Rafael Belchior

and 4 more

Decentralized ledger technology (DLT) is becoming ubiquitous in today’s society.  After an initial grassroots adoption, enterprises embrace this technology, following the opportunity to expand to new businesses - the technology is maturing. However, organizations need to connect their existing systems and processes to blockchains (centralized - decentralized) securely and reliably, sometimes also implying to connect blockchains (decentralized - decentralized). This challenge is known as blockchain interoperability. Blockchain interoperability comes in three modes: data transfers, asset transfers, and asset exchanges. As blockchain interoperability is still maturing, there are many unsolved challenges across the different interoperability modes. In this \emph{position paper}, we illustrate the remaining challenges of interoperability, focusing on the systematic evaluation of interoperability mechanisms, based on the state of the art and our own experience. We first introduce the notion of cross-chain interoperability and cross-chain rules. Then, we present our survey and results. We ran an online survey comprised of 17 items targeting blockchain specialists. Our quantitative analysis shows that several interesting metrics can show promising directions to evaluate integration solutions systematically. Finally, building upon our study, we propose the blockchain interoperability evaluation framework, the first step to evaluate blockchain interoperability solutions systematically.

André Augusto

and 5 more

Recent years have witnessed significant advancements in cross-chain technology. However, the field faces two pressing challenges. On the one hand, hacks on cross-chain bridges have led to monetary losses of around 3.1 billion USD, highlighting flaws in security models governing interoperability mechanisms and the ineffectiveness of incident response frameworks. On the other hand, users and bridge operators experience restricted privacy, which broadens the potential attack surface.In this paper, we present the most comprehensive study to date on the security and privacy of blockchain interoperability. We employ a systematic literature review, yielding a corpus of 212 relevant documents, including 58 academic papers and 154 gray literature documents, out of a pool of 531 results. We systematically categorize 57 interoperability solutions based on a novel security and privacy taxonomy. Our dataset, comprising academic research, disclosures from bug bounty programs, and audit reports, exposes 45 cross-chain vulnerabilities, 25 theoretical attacks, and 93 mitigation strategies. Leveraging this data, we analyze 14 notable bridge hacks accounting for over 2.9 billion USD in losses, mapping them to the identified vulnerabilities.Our findings reveal that a substantial portion (65.8%) of stolen funds originates from projects secured by intermediary permissioned networks with unsecured cryptographic key operations. Privacy-wise, we demonstrate that achieving unlinkability in cross-chain transactions is contingent on the underlying ledgers providing some form of confidentiality. Our study offers critical insights into the security and privacy of cross-chain systems. We pinpoint promising future research directions, underscoring the urgency of enhancing security and privacy efforts in cross-chain technology. The identified improvements can mitigate the financial risks associated with bridge hacks, fostering user trust in the blockchain ecosystem and, consequently, wider adoption.

Rafael Belchior

and 5 more

The field of blockchain interoperability plays a pivotal role in blockchain adoption. Despite these advances, a notorious problem persists: the high number and success rate of attacks on blockchain bridges. We propose Harmonia, a framework for building robust, secure, efficient, and decentralized cross-chain applications. A main component of Harmonia is DendrETH, a decentralized and efficient zero-knowledge proof-based light client. DendrETH mitigates security problems by lowering the attack surface by relying on the properties of zero-knowledge proofs. The DendrETH instance of this paper is an improvement of Ethereum’s light client sync protocol that fixes critical security flaws. This light client protocol is implemented as a smart contract, allowing blockchains to read the state of the source blockchain in a trust-minimized way. Harmonia and DendrETH support several cross-chain use cases, such as secure cross-blockchain bridges (asset transfers) and smart contract migrations (data transfers), without a trusted operator. We implemented Harmonia in 9K lines of code. Our implementation is compatible with the Ethereum Virtual Machine (EVM) based chains and some non-EVM chains. Our experimental evaluation shows that Harmonia can generate light client updates with reasonable latency, costs (a dozen to a few thousand US dollars per year), and minimal storage requirements (around 4.5 MB per year). We also carried out experiments to evaluate the security of DendrETH. We provide an open-source implementation and reproducible environment for researchers and practitioners to replicate our results.

Rafael Belchior

and 4 more

Rafael Belchior

and 4 more