By Dr. Andreas Freund (Co-Chair) on behalf of the EEA Community Projects L2 Standards Working Group

We live in a multi-chain world, with billions of USD in asset value locked in 100+ chains. And the owners of those blockchain assets behave just like they would with assets in traditional finance: they are looking for arbitrage opportunities to make money. However, in contrast to the world of traditional finance where assets in one country can be utilized in arbitrage plays in another country without moving assets by using trusted intermediaries, the same approach did not work for blockchains for a long time for three reasons:

  1. blockchains cannot talk to one another,
  2. arbitrage plays on a particular blockchain require that all involved assets are present on that blockchain because of the trustless nature of public blockchains, 
  3. and there was no equivalent to the trusted intermediary as in traditional finance between trustless blockchains.

To solve the problem of capital inefficiency on blockchains, and make money in the process, enterprising individuals created blockchain bridges that addressed those three challenges and started to link the blockchain ecosystem together – yes, you can now trade bitcoin on Ethereum. Of course, bridges can be used for other types of functionality too; however, the primary function is to improve capital efficiency. 

What is a Blockchain Bridge?

At a high level, a blockchain bridge connects two blockchains facilitating secure and verifiable communication between those blockchains through the transfer of information and/or assets.

This allows for a multitude of opportunities such as

  • cross-chain transfer of assets,
  • new decentralized applications (dApps), and platforms that allow users to access the strengths of various blockchains – thus enhancing their capabilities,
  • and developers from different blockchain ecosystems can collaborate and build new solutions.

There are two basic types of bridges:

Trusted Bridges Trustless Bridges
Depend upon a central entity or system for their operations. Operate using decentralized systems such as smart contracts with embedded algorithms.
Trust assumptions concerning funding custody and bridge security. Users mostly rely on the bridge operator’s reputation. The security of the bridge is the same as that of the underlying blockchain.
Users need to give up control of their crypto assets. Enable users to remain in control of their funds through smart contracts.

Within both sets of trust assumptions one can distinguish different, common types of bridge designs:

  • Lock, mint, and burn token bridges: Instant guaranteed finality as minting assets on the destination blockchain can occur whenever required without the possibility of a failed transaction. Users receive a synthetic, often called a wrapped asset, on the destination blockchain, not the native asset.
  • Liquidity networks with pools of native assets with unified liquidity: A single asset pool on one blockchain is connected with additional asset pools on other blockchains with shared access to one another’s liquidity. This approach does not enable instant, guaranteed finality since transactions can fail if there is a lack of liquidity in the shared pools.

However, all designs, and under whatever trust assumptions, have to address two trilemmas that blockchain bridges face.

Bridging Trilemma as posited by Ryan Zarick, Stargate

Bridging protocols may only have two of the three properties below:

  • Instant Guaranteed Finality: Guarantee to receive assets on the target blockchain immediately after transaction execution on the source blockchain and transaction finality on the target blockchain.
  • Unified Liquidity: Single liquidity pool for all assets between source and target blockchains.
  • Native Assets: Receive target blockchain assets instead of assets minted by the bridge representing the original asset on the source blockchain.

Interoperability Trilemma as posited by Arjun Bhuptani, Connext

Interoperability protocols may only have two of the three properties below:

  • Trustlessness: Same security assurances as the underlying blockchain without new trust assumptions.
  • Extensibility: Ability to connect different blockchains.
  • Generalizability: Allows for arbitrary data messaging

Besides the trilemmas which can be addressed with clever design, the biggest challenge for blockchain bridges is security as the many hacks in 2021 and 2022 have demonstrated; be it the Wormhole, Ronin, Harmony, or Nomad incidents. And fundamentally, a bridge between blockchains is only as secure as the least secure blockchain used in the (chain of) bridge(s) for an asset. However, this latter issue is not a problem for bridges between Layer 2 platforms that are anchored on the same Layer 1 (L1) blockchain as they share the same security guarantees from their shared L1 blockchain. 

Why are Bridges important for L2s?

Until this point, we have not specifically talked about L2 platforms that are designed to scale L1 blockchains while inheriting the L1 security guarantees, since L2s are strictly speaking a particular type of bridge: a native bridge. There are, however, several idiosyncrasies of L2 platforms when creating a bridge between L2s e.g. optimistic rollups vs. zk-rollups vs Validium rollups vs Volition rollups. These differences make them special because of the difference in trust assumptions and finality for L2s versus L1s and between different L2s.

The reason why bridges between L2s are important is the same as for L1s: L2 assets are looking for capital efficiency on other L2s, as well as portability and other functionalities.

The difference in native trust assumptions on L2 platforms can be overcome if bridged L2s are, as remarked already, anchored on the same L1. And that the bridge does not require additional trust assumptions. However, differences in L2 transaction finality on the anchor L1 make it challenging to bridge assets between L2s in a trust-minimized manner. 

Type of L2 Bridges: An Overview

Digging a bit deeper into L2 bridges, we see that L2-to-L2 bridges ideally should satisfy the following criteria:

  • Clients must be abstracted away from each L2 protocol they interface with through an abstraction layer – loose-coupling paradigm.
  • Clients must be able to verify that the data returned from the abstraction layer is valid, ideally without changing the trust model beyond the one used by the targeted L2 protocol.
  • No structural/protocol changes are required from the interfacing L2 protocol.
  • Third parties must be able to independently build an interface to a targeted L2 protocol – ideally a standardized interface.

When looking at the current landscape, one sees most L2 bridges are treating L2s just like another blockchain. Note that fraud proofs as used in Optimistic rollups, and validity proofs as used in zk-rollups solutions, take the place of block headers and Merkle proofs as used in “normal” L1-to-L1 bridges.

The current L2 Bridges Landscape

Below we summarize the current and very varied landscape of L2 bridges with a name, brief summary, and bridge design type:

Bridge Name Description Type of Design
Hop Exchange Rollup-to-rollup general token bridge. It allows users to send tokens from one rollup to another almost immediately without having to wait for the rollup’s challenge period. https://hop.exchange/whitepaper.pdf Liquidity Network (using an Automated Market Maker)
Stargate Composable native asset bridge, and dApp built on LayerZero. DeFi users can swap native assets cross-chain on Stargate within a single transaction. Applications compose Stargate to create native cross-chain transactions at the application level. These cross-chain swaps are supported by the community-owned Stargate unified liquidity pools. https://www.dropbox.com/s/gf3606jedromp61/Delta-Solving.The.Bridging-Trilemma.pdf?dl=0 Liquidity Network
Synapse Protocol A token bridge leveraging a validator between chains and liquidity pools to perform cross-chain and same-chain swaps. Hybrid (Token Bridge/Liquidity Network)
Across A cross-chain optimistic bridge that uses actors called Relayers to fulfill user transfer requests on the destination chain. Relayers are later reimbursed by providing proof of their action to an Optimistic Oracle on Ethereum. The architecture leverages a single liquidity pool on Ethereum and separate deposit/reimburse pools on destination chains that are rebalanced using canonical bridges. Liquidity Network
Beamer Enables users to move tokens from one rollup to another. The user requests a transfer by providing tokens on the source rollup. Liquidity providers then fill the request and directly send tokens to the user on the target rollup. The core focus of the protocol is to be as easy to use as possible for the end user. This is achieved by separating two different concerns: the service provided to the end user, and the reclaiming of funds by the liquidity provider. The service is provided optimistically as soon as the request arrives. Being refunded on the source roll-up is secured by its own mechanism and decoupled from the actual service. Liquidity Network
Biconomy Hyphen Multi-chain relayer network utilizing smart contract-based wallets for users to interact with liquidity providers to transfer tokens between different (optimistic) L2 networks. Liquidity Network
Bungee The bridge is built on the Socket infrastructure and SDK with the Socket Liquidity Layer (SLL) as its main component. The SLL aggregates liquidity across multiple bridges and DEXs and also allows for P2P settlements. This is different from a Liquidity Pool network since this single meta-bridge allows dynamical selection and routing of funds via the best bridge as per a user’s preferences such as cost, latency, or security.  Liquidity Pool Aggregator
Celer cBridge A decentralized and non-custodial asset bridge that supports 110+ tokens across 30+ blockchains and layer-2 rollups. It is built on top of the Celer Inter-chain Message Framework which is built on the Celer State Guardian Network (SGN). The SGN is a Proof-of-Stake (PoS) blockchain built on Tendermint that serves as the message router between different blockchains. Liquidity Network
Connext Dispatches and handles messages related to sending funds across chains. Custodies funds for canonical assets, fast liquidity, and stable swaps. The Connext contract uses the Diamond pattern so it comprises a set of Facets that act as logical boundaries for groups of functions. Facets share contract storage and can be upgraded separately. Hybrid (Token Bridge/Liquidity Network)
Elk Finance Uses ElkNet with features such as 

  • Cross-chain utility token for value transfer ($ELK)
  • Safe and secure transfers compared to traditional bridges
  • Cross-chain value transfer via ElkNet in seconds between all the blockchains Elk supports
  • Bridging-as-a-Service (BaaS) to provide infrastructure for developers to leverage the ElkNet for custom bridging solutions
  • Cross-chain swaps between all connected blockchains
  • Impermanent Loss Protection (ILP) for our liquidity providers
  • Non-Fungible Tokens (Moose NFTs) with unique abilities and features
Hybrid (Token Bridge/Liquidity Network)
LI.FI A bridge and DEX aggregator that routes any asset on any chain to the desired asset on the desired chain made available on the API/Contract level through an SDK, or as an embeddable widget in a dApp  Liquidity Pool Aggregator
LayerSwap Bridge for tokens from a centralized exchange account directly to a Layer 2 network (both optimistic and zk- rollups) with low fees. Liquidity Network (using an Automated Market Maker)
Meson An atomic swap application using Hash Time Lock Contracts (HTLC) using secure communications between users combined with a liquidity provider relayer network for the supported tokens. Liquidity Network
O3 Swap The O3 cross-chain mechanisms of Swap and Bridge aggregating multiple liquidity pools across chains allow for simple one-time confirmation transactions with a planned Gas Station solving the gas fee demand on each chain. Liquidity Pool Aggregator
Orbiter A decentralized cross-rollup bridge for transferring Ethereum-native assets. The system has two roles: Sender and Maker. The ‘Maker’ is required to deposit excess margin to Orbiter’s contract before they can qualify to be a cross-rollup service provider to the ‘Sender’. In the usual process, the ‘Sender’ sends assets to the ‘Maker’ on the ‘Source Network’, and the ‘Maker’ sends them back to the ‘Sender’ on the ‘Destination Network’. Liquidity Network
Poly Network Allows users to transfer assets between different blockchains using a Lock-Mint swap. It uses a PolyNetwork chain to verify and coordinate message passing between Relayers on supported chains. Each chain has a set of Relayers, while the PolyNetwork chain has a set of Keepers that sign cross-chain messages. Chains integrated with Poly Bridge need to support light client verification since validation of cross-chain messages includes verifying block headers and transactions via Merkle proofs. Some of the smart contracts used by the bridge infrastructure are not verified on Etherscan. Token Bridge
Voyager (Router Protocol) The Router Protocol uses a pathfinder algorithm to find the most optimal route to move assets from the source chain to the destination chain utilizing the Router network which is similar to Cosmos’ IBC. Liquidity Network
Umbria Network Umbria has three major protocols working together:

  • A Cross-chain Asset Bridge; enabling the transfer of assets between otherwise incompatible blockchains and cryptocurrency networks.
  • A Staking Pool, where users can earn interest on their crypto-assets by providing liquidity to the bridge. Liquidity providers of UMBR earn 60% of all fees generated by the bridge.
  • A Decentralised Exchange (DEX); and automated liquidity protocol powered by a constant product formula, deployed using smart contracts, governed entirely on-chain.

Both protocols work in tandem to provide asset migration between cryptocurrency networks

Liquidity Network (using an Automated Market Maker)
Via Protocol The protocol is an aggregator of chains, DEXs, and bridges to optimize asset transfer routes. This allows asset bridging in three ways:

  • Make multiple transactions on different blockchains
  • Make one transaction through decentralized bridges that have integrated DEXs
  • Make one transaction through semi-centralized bridges, which will trigger a second transaction on the target chain
Hybrid (Token Bridge/Liquidity Network)
Multichain Multichain is an externally validated bridge. It uses a network of nodes running SMPC (Secure Multi-Party Computation) protocol. It supports dozens of blockchains and thousands of tokens with both Token Bridge and Liquidity Network. Hybrid (Token Bridge/Liquidity Network
Orbit Bridge Orbit Bridge is part of the Orbit Chain project. It is a cross-chain bridge that allows users to transfer tokens between supported blockchains. Tokens are deposited on the source chain and “representation tokens” are minted on the destination chain. Deposited tokens are not precisely locked and can be used in DeFi protocols by Orbit Farm. Accrued interest is not passed directly to token depositors. Bridge contract implementation and farm contract source code are not verified on Etherscan. Token Bridge
Portal (Wormhole) Portal Token Bridge is built on top of Wormhole, which is a message-passing protocol that leverages a specialized network of nodes to perform cross-chain communication. Token Bridge
Satellite (Axelar) Satellite is a token bridge powered by the Axelar network Liquidity Network

The L2Beat project maintains an active list of bridges relevant to L2s with the Total-Value-Locked (TVL) in the bridge as well as a description and brief risk assessment, if available.

L2 Bridges Risk Profiles

Lastly, when users utilize L2 Bridges, in fact, any bridge, care needs to be taken, and the following risks need to be evaluated for a given bridge:

Loss of Funds

  • Oracles, relayers, or validators collude to submit fraudulent proofs (e,g, block hash, block header, Merkle proof, Fraud proof, Validity proof) and/or relay fraudulent transfers that are not mitigated
  • Validator/Relayer private keys are compromised 
  • Validators maliciously mint new tokens
  • False claims are not disputed in time (optimistic messaging protocols)
  • A destination blockchain reorganization occurs after optimistic oracle/relayer dispute time passes (optimistic messaging protocols).
  • Source code of unverified contracts involved in or used by a protocol contains malicious code or functionality that can be abused by a contract owner/administrator
  • Token Bridge owners behave maliciously, or initiate time-sensitive emergency actions that impact user funds, and do not properly communicate to the user base
  • Protocol contract(s) paused (if functionality exists)
  • Protocol contract(s) receive a malicious code update

Freezing of Funds

  • Relayers/Liquidity Providers do not act on user transactions (messages)
  • Protocol contract(s) paused (if functionality exists)
  • Protocol contract(s) receive a malicious code update
  • Insufficient liquidity in the target token on the bridge

Censoring Users

  • Oracles or relayers on either destination or target L2s or both fail to facilitate a transfer (message)
  • Protocol contract(s) paused (if functionality exists)

While this list is not exhaustive, it gives a good overview of the current risks associated in using bridges.

There are new developments underway using zero-knowledge-proof (zkp) technologies designed to mitigate some of the above risk factors and address the two bridge trilemmas. In particular, the use of zkps allows for the following bridge design characteristics:

  • Trustless and Secure because the correctness of block headers on the source and target blockchains can be proven by zk-SNARKs which are verifiable on EVM-compatible blockchains. Hence, no external trust assumptions are required, assuming the source and target blockchains and the utilized light-client protocols are secure and we have 1-of-N honest nodes in the relay network.
  • Permissionless and Decentralized because anyone can join the bridges’ relay network, and PoS-style or similar validation schemes are not needed 
  • Extensible because applications can retrieve zkp-verified block headers, and execute application-specific verification and functionality 
  • Efficient because of new, optimized proof schemes with short proof generation and fast proof verification times

Albeit early, these types of developments promise to accelerate the maturation and security of the bridge ecosystem.

Summary

We can summarize the above discussion and overview of L2 Bridges as follows:

  • L2 Bridges are an important glue of the L2 ecosystem to further L2 interoperability and efficient use of assets and applications across the ecosystem. 
  • L2 bridges used on L2s anchored on the same L1, such as Ethereum Mainnet, are safer than bridges between L1s – assuming the source code is safe, which is often a big if.
  • As with all distributed system architectures, there are significant tradeoffs to be made, as expressed in the two posited Trilemmas – Bridging Trilemma and Interoperability Trilemma.
  • L2 Bridges have very different trust assumptions, e.g., trusted vs. trustless bridges, and very different design choices, e.g., lock-mint-burn vs. liquidity networks.  
  • The L2 Bridges ecosystem is still nascent and in a state of flux.
  • Users are advised to do their due diligence to assess which L2 bridges offer the best risk-reward profile for their needs.
  • There are new developments underway using recent zkp-technologies that are effectively addressing the two bridge trilemmas, and help to increase the security of bridges overall.

While still early in the journey towards a standardized L2 interoperability framework, these are important developments, and need to be taken seriously as any one of those projects might become “THE” bridge framework – it is not yet VHS vs Betamax, but we are getting there.

The L2 WG would like to gratefully acknowledge Tas Dienes (Ethereum Foundation), Daniel Goldman (Offchain Labs), Bartek Kiepuszewski (L2Beat) for a careful reading of the manuscript and invaluable content suggestions.