational failures. It is therefore vital to analyze the full-suite of security elements that not only include the architectural logic, but also — with equal emphasis — the respective operational security measures and safety measures determining the protocol’s code quality.

Multichain

Multichain utilizes secure multi-party computation (SMPC) to run threshold signature schemes (TSS) for the creation of public keys and for the signature of messages. Thes validation nodes trustlessly control externally owned accounts (EOAs) with public addresses corresponding to the split private key. These EOAs are then used to store & transport assets to the destination chain ; they simply check whether the sender’s address is trusted relative to verifying the message itself. The Multichain network currently consists of 24 SMPC nodes, run by different institutions, and requires a majority of nodes to come together to verify messages. Multichain’s security is dependent on the reputational security of the SMPC nodes, which assumes an honest majority of more than 1/2 of all nodes. 13 signatories are needed to send data cross-chain and 12 nodes need to collude to censor messages. Multichain is currently testing their enhanced MPC version called fastMPC, which offers increased speed, better performance and enhanced security. No proxy contracts are used on the network and Multichain ensures that there is a designated and separated ETH EOA address to lock funds.

Axelar

Axelar runs on a decentralized Proof-of-Stake network predicated on Cosmos SDK, where validators are elected by token holders and given voting rights on a pro-rata basis, weighted by the stake delegated to them. Cross-chain messages are verified by the Axelar network via a (t,n)-threshold signature scheme where the voting power of the signers, normalized to n, must be greater than t, the protocol threshold, to sign a message. The Axelar network currently has a maximum of 50 validators and must exceed a 66.67% voting majority to sign messages. Another unique feature of Axelar is that it is in the midst of implementing a quadratic voting mechanism to further increase decentralization of the network. This is groundbreaking work since concentration of power has been a heavily discussed topic with regards to POS systems.

Wormhole

Wormhole uses a Proof-of-Authority Guardian network as an oracle and a permissionless relayer network to transmit messages cross-chain. There are currently 19 Guardians that runs full nodes for each of Wormhole’s supported chains and listens for messages emitted by Wormhole’s core contracts on each chain. These Guardians verify and sign these messages, and thereafter relays them to one another on a P2P network. Once a message is received, signatures from more than 2/3 of the Guardians (or at least 13 Guardians), it’s relayed to the target chain. A byproduct of this design is that it allows for a completely trustless relayer network to land the message on the destination chain. Since these messages are signed by the Guardians, it is not possible to either change the contents of the message or censor it as anyone can run a relayer to submit any message. The security guarantee of Wormhole comes from the reputational authority of the Guardians, which is made up of 19 of the largest staking and infrastructure providers in Web3. 13 Guardians would need to collude to sign a false message, and 7 Guardians would need to collude to censor a message. Moreover, the existing Guardian set has the ability to vote to remove or replace Guardians.

Evaluation Parameter #2: Financial Coverage

Close to $2 billion has been compromised in cross-chain exploits so far in 2022. This is expected to be a recurring theme in DeFi, given the infancy of the technology. Cross-chain bridges are especially vulnerable, given the sheer amount of funds locked in their respective smart contracts. As robust and comprehensive the security of a protocol is, there is no guarantee that it can protect itself from any and every threat. Therefore, it is vital to assess a bridge’s ability from a financial coverage point-of-view. Generally, a bridge that possess the financial capacity to backstop losses due to an exploit would exhibit greater levels of confidence. Let’s take a look at two opposite examples of bridges with financial coverage; Nomad Bridge Exploit: Nomad bridge was exploited on the 1st of August this year, resulting in a loss of more than $186 million. As the defacto bridge of Moonbeam, many affected users saw their funds diminish in value and thee overall ecosystem TVL plummeted from $187 million to sub-$60 million. Users and affected protocols, like StellaSwap, is still awaiting for the resolution plan from Nomad Wormhole Bridge Hack: On Feb 2 this year, Wormhole’s bridge was exploited for $320 million (120k ETH). Within 24 hours, the vulnerability was fixed and the bridge resumed operations after Jump Crypto, the backers of Wormhole, backstopped the bridge. As users were made whole, confidence was restored and ecosystem TVL recovered within days. It would therefore be advantageous for a bridge to possess deep pockets in order to backstop losses due to exploits and hacks. This section takes a look at the financial capacity of each bridge.

Multichain

Multichain has showed a great precedent in backstopping the losses from exploits, ensuring that users are made whole. The reaction of their exploits entailed the creation of a security fund, to ensure that there will be a sustainable source of funds for potential exploits down the line.

Axelar

Axelar on the other hand, has not suffered from any exploit to their credit. However, it must be put into context that Axelar launched this year and is the youngest bridge thus far, and therefore it may not be in the firing line for hackers just yet. A good buffer that has been implemented is their insurance fund that is inherent in their tokenomics.

Wormhole

Although Wormhole has suffered one of the largest exploits in DeFi, Wormhole exhibited the highest confidence for financial coverage. The $320M shortfall was covered in under 24 hours, as compared to Multichain’s response, in which they confirmed their reimbursement plan approximately a month after their latest hack. Beyond that, the prominence of Jump across the cryptocurrency system is well-known and goes beyond financial coverage, as they have expertise and networks across major financial functions. For instance, Jump’s capital deployment in Solana has been measured to surpass billions of dollars across the functions of market-making, arbitraging and institutional networks. Granted, this does not pertain directly to the function of bridging, but it represents a highly beneficial proposition to assess as it could enrich the entire ecosystem.

Evaluation Parameter #3: User Experience

In the long-run, the popularity of any bridge will depend on its usability and overall user experience. Users must generally be happy with the bridging experience for a bridge to be successful. StellaSwap has worked with Multichain, Axelar, Nomad and Celer, allowing us to fully understand the variables that goes into analyzing an optimized user experience when it comes to bridging.

Across the board, the latency and fees is pretty standard and falls in line with the general expectations of users. Multichain stands tall in terms of connectivity, with comprehensive support across numerous blockchain networks and asset support. Although Axelar is the youngest bridge, their pace of growth is lightning with 17 blockchain networks so far, with their recent achievement being selected as the defacto bridge for Osmosis, the leading DEX on Cosmos. Wormhole is seemingly employing a more focused approach towards Layer-1 integration. UI/UX wise, Multichain and Wormhole edges out Axelar incrementally.