SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations
- URL: http://arxiv.org/abs/2403.00405v1
- Date: Fri, 1 Mar 2024 09:50:56 GMT
- Title: SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations
- Authors: Jakob Svennevik Notland, Jinguye Li, Mariusz Nowostawski, Peter Halland Haro,
- Abstract summary: Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains.
In contrast to the underlying blockchains, the bridges often provide inferior security guarantees.
We have analysed 60 different bridges and 34 bridge exploits in the last three years.
- Score: 2.490441444378203
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how different architectures and their components are related to different vulnerabilities. Throughout this study, we have analysed 60 different bridges and 34 bridge exploits in the last three years (2021-2023). Our analyses identified 13 architectural components of the bridges. We linked the components to eight types of vulnerabilities, also called design flaws. We identified prevention measures and proposed 11 impact reduction measures based on the existing and possible countermeasures to address the imminent exploits of the design flaws. The results are meant to be used as guidelines for designing and implementing secure cross-chain bridge architectures, preventing design flaws, and mitigating the negative impacts of exploits.
Related papers
- SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis [28.420618636956924]
Cross-chain bridge is a decentralized application for asset exchange across different blockchain platforms.
There are a number of recent security incidents with heavy financial losses caused by vulnerabilities in bridge smart contracts.
We propose SmartAxe, a new framework to identify vulnerabilities in cross-chain bridge smart contracts.
arXiv Detail & Related papers (2024-06-23T03:25:27Z) - Merkle Trees in Blockchain: A Study of Collision Probability and Security Implications [27.541105686358378]
This study delves into the security aspects of Merkle Trees, a fundamental component in blockchain architectures.
We critically examine the susceptibility of Merkle Trees to hash collisions, a potential vulnerability.
Our findings reveal a direct correlation between the increase in path length and the heightened probability of root collisions.
arXiv Detail & Related papers (2024-02-06T20:11:16Z) - SoK: Security of Cross-chain Bridges: Attack Surfaces, Defenses, and Open Problems [43.80265187232706]
Cross-chain bridges are used to facilitate token and data exchanges across blockchains.
Although bridges are becoming increasingly popular, they are still in their infancy and have been attacked multiple times recently.
This paper analyzes the security landscape of cross-chain bridges in a holistic manner.
arXiv Detail & Related papers (2023-12-19T20:13:21Z) - dacl10k: Benchmark for Semantic Bridge Damage Segmentation [0.0]
"dacl10k" is an exceptionally diverse RCD dataset for semantic segmentation comprising 9,920 images deriving from real-world bridge inspections.
"dacl10k" distinguishes 12 damage classes as well as 6 bridge components that play a key role in the building assessment and recommending actions.
arXiv Detail & Related papers (2023-09-01T13:46:24Z) - G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks
through Attributed Client Graph Clustering [116.4277292854053]
Federated Learning (FL) offers collaborative model training without data sharing.
FL is vulnerable to backdoor attacks, where poisoned model weights lead to compromised system integrity.
We present G$2$uardFL, a protective framework that reinterprets the identification of malicious clients as an attributed graph clustering problem.
arXiv Detail & Related papers (2023-06-08T07:15:04Z) - Quantization Aware Attack: Enhancing Transferable Adversarial Attacks by Model Quantization [57.87950229651958]
Quantized neural networks (QNNs) have received increasing attention in resource-constrained scenarios due to their exceptional generalizability.
Previous studies claim that transferability is difficult to achieve across QNNs with different bitwidths.
We propose textitquantization aware attack (QAA) which fine-tunes a QNN substitute model with a multiple-bitwidth training objective.
arXiv Detail & Related papers (2023-05-10T03:46:53Z) - Reducing the Price of Stable Cable Stayed Bridges with CMA-ES [0.2883903547507341]
CMA-ES is a better option for finding good solutions in the search space, beating the baseline with the same amount of evaluations.
In concrete, the CMA-ES approach is able to design bridges that are cheaper and structurally safe.
arXiv Detail & Related papers (2023-04-02T22:14:36Z) - Exploring the Relationship between Architecture and Adversarially Robust
Generalization [110.00366382964472]
Adversarial training is one of the most effective remedies for defending adversarial examples.
It often suffers from the huge robustness generalization gap on unseen testing adversaries.
This paper tries to bridge the gap by systematically examining the most representative architectures.
arXiv Detail & Related papers (2022-09-28T13:55:28Z) - On the interplay of adversarial robustness and architecture components:
patches, convolution and attention [65.20660287833537]
We study the effect of adversarial training on the interpretability of the learnt features and robustness to unseen threat models.
An ablation from ResNet to ConvNeXt reveals key architectural changes leading to almost $10%$ higher $ell_infty$-robustness.
arXiv Detail & Related papers (2022-09-14T22:02:32Z) - Poison Ink: Robust and Invisible Backdoor Attack [122.49388230821654]
We propose a robust and invisible backdoor attack called Poison Ink''
Concretely, we first leverage the image structures as target poisoning areas, and fill them with poison ink (information) to generate the trigger pattern.
Compared to existing popular backdoor attack methods, Poison Ink outperforms both in stealthiness and robustness.
arXiv Detail & Related papers (2021-08-05T09:52:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.