The common risks using Ethereum and Bridges
Types of bridge
At the 2023's cryptospace individuals & entities sometimes have not the funds located at its desired place or desired chain, so sometimes one needs to move funds between blockchains. For this, bridges were created. Such bridges are a whole service that does not necessarily require our identity or data, it simply requires fund and very little interaction.
Bridges are divided into two categories: trusted bridges and untrusted bridges. But... what does it mean? I have extracted the following table from the official ethereum website (Ethereum.org) for clarity in this regard.
Trusted Bridges Trustless Bridges Trusted bridges depend upon a central entity or system for their operations. Trustless bridges operate using smart contracts and algorithms. They have trust assumptions with respect to the custody of funds and the security of the bridge. Users mostly rely on the bridge operator's reputation. They are trustless, i.e., the security of the bridge is the same as that of the underlying blockchain. Users need to give up control of their crypto assets. Through smart contracts, trustless bridges enable users to remain in control of their funds.
In a few words, we can say that trust bridges have trust assumptions, while non-trust bridges are trust minimized and make no new trust assumptions beyond those of the underlying domains. Here’s how these terms can be described:
- Trustless: having equivalent security to the underlying domains. As described by Arjun Bhuptani in this article.(opens in a new tab)
- Trust assumptions: moving away from the security of the underlying domains by adding external verifiers in the system, thus making it less crypto-economically secure.
Common risks using bridges
Many bridges are in the early stages of development, so it is recommended to use tested and established services to avoid unpleasant surprises. It is likely that the optimal bridge design has not yet been discovered. Interacting with any type of bridge carries risks and therefore we should always check the web link to avoid malicious copies. There are other risks that we will see below:
- Smart Contract Risk — the risk of a bug in the code that can cause user funds to be lost
- Technology Risk — software failure, buggy code, human error, spam, and malicious attacks can possibly disrupt user operations
Moreover, since trusted bridges add trust assumptions, they carry additional risks such as:
- Censorship Risk — bridge operators can theoretically stop users from transferring their assets using the bridge
- Custodial Risk — bridge operators can collude to steal the users’ funds
User's funds are at risk if:
- there is a bug in the smart contract
- the user makes an error
- the underlying blockchain is hacked
- the bridge operators have malicious intent in a trusted bridge
- the bridge gets hacked
One hack was Solana’s Wormhole bridge, where 120k wETH ($325 million USD) was stolen during the hack(opens in a new tab).
Bridges are crucial for onboarding users to second layers of the Ethereum network and to other EVM and non-EVM chains, and even for users who want to explore different ecosystems or migrate funds to other chains. However, given the risks involved in interacting with bridges, users must understand the trade-offs they make when signing with their private key.
If you would like to know best practices regarding the use of chain crossings and/or bridges, let me know in the comments and I will create a post about it. Thanks for reading me and enjoy the crypto space.