Cross chain security part 1— A framework for understanding cross-chain systems

Designing cross chain apps was so much easier before

Breaking cross-chain protocols into layers

Sergey has proposed breaking cross-chain systems into stack components. This allows us to better understand the services they provide and evaluate the security of those services:

Base layer

Infrastructure installed on source and destination chains for cross-chain read/write. This maintains state, and accesses it for cross-chain messages. E.g., gateway smart contracts, light clients, home and replica, IBC module, Bitcoin accounts.

Auth layer

Protocol-level logic that utilises the security of the base layer to verify messages from other consensus environments. e.g. Light client verification, block header & tx proof verification, multi-party crypto, merkle root proofs.

Transport layer

Logic that defines message routes and delivery rules through blockchain modules and between blockchains. e.g. Relaying logic.

Interface layer

Message format standard. e.g. Smart contract or protocol-level interfaces that define the shape of message data.

Cross-chain security principles

In order to apply this framework to a discussion of cross-chain security, I’ve developed a few cross-chain security principles/metaphors that relate universally to various cross-chain architectures.

Cross-chain read/write

I use read/write in cross-chain to mean reading or writing State AND Security from/to another chain. “Write” in this case really means you’re giving a destination chain the ability to securely read your own state. That is, be able to verify state came from you.

Consensus overlap

In order to share state between two consensus environments and preserve security, there needs to be an overlap of the consensus of the two networks, like a multidimensional Venn diagram. This comes in the form of many-to-many validator sets, optimistic protocols, light clients, multi-party crypto, etc.

One quirk of cross-chain security

Obscured economic risk

A key difference in cross-chain security compared to single-chains is the difference in economic security assumptions.

Impossibility of social roll-backs

Unless you get agreement from all the chains involved in an attack to roll back together, it’s unlikely you can fall back to social policing to secure a network which was subject to a cross-chain hack. Ethereum isn’t going to roll-back its chain just because some silly people on Wormhole lost some ETH!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cross chain desperado loose in the wireld