Lecture 16: Cross-Chain Bridges

Lecture 16: Cross-Chain Bridges
Instructor: Yu Feng, UCSB
CS190: Blockchain Programming and Applications
Lecture 16 — This lecture examines the interoperability trilemma and fragmented state of digital assets. We explore how specialized blockchains create isolated state machines, introduce bridges as the messaging layer, and study two concrete systems—Wormhole and Thorchain—to understand verification models, security assumptions, and the path toward cryptographic trustlessness.
The Siloed Nature of Distributed Ledgers
The Composability Paradox
Within Ethereum, DeFi primitives like AMMs and lending protocols interact atomically—the "Money Legos" effect. But this composability shatters at chain boundaries.
The EVM is introspective by design: it knows only its own state trie. No native opcode exists to query Bitcoin balances or Solana accounts.
The Bridge Imperative
Cross-chain bridges emerged as the TCP/IP layer of blockchain, facilitating billions in daily volume. Yet they remain the most fragile infrastructure component.
$2 billion lost to bridge exploits between 2021-2025, including Ronin ($625M), Poly Network ($611M), and Wormhole ($326M).
The Interoperability Trilemma
Like the classic Blockchain Trilemma, the Interoperability Trilemma suggests bridge protocols can optimize for only two of three properties:
Trustlessness
Security relies solely on underlying chains. No additional trust assumptions like external validators.
Extensibility
Easy deployment across heterogeneous domains—EVM to non-EVM chains like Solana, Bitcoin, or Move-based networks.
Generalizability
Handle arbitrary data passing—governance votes, oracle data, contract calls—not just token transfers.
Bridge designers face forced trade-offs: Natively Verified bridges (Cosmos IBC) achieve trustlessness but fail at extensibility. Externally Verified bridges (Wormhole, Ronin) gain extensibility but sacrifice trustlessness—leading to massive exploits.
Taxonomy of Cross-Chain Verification
Trusted Bridges (Externally Verified)
Third-party validators attest to state. Users deposit funds on source chain; off-chain Guardian network reaches consensus (e.g., 13/19 threshold); signatures verified on destination chain to release funds.
Pros: Cheap, fast, easy to implement
Cons: Massive central point of failure
Examples: Wormhole, Ronin, Multichain
Trustless Bridges (Natively Verified)
Destination chain runs a "light client" of source chain within smart contract logic, receiving block headers and Merkle proofs to mathematically verify consensus rules were followed.
Security Model
Ideally trustless—security equals underlying chains. No external trust assumptions.
Trade-offs
Computationally expensive and technically difficult. Verifying ZK-SNARKs or complex consensus costs prohibitive gas.
Examples
Cosmos IBC, Near Rainbow Bridge, various ZK-Bridge pilots.
Trust-Minimized Bridges (Liquidity Networks)
The Swap Model
Abandons "moving" assets via wrapped tokens. Instead: peer-to-peer swap model with liquidity pools on both chains.
User gives asset A to liquidity provider on source chain; provider gives asset B on destination chain. Atomicity via cryptographic locks (HTLCs) or economic incentives.
1
No Wrapped Assets
Eliminates de-pegging risk—only native assets.
2
Capital Inefficient
Requires massive liquidity on every connected chain.
Examples: Thorchain, Connext, Hop Protocol
Case Study I: Wormhole
The Trusted Architecture
Wormhole is a generic message-passing protocol serving as primary artery for cross-chain liquidity, especially between Ethereum and Solana ecosystems. Classified as Externally Verified, Lock-and-Mint protocol.
01
Guardian Network
19 institutional validators (Jump Crypto, Everstake, Chorus One) with 13/19 consensus threshold.
02
Proof-of-Authority
Assumes fewer than 13 major entities will collude to forge messages.
03
Design Priority
Optimizes for liveness and extensibility over trustlessness.
The Lifecycle of a Wormhole Message
Tracing a transfer of 100 USDC from Ethereum to Solana:
1
Emission (Source Chain)
User calls transfer() on Wormhole Core Contract. Contract locks 100 USDC in vault and emits event log.
2
Observation (Off-Chain)
19 Guardians constantly scan logs of all connected chains, detecting the Ethereum event.
3
Verification & Signing
Each Guardian waits for finality, then signs message hash with private key.
4
Aggregation
Service collects 13 valid signatures, packages into VAA (Verifiable Action Approval).
5
Relaying
Relayer retrieves VAA from public endpoint and submits transaction to Solana.
6
Execution (Destination)
Solana contract verifies 13 Guardian signatures, mints 100 Wormhole-Wrapped USDC to user wallet.
The 2022 Wormhole Hack
$326 Million Exploit
February 2022: Subtle implementation bug in trusted bridge led to catastrophic failure. The exploit occurred on Solana side through a sysvar bypass.
The Flaw
Wormhole contract checked signature validity but failed to verify the sysvar account address—like trusting a fake police officer without checking their badge.
The Attack
Hacker created fake account mimicking sysvar, populated with "Signature Verified" data. Contract accepted it, bypassing Guardian signature check entirely.
The Extraction
Attacker minted 120,000 Wormhole-Wrapped ETH on Solana without locking real ETH on Ethereum, then swapped and bridged back to drain legitimate vault.
The Bailout and Evolution
Jump Crypto Intervention
The hack left Wormhole insolvent—120,000 ETH gone, WeETH on Solana unbacked. In dramatic turn, Jump Crypto deposited 120,000 of their own ETH to recapitalize the bridge.
This highlighted Centralization Risk: bridge survived not through cryptographic resilience, but because a wealthy entity chose to save their ecosystem investment.
2025 ZK Roadmap
Aggressive pivot toward trust-minimization. Transitioning from Proof-of-Authority to Zero-Knowledge Verified model.
ZK-SNARKs mathematically attest that source chain consensus finalized specific block headers. Reduces trust from "Trust Jump Crypto" to "Trust ZK Circuit logic."
Wormhole's ZK Transformation
ZK Light Client
System generates ZK-SNARK proving source chain's consensus finalized specific block header—mathematical attestation replacing Guardian signatures.
Trustless Verification
Destination chain verifies ZK proof. Trust assumption shifts from institutional validators to ZK circuit logic and underlying consensus.
Strategic Partnerships
Partnered with hardware accelerators and ZK proving networks (Succinct, RISC Zero) to handle immense computational load.
Case Study II: Thorchain
The Trust-Minimized Architecture
Thorchain emerged with radically different philosophy: not a traditional bridge but a Decentralized Liquidity Network built on Cosmos SDK. Goal: facilitate Native Asset Swaps without creating wrapped tokens.
No Wrapped Assets
Send real BTC, receive real ETH. Protocol manages wallets on all connected chains—no IOUs created.
AMM Architecture
Every asset paired with RUNE token. BTC→ETH swap executes atomically: BTC→RUNE, then RUNE→ETH.
Bifrost and TSS Vaults
The Infrastructure Layer
Bifrost Protocol
The "eyes and hands" of THORNodes, connecting to external networks (Bitcoin, Ethereum, Dogecoin).
Observation: Scans external blockchains for transactions to Thorchain vaults
Consensus: 67% supermajority of nodes must agree they witnessed same transaction
Threshold Signatures (TSS)
Critical innovation using Gennaro-Goldfeder 2020 MPC protocol. Private key never exists in whole form—each node holds only mathematical "share."
Unlike Multi-Sig (13 distinct on-chain signatures), TSS uses Multi-Party Computation to generate single standard signature. To external blockchain, transaction looks like standard single-user wallet.
Vault Architecture Evolution
Asgard Vaults (Primary)
Massive treasuries containing bulk network liquidity. Controlled by large committee (20-40 nodes). Secure but slower (~20 seconds for TSS ceremony).
Yggdrasil Vaults (Legacy)
Formerly: smaller individual vaults for single nodes enabling instant signing. Now deprecated due to security complexities—modern Thorchain relies on optimized Asgard vaults.
Economic Security: Proof-of-Bond
Thorchain assumes validators are anonymous and profit-seeking. Security through Cryptoeconomic Guarantees.
3:1
Bond-to-Stake Ratio
For every $1 of asset (BTC) in vault, validators must collectively bond $3 worth of RUNE.
1.5x
Slashing Penalty
If node steals $1 from vault, protocol slashes 1.5x the theft value from their RUNE bond.
Rationality: Mathematically irrational to steal—attacker loses more value in RUNE than gained in stolen BTC. System automatically balances via Incentive Pendulum, shifting block rewards between Node Operators and Liquidity Providers to maintain optimal ratio.
Churning: Moving Target Defense
Static vaults act as stagnant "honey pots"—attackers have infinite time to identify nodes, attempt social engineering, or find exploits. Thorchain implements mandatory, periodic Churning.
Retirement & Selection
Old nodes rotated out to claim rewards; new nodes bonded and rotated in every few days.
KeyGen
New committee collaborates to generate completely new Asgard Vault key via TSS.
Migration
Old committee signs transaction moving all funds from old vault address to new vault address (visible on-chain).
Even if an attacker compromises a few nodes' key shares, those shares become useless within days when the vault moves.
Thorchain's 2021 Chaosnet Exploits
The "Fake Deposit" Attack
July 2021: ~$8 million lost to Logic Bugs in router code, not cryptographic failures.
Attacker sent transaction with msg.value of 0 ETH
Wrapped in contract sending "deposit event" claiming massive ETH deposit
Bifrost read event log but failed to cross-verify actual ETH transferred
Network credited fake ETH, immediately swapped for real assets and withdrawn
Resilient Recovery
Network demonstrated self-sovereignty by:
Halting network via consensus decision
Patching the bug
Covering losses from protocol treasury
No VC bailout required—reinforced ethos of decentralized network.
The Death Spiral Risk
Economic Security Failure Mode
Unlike Wormhole's binary security (signatures valid or invalid), Thorchain's security is linear and depends on RUNE price.
1
Normal State
Bond $300k > BTC $100k — Theft irrational
2
RUNE Crash
Bond falls to $60k while BTC stays $100k
3
Incentive Flip
Steal: $100k gain − $60k penalty = $40k profit
Black Swan Event
RUNE crashes 80% in an hour while Bitcoin remains stable. Bond value ($300k) drops to $60k, but Bitcoin value stays $100k.
Rational Theft
Now economically rational for validator to steal Bitcoin. Even with full bond slashing ($60k), net profit is $40k.
Safety Over Liveness
Network automatically pauses all outbound transactions. When users most want to bridge out, bridge must stop to prevent vault looting.
Comparative Analysis
Conclusion: The Path to Trustlessness
The journey from Trusted to Trustless bridging defines this crypto cycle's technical challenge.
Trusted Bridges
Act as efficient "Notaries"—fast and ubiquitous but custodial. 2022 Wormhole hack proved single code line can bypass prestigious validators.
Trust-Minimized Bridges
Act as "Sovereign Vaults"—true asset ownership but complex economic engineering. Vulnerable to market volatility unlike cryptographic models.
The Convergence
Lines blurring by late 2025. Wormhole adopting ZK Light Clients for trustless verification. Thorchain refocusing on DEX core competency.
Key Takeaway: Interoperability is not solved. It's a frontier where cryptography (ZK proofs, MPC), economics (game theory, bonding), and software engineering (smart contract security) collide. The secure bridge of the future will rely not on Guardian reputation nor volatile token prices, but on the absolute certainty of Zero-Knowledge mathematics.
REFERENCES
The Block. 2021. Thorchain suffers $5 million exploit, developers have put out a fix. https://www.theblock.co/post/111660/thorchain-suffers-5-million-exploit-developers-have-put-out-a-fix
Fox Business. 2022. Jump Trading replaces stolen Wormhole funds after $320M crypto hack. https://www.foxbusiness.com/markets/jump-trading-replaces-stolen-wormhole-funds-after-320m-crypto-hack
Vitalik Buterin. 2021. The Limits to Blockchain Scalability. https://vitalik.eth.limo/general/2021/05/23/scaling.html
Wormhole Docs. 2024. Guardian Network. https://wormhole.com/docs/protocol/infrastructure/guardians/
Interchain Foundation. 2025. The Inter-Blockchain Communication Protocol (IBC). https://cosmos.network/ibc
Rosario Gennaro and Steven Goldfeder. 2020. One Round Threshold ECDSA with Identifiable Abort. Cryptography ePrint Archive. Paper 2020/540. https://eprint.iacr.org/2020/540
Halborn. 2022. Explained: The Ronin Hack (March 2022). https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022
Halborn. 2022. Explained: The Wormhole Hack (February 2022). https://www.halborn.com/blog/post/explained-the-wormhole-hack-february-2022
L2BEAT. 2025. Total Value Secured by Bridges. https://l2beat.com/scaling/tvs
BBC News. 2021. Poly Network: Hackers steal $600m in major cryptocurrency heist. https://www.bbc.com/news/business-58163917
THORChain. 2025. Incentive Pendulum Documentation. https://dev.thorchain.org/concepts/incentive-pendulum.html
Wormhole. 2024. Announcing Wormhole's ZK Roadmap. https://wormhole.com/blog/announcing-wormholes-zk-roadmap