This article comes from DecentralisedThis article comes from

The Nomad cross-chain bridge was hacked for about $190 million. The Ronin hack also involved cross-chain bridges, involving an estimated $700 million. Obviously, before investing more money, we need better tools to evaluate whether the cross-chain bridge is both useful and reliable. This article will introduce the reliability scoring of cross-chain bridges from five dimensions, and finally attach the scoring results of 10 cross-chain bridges.

secondary title

Define an easy-to-use and reliable cross-chain bridge

1. We have summarized five important characteristics of cross-chain bridges:

2. Security: the security of the assets stored on the cross-chain bridge;

3. Performance: the model behind cross-chain bridge-related transactions;

4. Extractable value: possibility for a flashbot or other intermediary to extract part of the transaction;

5. Connectivity: the number of networks that the cross-chain bridge can connect to;

As far as we know, there are currently nearly 60 cross-chain bridges supporting digital assets. We may see more and more specialization. Some cross-chain bridges will optimize for speed, while others will focus on the various assets they support. The scoring framework for this article is quite broad, so some of your favorite cross-chain bridges may rank lower overall, even though they are the best for a certain characteristic. For readability, I have broken down the parameters of each section and given the maximum score an auditor can assign in a tabular format. We insist on using quantitative frameworks as much as possible, but given the nascent nature of the industry, some aspects are qualitative.

secondary title

1. Security

We divide security into four keys. The liveness hypothesis mainly examines the dispute time of cross-chain bridges for transactions that may be hacked. As far as banks are concerned, there is no written law on how long a bank needs to perform AML/KYC operations before a transaction needs to be released. Instead, smart contracts require predefined parameters.

Cross-chain bridges with longer disputes rank higher because users know that transactions can stall if validators on the network suspect that something is wrong. Recently, an attack on Synapse was flagged by validators on a cross-chain bridge, which eventually brought down the entire system. This helped the cross-chain bridge recover $8 million in losses overnight.The more than $600 million hack of the Ronin cross-chain bridge is one of the largest hacks in the industry. it involves usingA fake offer hacked into a senior engineer's computer, and copied 5 of the 11 authenticator keys

. The ideal cross-chain bridge is that verifiers cannot obtain user funds. The framework we use suggests that individual validators with access to tokens should be penalized, while those with validator status but no access to user funds would be ideal.

If a cross-chain bridge is indeed hacked, teams can usually reassure users in one of two ways. One is through cross-chain bridges (insured through DeFi insurance projects like Nexus Mutual), and the other is by issuing cross-chain bridge native tokens to users in proportion to the amount of funds they have.

Finally, under Security Measures, we observe the number of times bridges are audited and the motivation of hackers to notify bridges that they may have been compromised. Auditing by itself doesn't mean much. This is why we highlight the need for multiple audits and bounties. Bug bounties offered on public platforms like Immunefi are actually public calls for teams to have their own creations audited.

secondary title

2. Performance

For most cross-chain bridges we have observed, the cost of transacting USDC between networks is either fixed (about 1%) or free. Stable assets are often transferred across chains for yield farming. The cost of asset transfers involving cross-chain exchanges (involving automated market makers) increases exponentially. What does this mean? Let's say you're doing an Ethereum to USDC transfer on Optimism. The fees you pay grow exponentially with the size of the assets involved.

For pools that do not require rebalancing and provide fixed costs, we give 5 points, while for cross-chain bridges that do not provide jump transactions and charge high fees after a low threshold of $10,000, we will each give a -1 point penalty. Another factor to consider here is the time required for cross-chain bridges. Points will be deducted for cross-chain bridges that take more than 1 hour, and 5 points will be deducted for those that take less than 1 minute. Finally, it's worth noting that some L1s like Ethereum may be at a disadvantage here because blocks take longer to confirm during periods of high congestion.

secondary title

3. Extractable Value (MEV)

With MEV extraction, there is an added layer of cost for the end user. Again, this refers to the fact that individuals can make on-chain transactions in advance for a small profit. So far, around $180 million has been withdrawn as MEV revenue on the Ethereum-based index alone. One way we can quantify this metric is through the amount of capital withdrawn via MEV on cross-chain bridges.

However, the large number of MEVs pulled from the bridge may simply mean that it is a highly used platform. Therefore, a qualitative scale is given based on the difficulty of extracting value from cross-chain bridge transactions. Notably, bridges that interact with chains that do not have MEV by default are ranked higher here. Cross-chain bridges built on chains with high MEV may choose to use protection measures such as Cowswap-this is how DEX aggregators on Ethereum operate today.Depending on the level of scrutiny Tornado has received, we believe the cross-chain bridge will be at the center of future sanctions. Currently, sanctioning is done at the address level. In the future, we may see entire networks, especially those oriented towards privacy and shielding transactions, being blacklisted.

It is difficult to quantify censorship resistance on a scale (so the scores here are relative), with a maximum of 2 points for cross-chain bridges that do not allow and resist censorship.The last aspect we discuss is capital flows.We may see more and more cross-chain bridges optimized for lower capital requirements

On the other hand, cross-chain bridges like Hyphen and Hashflow have done billions of cross-chain jobs with only about 10 million capital required. In this case, the churn rate exceeds 100, indicating that the system can fully use the capital without leaving any capital idle. But, again, this metric is primitive, because depending on the audience for the asset, and the demand for it, oftentimes cross-chain bridges may default to owning the asset in slack.

secondary title

4. Connectivity

Connectivity refers to the permutations and combinations in which cross-chain bridges can interact with different networks. A domain is the layer or network over which assets move. Some cross-chain bridges have deep liquidity pools and focus only on EVM-based chains (ETH, Avax), while others optimize chain width. We rank native cross-chain bridges (such as those used by Polygon or Celo) lowest because they are generally geared toward inflowing liquidity and limit user choice.

In the early stages of cross-chain bridges, we often see large-scale transfers of specific assets. A good example of this is the transfer of Wrapped Bitcoins from Bitcoin to Ethereum. The next step involves support for L2 solutions such as Optimism. The amount of capital flow between Solana, Avalance, and ETH native L2 has greatly stimulated the flow of funds between them.In many cases, cross-chain bridges restrict the movement of assets based on their pool rebalancing mechanisms. The amount of capital in the TVL of the cross-chain bridge determines how assets flow. The current limiting factor is the effort required to rebalance pools across EVMs and tier types. Ideal cross-chain bridges instantly support the easy flow of assets across all domain types they support.

secondary title

5. Ability

We round off the scoring system with the supported asset types and number of assets. We emphasize ERC-20 support because there are currently a large number of DeFi and consumer applications built on Ethereum. However, the number of supported assets remains at 10. In my opinion, this is an arbitrary low number. For example, automated market makers like Pancake swap already support tens of thousands of assets for trading pairs. In contrast, it is still in the early stages of the evolution of cross-chain bridges.

secondary title

Summarize

Summarize

As it stands, this framework is a theoretical approach to evaluating cross-chain bridges. Its biggest flaw is that certain attributes are qualitative and require ratings from professionals. Just like smart contract audits, individual subjective opinions can be biased. It also brings relative "centralization" and incentive misalignment. We may go through many iterations before we have an ideal cross-chain bridge scoring framework.I do not recommend personally using this framework to evaluate cross-chain bridges.

Instead, I expect it to be used on standalone platforms such as DeFi Llama or L2Beat. Provide users with information in a quantitative way, rank cross-chain bridges, and at the same time help cross-chain bridges find out their shortcomings, and guide users to find better service providers.

We applied the scoring framework on 10 cross-chain bridges and evaluated the rankings. We give all cross-chain bridges a churn score of 3. This is bad for some cross-chain bridges that focus on capital efficiency, but we have to do this because all cross-chain bridges lack readily available data.In our framework, the assumed maximum score is 70. Among the cross-chain bridges we evaluated, the highest score was 52 points, and the road was obstructed and long.It is worth noting that the score itself does not quantify the quality of the cross-chain bridge. Depending on the user's use case and needs, a particular cross-chain bridge may be optimized for different parameters.