In a Reddit post on Friday, Vitalik Buterin, the co-founder of Ethereum (ETH), outlined the critical security concerns surrounding cross-chain bridges in the blockchain ecosystem. According to Buterin, storing native assets directly on-chain (Ethereum on Ethereum, Solana on Solana, etc.) provides a certain degree of immunity against 51% attacks. Even if hackers manage to censor or reverse transactions, they cannot propose blocks to take away someone’s cryptocurrencies.
This rule is also valid for the Ethereum application. For example, if hackers launch a 51% attack (controlling 51% of the entire supply of ETH in circulation) while an investor exchanges 100 ETH for 320,000 DAI stablecoin, the final state remains unchanged. That is, the investor would always get either 100 ETH or 320,000 DAI.
However, Buterin went on to say that the same level of security does not apply to chain bridges. In the example you raised, if an attacker deposited his own ETH on a Solana (SOL) bridge to get Solana-wrapped Ether (WETH) and then reversed that transaction on the Ethereum side as soon as the Solana side confirmed it, would incur devastating losses to other users whose tokens are locked in the SOL-WETH contract, as the wrapped tokens are no longer backed by the original at a 1: 1 ratio.
Buterin further explained how the security flaw could escalate negatively as more bridges are added to a cross-chain network. In a theoretical network comprised of 100 chains, the high level of derivative interdependency and overlap would mean that a 51% attack on one chain, especially a small-cap one, can cause contagion throughout the system. According to Crypto 51, it costs hackers up to $ 1.78 million per hour to mount a 51% attack vector against the Ethereum network. However, the cost drops to just $ 13,846 per hour for blockchains like Bitcoin Cash.
My argument for why the future will be * multi-chain *, but it will not be * cross-chain *: there are fundamental limits to the security of bridges that hop across multiple “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
– vitalik.eth (@VitalikButerin) January 7, 2022
My argument as to why the future will be * multi-chain *, but not * crossover *: There are fundamental limits to the safety of bridges spanning multiple “sovereignty zones”.