A cross-chain protocol lost more than $600 million in the pool of assets on three chains it bridges.It can be called a dark night in Defi’s history.Behind painful loss,we can retrospect,”Every project is trying to make cross-chain come true,but cross-chain is a false proposition”,behind the voice,is to simplify the cross-chain into the pursuit of hotspot,a market slogan and label cognitive biases.
After waking up,it’s worthy of the community and the developers to consider:
The Achilles’ heel of cross-chain infrastructure.
01.Basic principles and models of cross-chain
When you move assets from one chain to another, such as Ethereum to Darwinia, your assets are not actually transferred,but by locking them on the source chain, and then issuing mapped assets on the target chain.
02.Why is Achilles’ heel so fragile?
Cross-chain Bridges are a fragile single point of cross-chain infrastructure because of the high complexity of cross-chain security challenges.
The source of complexity, through the explanation of the cross-chain principle above , it is not difficult for everyone to find the asset transfer between multiple chains, especially the technical difficulties that Darwinia has been conquering, heterogeneous chains (such as Ethereum — BSC cross-chain similar isomorphic cross-chain difficulty is slightly lower,Polkadot — Ethereum cross-chain is heterogeneous chain).
In the process of locking and distribution mapped assets,coupled with the complex multi-chain composability of Defi products,it involves multiple different chains and different contracts, the bottom of the chain layer,token contracts, cross-chain component contracts (one for each chain),and applications layer contracts.As long as one layer contract has a problem,the system will be breached. The risk coefficients of BSC and polygon are relatively low,because it is directly isomorphic to Ethereum,but when it has been tested for a long time, then other chains will have greater risks.
03.The custodial problem of cross-chain assets
A key to cross-chain security is the locking method.For example, a cross-chain fund pool custody used by an attacked chain , based on the basic cross-chain model of shadow assets , custody seems unavoidable.
The most common custody method is semi-centralized and multi-signature custody based on Trust ,and cross-chain explorers have been working to further detrust this approach by eliminating the human involvement of third parties,such as introducing encryption algorithms and economic gaming to improve the security of locked assets.
04.Is decentralization always safe?
The degree of decentralization, security and efficiency has always been the impossible triangle that the blockchain industry wants to break through. In this incident,it was the centralized Tether that froze the hacker’s assets with higher centralized authority.The Darwinia team has been exploring a breakthrough in trustless cross-chain solutions and to further improve the security of the bridge and cross-chain efficiency .
05.Can decentralized cross-chain infrastructure support the rapid outbreak of Defi industry?
The complexity and cross-chain composability of Defi products bring high benefits to users , but it also intensifies the security test of cross-chain infrastructure and cross-chain bridges .Driven by the income of cross-chain mining , the funds in the custody of the cross-chain fund pool are constantly increasing, which has become the perfect prey for hackers.
The Darwinia team has always been adhering to the concept of safety first and is committed to providing a safer general cross-chain bridge solution. After the accident, we also conducted developer discussions as soon as possible. The following will share with the community about Darwinia ‘s thoughts on upgrading the cross-chain bridge security model.
Darwinia cross-chain bridge security model upgrade idea
01.Security model ideas:
1) Safety redundant system, not a single mechanism system ( message delivery system + message guard system)
Aug11 08:40 SlowMist Safety team analysis points out:This attack is mainly caused by the “EthCrossChainData” contract keeper can be modified by the “EthCrossChainManager” contract. The “verifyHeaderAndExecuteTx” function of the “EthCrossChainManager” contract can in turn execute the data passed in by the user through the “_executeCrossChainTx” function.Therefore, the attacker passed in carefully constructed data through this function to modify the “EthCrossChainData” contract keeper address specified for the attacker, not network transmission is caused by the leakage of the keeper private key.
The cross-chain protocol which had the accident, the message delivery system was attacked, and the double insurance of the message guard can further reduce the cross-chain security risk. Darwinia will focus on upgrading the cross-chain message delivery system ( the core system of Darwinia Bridge ) from the business and product aspects.
2 ) Decoupling of bridge message system and application layer ( including Token)
The application layer is solely responsible for its security. The bridge messaging system simply provides a set of infrastructure and message delivery services (with its reliability and security preconditions and assumptions). The application needs to consider whether additional enhancements are needed.Darwinia can provide tools and solutions.
3 ) The perspective of the cross-chain security model is multi-dimensional
①Security assumptions of the source chain and target chain
②Bridge chainrelay design assumptions security
③Engineering assumptions
④Operation and maintenance assumptions
4 ) Direct isolation of different bridge mapped assets
A problem with one cross-chain messaging system does not affect mapping assets based on other Bridges, is local and does not affect global exposure.
5 ) Further reduce the complexity of product structure
Complexity is the enemy of security.(Darwinia plans to spin off its Token business from Darwinia message delivery service, with asset management possibly becoming a independent module product) to spin off the mapped asset protocol as a independent optional application and module (Mapped assets may require the responsibility of the relevant application layer principal).
6 ) Black swan relief and supplements from an economic perspective
Absorb and learn from industry experience and other insurance mechanisms,such as Ren ’s experience:The limit of cross-chain asset is related to the market value of their encrypted economic system, and secure multi-party computing is used to ensure system security.The REN node of each shard must bind assets that are not less than three times the value of the BTC locked in the corresponding shards to achieve anchoring.
02.Safety practice
Cryptography:
1. Strengthen cooperation with security companies ( open source audit work )
2. Build a team of security professionals
a. Regularly conduct safety audit inspections and seminars
b. Set a full-time safety officer to aim for safety
Operation and maintenance:
1. Strengthen the security audit of Runtime & Pallet , as well as the design and inspection of authority management;
2. Don’t believe in safety practices, and discuss the possible risks of multiple assumptions;
3. Promote more industry security cooperation and coordinate the upgrade of cross-chain bridge general security solutions;
4. Understand the challenges and problems of PR Review and enhance the team’s mutual learning and reserve.
As of the post,the hackers have begun to return assets, which seems to have relieved the community. But in front of the bloody lesson, the cross-chain bridge safety challenge is a road of thorns, Darwinia will continue to carry the load.
