In part 1 I wrote about interoperability, its concept and protocols, introducing a bit of history. In this article I will deal with what I think are the lights and shadows of the connection between different ecosystems.
The Lights: Why Do We Need Interoperability?
The blockchain has its primary use in the financial sector, both as a payment currency and DeFi. Without interoperability, transactions in quantity are restricted, hindering scaling and the creation of more liquid markets.
Blockchain can be very useful in supply chains, for example in health care, food, aviation, luxury goods or other industries, but if there is no interoperability, there is no data transmission between the different chains.
Digital Identity is another use for the so-called web3 decentralized Internet engine, which requires interoperability and scalability for end users to control and share data, and cannot be locked into a single network.
The various functionalities to interoperate can be grouped into five categories:
- Transferable Assets: 1-to-1 supported asset trading with minimal trust. Essentially, this is transferring a digital asset from one chain to another, with the ability to transfer it back to the source chain. A two-way channel between blockchains. This requires the assets to be locked in the “local of origin” chain, and can only be released upon return, to avoid double spending.
- Swap: trading executed with smart contracts, with minimal trust. Also known as an “atomic swap”, where user A transfers their asset on chain 1 to user B and user B transfers their asset on chain 2 to user A, in such a way as to ensure that both transactions go through as one exchange .
- Cross-chain oracles: reading information in a unidirectional way causing an action. It is an entity or the chain itself, which has the ability to prove or read that something is true, or that some action has taken place on another chain. For example, a smart contract on a chain might have a condition that requires a proof of transaction on an external chain for it to complete.
- Asset Lock– deposit with minimal trust. This can be used to lease assets or data upon payment for a set period of time. An IoT (Internet of Things) device can be leased to an entity that wants full use of its capabilities for a short period of time, paying for usage per minute. Once that time is up, the contract will return ownership of that asset to the original owner.
- General cross-chain contracts: multi-chain dependent smart contracts. This is a large category of applications that use smart contracts that interact with many chains that use a data network for actions. For example, a smart home would be making decisions and triggering actions based on many different IoT devices on many different chains.
Have you noticed that they have in common all the functionalities to interoperate? Yes, smart contracts, that is, in order to connect different blockchains, an executable encrypted protocol must be run.
The Shadows: Security and Risk
Blockchain projects employ different trust and security models in their design. Public blockchains build trust from cryptography, consensus algorithms, and incentive models.
For example, the Bitcoin proof-of-work (PoW) consensus has a high hashrate, which causes high costs for anyone who wants to attack the integrity of its data. The strength of security is usually correlated to the number of nodes in the network.
On the other hand, for those blockchains with traditional public key infrastructure (PKI), which allows users to authenticate themselves against other users and use the information of the identity certificates, security depends mainly on the commercial relationship established between the participants.
When two blockchains interoperate, it is important to analyze the difference in their security models and introduce the necessary compensating controls so that the integrity of the information, or the exchange of values, is not compromised for either of the two interoperating blockchains.
From a risk perspective, a party may take additional risks if it interoperates with another party with a lower security profile. This additional risk must be carefully evaluated and considered appropriate for the commercial benefit that would be obtained.
The low security of a blockchain can cause interoperability problems with another blockchain, causing a negative impact on its ecosystem, for example due to a hack that impacts the smart contract that connects them.
Finally, there is a risk associated with the economy, a product of the monetary policy that is intertwined in the interconnected blockchains. Crossing cryptocurrencies with poor or different monetary planning can have some impact on the ecosystem, when the amount of transferred coins is high with respect to the total circulating of the receiving blockchain, since it affects the liquidity of tokens, and that is not innocuous.
For value exchange, key issues include:
- the integrity of the information
- the asset is owned and its intended action, and
- that the execution of the value exchange is fair and atomic. Fairness ensures that both parties get their share of the trade, and neither party should have an advantage in backing out of the transaction based on outside events.
A condition for interoperability lies in the ability of two systems to recognize each other’s identity or ownership schemes.
Aspiring to common identity management is unrealistic as they are intrinsically tied to each chain’s crypto options. On the other hand, a precondition for establishing trust is to establish some sort of mapping between identity schemas.
Summary of Security Factors
Bridges are an attractive target because they often feature a central storage point of funds that back the “bridged” assets on the receiving blockchain.
Hacking attacks to steal tokens or cryptocurrencies result in the main problem for blockchain interoperability.
Although the thefts that are perpetrated by violating the computer code also occur in the L1 of the blockchains, the cross-systemic risk that arises in the interoperation of networks opens up a new possibility for hackers, and in addition, it may be greater in amount of funds.
For the exchange of information, the critical security issue is the integrity and reliability of the information coming from another chain or system.
Attacks can be on interoperability oracles, on bugs in smart contracts that manage transferred assets, on bridges, or on sidechains. I will cite an example of each.
The 2019 oracle attack on Synthetix, a synthetic asset issuance platform built on Ethereum, resulted in the loss of 37 million digital tokens. Synthetix suffers oracle attack, more than 37 million synthetic ether exposed.
Another known case $611 million hack Poly Network, it was possible from a contract called “EthCrossChainManager”, which has the privilege of being able to execute messages coming from other networks. It’s a standard feature for cross-chainforwarding contracts cross-chain that allowed special contracts to be called. The EthCrossDomainData not have belonged to the EthCrossDomainManager. If a contract really needs to have special privileges like these, users shouldn’t be able to use cross-chain to call these special contracts.
Regarding bridge attacks, the protocol that connects two blockchains to interoperate, Wormhole, the Solana bridge, was manipulated to credit 120 thousand ETH as if it had been deposited in Ethereum, which allowed the hacker to mint an equivalent amount of wrapped whETH (Wormhole ETH) in Solana. Using a SignatureSet created by a previous transaction, the attacker was initially able to bypass the wormhole’s ‘guardians’ (which are used to verify inter-chain transfers), and call verify_signatures on the main bridge.
Sidechain attacks also existed. Ronin was launched as an Ethereum side-chain in February 2021 to provide fast and cheap transactions needed to run p2e games (Play-to-Earn). Four of the validators are operated by Sky Mavis, meaning that in the event of a security vulnerability, only one more signature was needed to control the network. The attacker was able to gain access to the additional validator thanks to an agreement between Sky Mavis and Axie DAO in November last year.
Like any technology, blockchain interoperability has lights and shadows.
As more interconnections develop, we will surely see more problems, and more hacks, but we will also see more adoption and increased cross-activity between blockchains, synergistically enhancing the cryptoeconomy ecosystem.
It is not possible for me to think that interoperability is an exception in the ecosystem, although the connection between networks will not be total, the variety will mean that a few blockchains that cross tokens and information will be enough to consider interoperability fulfilled.
The cost-benefit ratio is the lights and shadows, since in order to clearly see the benefits, the lights, we must understand the darkness of the risks, the shadows.