Vitalik Buterin gives thumbs down to cross-chain applications
Ethereum’s co-founder cites “fundamental security limits of bridges” as the key reason for his disapproval.
In a Reddit post on Friday, Vitalik Buterin, the co-founder of Ethereum (ETH), outlined critical security concerns surrounding cross-chain bridges in the blockchain ecosystem. As told by Buterin, storing native assets directly-chain (Ethereum on Ethereum, Solana on Solana, etc.) provides a certain degree of immunity against 51% attacks. Even if hackers manage to censor or reverse transactions, they cannot propose blocks to take away one’s crypto.
The rule also applies to the Ethereum application. For example, if hackers launch a 51% attack (by controlling 51% of all circulating ETH supply) while an investor swaps 100 ETH for 320,000 DAI stablecoin, the end state remains invariant, i.e., the investor would always get either 100 ETH or 320,000 DAI.
However, Buterin continued, that the same level of security does not apply to cross-chain bridges. In the example he raised, if an attacker deposited their own ETH onto a Solana (SOL) bridge to obtain Solana-wrapped Ether (WETH) and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it, it would incur devastating losses on other users whose tokens are locked in the SOL-WETH contract, as the wrapped tokens are no longer backed by the original on a 1:1 ratio.
Buterin further outlined how the security exploit could scale negatively as more bridges are added into a cross-chain network. In a theoretical network comprising 100 chains, the high level of interdepency and overlapping derivatives would mean that a 51% attack on one chain, especially a small-cap one, can cause a system-wide contagion. According to Crypto 51, it costs as much as $1.78 million an hour for hackers to mount a 51% attack vector against the Ethereum network. However, the cost drops to as little as $13,846 per hour for blockchains such as Bitcoin Cash.
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022