{"id":22323,"date":"2022-04-02T23:29:45","date_gmt":"2022-04-02T23:29:45","guid":{"rendered":"https:\/\/davidgerard.co.uk\/blockchain\/?p=22323"},"modified":"2022-04-04T13:04:18","modified_gmt":"2022-04-04T13:04:18","slug":"blockchain-bridges-how-the-smart-contract-pinata-works-and-why-bridges-keep-getting-hacked","status":"publish","type":"post","link":"https:\/\/davidgerard.co.uk\/blockchain\/2022\/04\/02\/blockchain-bridges-how-the-smart-contract-pinata-works-and-why-bridges-keep-getting-hacked\/","title":{"rendered":"Blockchain bridges: how the smart contract pi\u00f1ata works, and why bridges keep getting hacked"},"content":{"rendered":"

The Ronin Network\u2019s bridge to Ethereum was hacked on 23 March,<\/a> and $625 million worth of ether and USDC was stolen from the blockchain game Axie Infinity!<\/p>\n

Why was there a huge pile of cryptos just sitting there?<\/p>\n

A cryptocurrency blockchain has a native currency, and may also run various other tokens. In decentralised finance (DeFi), a bridge<\/i> lets you use a cryptocurrency from a different blockchain.<\/p>\n

The bridge holds the original crypto (e.g.,<\/i> Ethereum\u2019s native currency, ether), and issues a token on the second chain that represents the original crypto (e.g.,<\/i> \u201cwrapped\u201d ether on Binance Smart Chain) \u2014 the token is like a banknote representing the reserve held on the original chain.<\/p>\n

DeFi is correctly viewed as a pi\u00f1ata<\/a> \u2014 you whack it in the right spot, and a pile of crypto falls out. This is because smart contract programming is brittle and demanding, but all the incentives are time-to-market \u2014 so you should expect sloppy work at every stage.<\/p>\n

Bridges are the fattest pi\u00f1atas in DeFi. When you see news of a crypto hack that says hundreds of millions of \u201cdollars\u201d were stolen, it was usually someone stealing the cryptos from a bridge.<\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

Why do you need a bridge?<\/h3>\n

DeFi started on the Ethereum blockchain. You run a massive shell game of complex transactions-within-transactions between ether and various other tokens running on Ethereum, in the hope of making money from people who think they\u2019re hotter market players than they are.<\/p>\n

But Ethereum has been clogged to unusability since 2017. ethereum.org admits that \u201cfor Ethereum to scale and keep up with demand, it has required rollups\u201d \u2014 assorted schemes to do the work elsewhere and just send the result back to Ethereum. That is, the blockchain is only usable if you work around actually using it. [ethereum.org<\/i><\/a>]<\/p>\n

So you set up your DeFi protocol on some less-clogged blockchain \u2014 maybe even a centralised chain, like Binance Smart Chain \u2014 and you use “wrapped tokens” representing ether, or bitcoins, or tethers, or USDC. Then you convert back to the real tokens when you want to cash out.<\/p>\n

DeFi protocols usually end by being hacked, or from a \u201crugpull\u201d \u2014 DeFi is so innovative that it came up with its own new term for someone just stealing all the money. These are distinct from bridge hacks.<\/p>\n

How blockchain bridges work<\/h3>\n

\u201cSmart contract\u201d<\/a> is a fancy term for small computer programs that run directly on a blockchain.<\/p>\n

Bridges work by having a smart contract on both the blockchains. The bridge uses a relay to transmit messages back and forth between the smart contracts on each of the two blockchains.<\/p>\n

The Ethereum Virtual Machine can\u2019t send messages out to the Internet. So the relay for a bridge is a centralised entity \u2014 a convenient bridging API, or an \u201coracle\u201d server doing this one job.<\/p>\n

The APIs are provided by centralised entities. These often call themselves \u201cdecentralised\u201d because they promise they aren\u2019t interfering with the messages.<\/p>\n

Various more complex schemes exist that attempt to make the wafer-thin completely centralised bit just a bit smaller. It\u2019s still completely centralised, but it\u2019s smaller<\/i>, see.<\/p>\n

But nobody really<\/i> cares about actual operational decentralisation \u2014 as long as there\u2019s money to be made.<\/p>\n

The trouble with smart contracts<\/h3>\n

Smart contract programs are extremely hard to alter. The concept is that you can have faith that the program is immune to interference from mere humans \u2014 that you\u2019ve automated the human element out.<\/p>\n

The problem there is that another term for \u201cimmutable program\u201d is \u201csitting duck for attackers.\u201d This makes smart contracts naturally turn into pi\u00f1atas:<\/p>\n

    \n
  1. Smart contracts are hard to alter, by design. So they require the most painstaking code review and analysis \u2014 so that you don\u2019t lose money to an exploit.<\/li>\n
  2. You make more money by being quick to market.<\/li>\n<\/ol>\n

    You could<\/i> get cautious computer scientists to code your smart contracts in functional or non-Turing-complete languages \u2014 or<\/i> you could get mediocre ex-JavaScript coders to bash out some Solidity code that’ll do for the moment. Crypto overwhelmingly chooses the second option.<\/p>\n

    You can get your smart contracts audited! This has created a market for crappy rubber-stamp Solidity \u201cauditors,\u201d who let you say you were audited. Or you can get a decent auditor \u2014 then just ignore the recommendations in their report,<\/a> because that\u2019s too much like work when you\u2019ve already ticked the box marked \u201cget an audit.\u201d<\/p>\n

    A selection of past pi\u00f1atas<\/h3>\n

    Cryptos kept in a bridge run by a centralised entity with experience in cryptocurrency custody are comparatively safe. For example, the original Wrapped BTC token is issued by BitGo, who hold the BTC reserve and exchange it both ways with the WBTC token on the Ethereum blockchain. [BitGo<\/i><\/a>]<\/p>\n

    But the crypto world dislikes touchable centralised entities \u2014 or ones that are too obvious about it, at least. So bridges tend to just lock the ether into the bridge smart contract on the Ethereum side.<\/p>\n

    This creates a massive<\/i> pile of ether, and whatever other tokens the bridge handles \u2014 just waiting for someone to get a stick and whack the pi\u00f1ata just right.<\/p>\n

    (Hack values stated in hundreds of millions of dollars can be misleading — these numbers are often the mark-to-market<\/a> value of highly illiquid tokens when there’s nothing like that amount of buyers for them, so you could never realise the claimed dollar value even selling them legally. Wrapped cryptos are often blockable by the bridge’s administrators. Actual bitcoins or ether are relatively<\/i> liquid, but a thief is unlikely to be able to realise hundreds of millions of dollars<\/a> from selling stolen coins. So take some of the big numbers with a grain of salt.)<\/p>\n

    \u2022 Axie Infinity\u2019s Ronin Network<\/b> was hacked on 23 March<\/a> because four of their permissioned blockchain\u2019s nine validators were controlled by Sky Mavis, the company behind Axie and Ronin \u2014 and an outside fifth validator was also controlled by Axie temporarily, but Sky Mavis forgot to hand back control. So the attacker got into Ronin and just told the bridge to give them all the cryptos.<\/p>\n

    This has left the already poor play-to-earn gamers in Axie Infinity utterly screwed \u2014 they\u2019re paid in the wrapped tokens, which can\u2019t be redeemed because there\u2019s nothing left to redeem them with. The company says it will make up the stolen coins \u2014 though it\u2019s not clear how.<\/p>\n

    Sky Mavis claims not to have noticed the hack until 29 March \u2014 but the price of the Axie token suddenly went up, with an unusual peak in volume, shortly after the hack on 23 March. Some suspect the price of Axie was deliberately being pumped to offset the losses once news of the hack became public. [Twitter<\/i><\/a>].<\/p>\n

    \u2022 Wormhole Portal,<\/b> on the Solana blockchain, was hacked for 93,750 ether in February 2022. The attacker created a fake signature validator, and used it to create fake credentials. They used these credentials to create 120,000 \u201cWormhole ETH\u201d tokens out of thin air on the Solana side, then told Wormhole to transfer 93,750 of those out as actual ether. Wormhole\u2019s parent company Jump covered the cost with a bailout. [Ars Technica<\/i><\/a>; <\/i>Elliptic<\/i><\/a>; <\/i>Twitter<\/i><\/a>]<\/p>\n

    Just weeks after the hack, Wormhole drew up plans to do a private token sale to institutional investors, hoping to raise $200 million. [The Block<\/i><\/a>]<\/p>\n

    \u2022 Meter.io<\/b> is a bridge infrastructure provider \u2014 bridges are their job. On 5 February 2022, they were hacked for $4.4 million in bitcoins and ether, via a bug in the Meter Passport smart contract code. [Twitter<\/i><\/a>; <\/i>BeinCrypto<\/i><\/a>]<\/p>\n

    \u2022 Qubit Finance<\/b> is a DeFi protocol on the Binance Smart Chain. Qubit\u2019s QBridge, between Ethereum and Binance Smart Chain, was hacked on 27 January 2022 for \u201c$80 million\u201d in notional value of various illiquid minor altcoins and wrapped ether. This attack simply exploited a bug in the QBridge smart contract\u2019s \u201cdeposit\u201d function. [Certik<\/i><\/a>]<\/p>\n

    \u2022 The Poly Network<\/b> is a bridge that interfaces between multiple blockchains. In August 2021, Poly was hacked for \u201c$611 million\u201d<\/a> in various tokens, mostly illiquid minor altcoins and wrapped cryptos. The attacker was quickly tracked down; they claimed they did the hack just to show it could be done, and gave back most of the coins.<\/p>\n

    Transactions to move coins from the source blockchain are submitted to Poly\u2019s EthCrossChainManager smart contract on the destination blockchain. EthCrossChainManager has permission to change the \u201ckeepers\u201d \u2014 trusted entities that can perform transactions \u2014 listed in the EthCrossChainData contract. EthCrossChainManager then accepts any transaction signed by a keeper \u2014 whether it\u2019s a valid transaction or not. The attacker swapped one of the original keepers for a malicious keeper controlled by the attacker. At that point, the attacker could take anything they liked. [Mudit Gupta<\/i><\/a>; <\/i>The Block<\/i><\/a>]<\/p>\n

    Real-world stocks are wrapped tokens \u2014 with regulation<\/h3>\n

    Wrapped tokens are not a wrong thing to want. Finance is full of paper representations of assets, and paper representations of paper representations. In fact, real-world equity stocks in the US work a bit like wrapped cryptos.<\/p>\n

    Cede<\/a>, as part of DTCC<\/a>, is the actual owner of pretty much all publicly issued stock in the US. This arrangement was put into place so that stockbrokers didn\u2019t have to send around paper certificates all the time just to trade. The stocks stay at Cede, and brokers exchange rights to those stocks held at Cede.<\/p>\n

    When you buy shares in a stock, you hold an entitlement, to part of an entitlement held by your broker, to stock held by Cede. Cede owns the actual stock, but you have beneficial ownership of your shares \u2014 you are the shareholder who can vote at general meetings and receive dividends on the shares.<\/p>\n

    This sounds like a long, tottering chain \u2014 but the difference from crypto is that every step of this chain is highly regulated and monitored by law. And the regulators know who all the people involved are.<\/p>\n

    Even then, the layers of abstraction can break if you twist them funny. Matt Levine wrote up one example from 2015, when the DTCC system led to problems working out who had beneficial ownership of shares in Dell. \u201cThe financial system is built in layers of abstraction. Which is always fun in court.\u201d [Bloomberg<\/i><\/a>]<\/p>\n

    Blockchain bridges need regulation<\/h3>\n

    Blockchain bridges are functionally wildcat banks,<\/a> but on the blockchain \u2014 they hold cryptos, then issue tokens as banknotes backed by those cryptos.<\/p>\n

    Crypto sets up all these complex mechanisms that look like real-world financial engineering \u2014 but without the battle-hardened protection mechanisms that exist in the real world.<\/p>\n

    The big problem is that none of this stuff has the slightest bit of regulation or oversight.<\/p>\n

    Yes, I know you don\u2019t want regulation of your precious crypto. But you keep demanding to be taken seriously, while throwing around numbers in the hundreds of millions of dollars. Being taken seriously involves oversight.<\/p>\n

    Blockchain bridges are depository institutions, run by particular individuals. That their IT infrastructure is some shoddy Solidity code doesn\u2019t change that. Bridges\u2019 backing reserves need to be monitored and insured. If that means the reserve can\u2019t legally be held in the smart contract itself, too bad \u2014 the \u201cdecentralisation\u201d was always fake anyway.<\/p>\n

    This applies to single-application bridges too, like Sky Mavis\u2019s Ronin. The screwed-over players on Axie Infinity are real-life victims. If you can believe Sky Mavis, the company literally didn\u2019t notice<\/i> for six days<\/i> that their backing reserve had been stolen. Nobody was watching any of this. That\u2019s flatly unacceptable.<\/p>\n

    Crypto regulation came into Canada in full force in the wake of the collapse of the Quadriga crypto exchange<\/a> \u2014 after public outrage that a $200 million financial institution could have collapsed when the regulators were barely aware that it existed. Now cryptos on an exchange in Canada are regulated as securities.<\/a><\/p>\n

    Oversight needs to be put into place for these supposedly billion-dollar financial institutions \u2014 before<\/i> they get within a mile of the real financial system where people live.<\/p>\n

     <\/p>\n

    \"Become<\/a>

    Your subscriptions keep this site going. Sign up today!<\/a><\/i><\/p><\/div>","protected":false},"excerpt":{"rendered":"

    Oversight needs to be put into place for these supposedly billion-dollar financial institutions \u2014 before they get within a mile of the real financial system where people live.<\/p>\n","protected":false},"author":1,"featured_media":22324,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[2835,2450,2875,1552,2876,82,2872,128,2873,2397,2874,2834,2870,83,2789,2871],"class_list":["post-22323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised","tag-axie-infinity","tag-bitgo","tag-cede","tag-defi","tag-dtcc","tag-ethereum","tag-jump","tag-matt-levine","tag-meter-io","tag-poly","tag-qubit","tag-ronin","tag-sky-mavis","tag-smart-contract","tag-solana","tag-wormhole"],"jetpack_featured_media_url":"https:\/\/davidgerard.co.uk\/blockchain\/wp-content\/uploads\/1648\/41\/unicorn-pinata.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts\/22323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/comments?post=22323"}],"version-history":[{"count":22,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts\/22323\/revisions"}],"predecessor-version":[{"id":22354,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts\/22323\/revisions\/22354"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/media\/22324"}],"wp:attachment":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/media?parent=22323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/categories?post=22323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/tags?post=22323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}