SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations
- URL: http://arxiv.org/abs/2403.00405v1
- Date: Fri, 1 Mar 2024 09:50:56 GMT
- Title: SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations
- Authors: Jakob Svennevik Notland, Jinguye Li, Mariusz Nowostawski, Peter Halland Haro,
- Abstract summary: Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains.
In contrast to the underlying blockchains, the bridges often provide inferior security guarantees.
We have analysed 60 different bridges and 34 bridge exploits in the last three years.
- Score: 2.490441444378203
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how different architectures and their components are related to different vulnerabilities. Throughout this study, we have analysed 60 different bridges and 34 bridge exploits in the last three years (2021-2023). Our analyses identified 13 architectural components of the bridges. We linked the components to eight types of vulnerabilities, also called design flaws. We identified prevention measures and proposed 11 impact reduction measures based on the existing and possible countermeasures to address the imminent exploits of the design flaws. The results are meant to be used as guidelines for designing and implementing secure cross-chain bridge architectures, preventing design flaws, and mitigating the negative impacts of exploits.
Related papers
- Safeguarding Blockchain Ecosystem: Understanding and Detecting Attack Transactions on Cross-chain Bridges [3.07869141026886]
Attacks on cross-chain bridges have resulted in losses of nearly 4.3 billion dollars since 2021.
This paper collects the largest number of cross-chain bridge attack incidents to date, including 49 attacks that occurred between June 2021 and September 2024.
We propose the BridgeGuard tool to detect attacks against cross-chain business logic.
arXiv Detail & Related papers (2024-10-18T14:25:05Z) - XChainWatcher: Monitoring and Identifying Attacks in Cross-Chain Bridges [3.893704673350463]
We propose XChainWatcher, the first mechanism for monitoring bridges and detecting attacks against them.
XChainWatcher relies on a cross-chain model powered by a Datalog engine, designed to be pluggable into any cross-chain bridge.
We provide the first open-source dataset of 81,000 cctxs across three blockchains, capturing more than $4.2B in token transfers.
arXiv Detail & Related papers (2024-10-02T20:49:24Z) - Count of Monte Crypto: Accounting-based Defenses for Cross-Chain Bridges [6.96405583604427]
Between 2021 and 2023, crypto assets valued at over $US2.6 billion were stolen via attacks on "bridges"
In this paper, we empirically analyze 10 million transactions used by key bridges during this period.
We show that a simple invariant that balances cross-chain inflows and outflows is compatible with legitimate use, yet precisely identifies every known attack.
arXiv Detail & Related papers (2024-10-01T22:33:03Z) - SoK: Security of Cross-chain Bridges: Attack Surfaces, Defenses, and Open Problems [43.80265187232706]
Cross-chain bridges are used to facilitate token and data exchanges across blockchains.
Although bridges are becoming increasingly popular, they are still in their infancy and have been attacked multiple times recently.
This paper analyzes the security landscape of cross-chain bridges in a holistic manner.
arXiv Detail & Related papers (2023-12-19T20:13:21Z) - G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks
through Attributed Client Graph Clustering [116.4277292854053]
Federated Learning (FL) offers collaborative model training without data sharing.
FL is vulnerable to backdoor attacks, where poisoned model weights lead to compromised system integrity.
We present G$2$uardFL, a protective framework that reinterprets the identification of malicious clients as an attributed graph clustering problem.
arXiv Detail & Related papers (2023-06-08T07:15:04Z) - Quantization Aware Attack: Enhancing Transferable Adversarial Attacks by Model Quantization [57.87950229651958]
Quantized neural networks (QNNs) have received increasing attention in resource-constrained scenarios due to their exceptional generalizability.
Previous studies claim that transferability is difficult to achieve across QNNs with different bitwidths.
We propose textitquantization aware attack (QAA) which fine-tunes a QNN substitute model with a multiple-bitwidth training objective.
arXiv Detail & Related papers (2023-05-10T03:46:53Z) - Reducing the Price of Stable Cable Stayed Bridges with CMA-ES [0.2883903547507341]
CMA-ES is a better option for finding good solutions in the search space, beating the baseline with the same amount of evaluations.
In concrete, the CMA-ES approach is able to design bridges that are cheaper and structurally safe.
arXiv Detail & Related papers (2023-04-02T22:14:36Z) - Exploring the Relationship between Architecture and Adversarially Robust
Generalization [110.00366382964472]
Adversarial training is one of the most effective remedies for defending adversarial examples.
It often suffers from the huge robustness generalization gap on unseen testing adversaries.
This paper tries to bridge the gap by systematically examining the most representative architectures.
arXiv Detail & Related papers (2022-09-28T13:55:28Z) - On the interplay of adversarial robustness and architecture components:
patches, convolution and attention [65.20660287833537]
We study the effect of adversarial training on the interpretability of the learnt features and robustness to unseen threat models.
An ablation from ResNet to ConvNeXt reveals key architectural changes leading to almost $10%$ higher $ell_infty$-robustness.
arXiv Detail & Related papers (2022-09-14T22:02:32Z) - Poison Ink: Robust and Invisible Backdoor Attack [122.49388230821654]
We propose a robust and invisible backdoor attack called Poison Ink''
Concretely, we first leverage the image structures as target poisoning areas, and fill them with poison ink (information) to generate the trigger pattern.
Compared to existing popular backdoor attack methods, Poison Ink outperforms both in stealthiness and robustness.
arXiv Detail & Related papers (2021-08-05T09:52:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.