Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Count of Monte Crypto: Accounting-based Defenses for Cross-Chain Bridges

Enze Liu, Elisa Luo, Jian Chen Yan, Katherine Izhikevich, Stewart Grant, Deian Stefan, Geoffrey M Voelker, Stefan Savage

TL;DR

This paper empirically analyze 10 million transactions used by key bridges during this period and shows that a simple invariant that balances cross-chain inflows and outflows is compatible with legitimate use, yet precisely identifies every known attack (and several likely attacks) in this data.

Abstract

Between 2021 and 2023, crypto assets valued at over \$US2.6 billion were stolen via attacks on "bridges" -- decentralized services designed to allow inter-blockchain exchange. While the individual exploits in each attack vary, a single design flaw underlies them all: the lack of end-to-end value accounting in cross-chain transactions. In this paper, we empirically analyze 10 million transactions used by key bridges during this period. We show that a simple invariant that balances cross-chain inflows and outflows is compatible with legitimate use, yet precisely identifies every known attack (and several likely attacks) in this data. Further, we show that this approach is not only sufficient for post-hoc audits, but can be implemented in-line in existing bridge designs to provide generic protection against a broad array of bridge vulnerabilities.

Count of Monte Crypto: Accounting-based Defenses for Cross-Chain Bridges

TL;DR

This paper empirically analyze 10 million transactions used by key bridges during this period and shows that a simple invariant that balances cross-chain inflows and outflows is compatible with legitimate use, yet precisely identifies every known attack (and several likely attacks) in this data.

Abstract

Between 2021 and 2023, crypto assets valued at over \$US2.6 billion were stolen via attacks on "bridges" -- decentralized services designed to allow inter-blockchain exchange. While the individual exploits in each attack vary, a single design flaw underlies them all: the lack of end-to-end value accounting in cross-chain transactions. In this paper, we empirically analyze 10 million transactions used by key bridges during this period. We show that a simple invariant that balances cross-chain inflows and outflows is compatible with legitimate use, yet precisely identifies every known attack (and several likely attacks) in this data. Further, we show that this approach is not only sufficient for post-hoc audits, but can be implemented in-line in existing bridge designs to provide generic protection against a broad array of bridge vulnerabilities.
Paper Structure (40 sections, 7 figures, 3 tables)

This paper contains 40 sections, 7 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Smart-contract Blockchains
  4. ERC-20 Tokens
  5. Cross-Chain Token Bridges
  6. How Bridges Collapse
  7. Approach
  8. Identifying Bridge Transactions
  9. Identifying the Value Transferred
  10. Checking the Balance Invariant
  11. Retrospective Analysis
  12. Data Set
  13. Analysis
  14. Reported
  15. Other Violating Transactions
  16. ...and 25 more sections

Figures (7)

  • Figure 1: Cross-chain token bridging and the different steps attackers can exploit to withdraw unbacked deposits.
  • Figure 2: Simplified USDC ERC-20 Token Contract.
  • Figure 3: Event Emitted by an ERC-20 Token (USDC).
  • Figure 4: Total Inflow (on Ethereum) - Total Outflow (on Solana) Over Time: Wormhole Attack in Feb 2022.
  • Figure 5: The lifetime of the bridges in our retrospective study. Lines start with the bridge's first valid transaction and end with the last valid transaction in our data, corresponding to the bridge's closure or November 2023 if the bridge was still operating at the end of our data set. Diamonds indicate the dates of attack.
  • ...and 2 more figures