A multi-chain future is an inevitability. In such a future, generalized messaging and bridge protocols become integral pieces of infrastructure; unfortunately, the security models underlying many of today’s interoperability platforms leave much to be desired.
The security models of most bridges today can be characterized in three ways:
- Locally verified — only parties involved in a given cross-chain interaction verify transactions
- Natively verified — all validators of the two blockchains involved in a transaction verify the message
- Externally verified — an external validator set is used to verify transactions between chains
Even with these three main archetypes for cross-chain verification, most bridges today still effectively operate as basic multi-sig consensus schemes in order to create a faster user experience. While these systems are useful for fast finality, that speed comes at a cost, exposing users to security threats. As espoused in the *Interoperability Trilemma,* certain tradeoffs are inherent in cross-chain communication. Trading security for speed has resulted in a multitude of bridge hacks totalling well over $500 million USD in cumulative funds lost.
Optimistic verification borrows from optimistic rollups in that transactions are assumed to be honest by default with a network of off-chain actors responsible for submitting fraud proofs during the course of an optimistic window to disallow any fraudulent transactions. This mechanism adds a significant layer of security to the network, making it far more costly for a bad actor to conduct an attack versus the existing M of N mechanism. Externally verified networks rely on an honest majority assumption whereas optimistic verification relies on a single honest verifier assumption. Optimistic verification just needs one honest guard to behave honestly for the system to remain secure. Rather than a bad actor needing to co-opt M number of validators, that actor would need to co-opt all N actors, and the cost to attack the network becomes unbounded as the number of N fraud watchers increases. Naturally, the added security requires a trade-off - here, latency.
There are four off-chain actors responsible for security of Synapse’s optimistic verification mechanism:
- Notary — responsible for signing merkle root on each supported chain and bonding SYN behind attestations
- Broadcaster — responsible for forwarding updates from home contracts to replica contracts
- Guard — responsible for observing cross-chain messages and submitting fraud proofs when detecting malicious state updates
- Executor — responsible for posting the final transaction once the latency window is completed