Yet another untimely death has come for us at TapiocaDAO to sadly announce the sudden passing of bridging. The following obituary provides context to what went wrong in bridging’s short but “eventful” life. Join us in remembrance and seeing what the future holds.
In July 2015, the genesis block of the Ethereum network occurred. DeFi’s “Big Bang” event if you will. Rune Christensen launched eDollar onto the Ethereum testnet in 2015 (later becoming MakerDAO), Stani Kulechov launched ETHLend (later known as AAVE) in 2017, and Robert Leshner launched Compound in 2019. At the beginning of 2020, DeFi’s TVL was $700m, a paltry sum compared to what it would soon capture. After Compound’s Liquidity Mining (RIP) program began, “DeFi Summer” of 2020 caught on, and the bull run began.
Money poured into DeFi markets from June to October 2020 as DeFi TVL exploded from $1 billion to $15 billion. From this rapid influx of users and liquidity, many new decentralized applications were launched on Ethereum. DeFi users were elated and blinded by the incredible wealth generation possible during the warm days of the DeFi summer. With massive amounts of users, developers, applications, and liquidity, what could go wrong?
Ethereum gas fees started to sharply increase significantly due to the stress the network was being put under. Slow transaction finality was also ever-present, taking several minutes to complete a single transaction (imagine a Google search taking 10 minutes). This was not just a minor nuisance- gas costs became so high it was prohibitively expensive for retail users to, well, use the network and the apps on them. The fee to complete a single swap on Uniswap for example cost nearly $200 USD. (A decent chunk of most middle-class paychecks to swap ETH for your favorite Safe-Baby-Doge-Inu token sound good?).
These soaring gas costs effectively blocked the entire retail market from interacting with DeFi. Whales were still quite content to continue utilizing DeFi apps to gain enormous profits during the legendary 2020 bull run.
Since gas fees were not calculated based on the size of the transaction, but rather a base cost to interact with the smart contract(s), whales were less affected by the rising transaction costs, and thus the retail market was made homeless in decentralized finance and begging for a place to sleep at night. Ethereum’s market share fell 30% in 2021 as a result. But to who?
There were many proposed solutions; Rollups, sidechains, flux capacitors breaking the time flux continuum, etc. One lone solution reigned supreme to save DeFi for retail: Binance Smart Chain.
Binance had already launched its own blockchain, Binance Chain. But their aim for Binance Chain was to create a high-speed blockchain that could support a large number of transactions. To achieve this, Binance Chain did not support 3rd party apps. Through seeing potential market share they could grab from Ethereum being on its back for the first time like Holyfield vs. Tyson (no ears were harmed in the creation of BSC), Binance decided to fork Ethereum with (essentially) a centralized set of validators- offering unparalleled speed and most importantly- near free gas costs.
BSC quickly not only overtook Ethereum in daily transaction counts but doubled it.
In a food-coin-fueled craze, retail users and developers set their sights on Binance Smart Chain (BSC). Due to BSC being a fork of Ethereum, it was easy for developers to move from developing on Ethereum to BSC, and thus they made the move. “They” in this case were several hundred thousand retail users.
BSC was quickly filled with copypasta (forks) of Ethereum applications. PancakeSwap, a fork of Uniswap, was a runaway train, dominating on-chain swaps of every shitcoin imaginable.
Strangely, forking Ethereum codebases and launching them without any care in the world like BSC developers were all in a carnival money booth trying to quickly nab every dollar didn’t work out so well.
PancakeBunny, Cream Finance, bEarn, Belt Finance, Bogged Finance, Uranium Finance, Meerkat Finance, Spartan Protocol, and BurgerSwap is just a small list of BSC forks that got rekt. These hacks weren’t small, there were billions of dollars lost due to low-effort forks filling the BSC ecosystem before the Ethereum dApps could scale to BSC to meet this burgeoning demand.
For example, dForce forked the Compound codebase and launched on BSC where it gained dozens of millions of dollars in liquidity before crashing and burning in a hack that lost $25,000,000 USD (oops). This was due to adding risky assets into the delicate Compound codebase which featured a unified liquidity pool. (who knew security and risk management were important!?)
Not only did users lose their funds through constant hacks and their (somewhat) seamless user experience on Ethereum, but Ethereum dApps also lost out on gaining deep liquidity and new users on the rapidly growing yellow chain. Liquidity also became fragmented between ETH and BSC. Mark Cuban even was rugged from a fork.
As retail quickly flocked to the Smart Chain, only comparable to James Marshall finding gold in California in 1848, another problem emerged- how do we get our funds onto BSC to buy
rugs highly profitable and well-crafted meme coins?
Even with BSC’s highly centralized network, and the infrastructure of the Binance CEX behind it, users leaving Ethereum’s gas-guzzling and slow infrastructure for brighter, food-coin-filled pastures quickly saw for themselves early on the need for cross-chain communication- being able to easily transport funds from one DeFi network to the other.
Even Binance wasn’t able to produce a secure way to transport funds, losing over half a billion USD in a hack of its “BSC Token Hub” in 2022. Bridge exploits account for ~50% of all DeFi exploits, totaling ~$2.5B in lost assets.
Here’s a short list of the happiness bridges gave us in their short lifespan(s):
BSC Bridge Hack: $568m - Bug in the way that the Binance Bridge verified proofs which allowed attackers to forge messages. Resulted in a hard fork of the chain.
Nomad Hack: $200m - Attackers bypassed the message verification process and drained the tokens from the bridge contract.
Harmony Bridge hack: $100m - Compromised private keys. (not your keys, not your crypto)
Ronin Bridge Hack: $650m - Compromised private keys.
Wormhole Bridge Hack: $325m - The attacker bypassed the “verify signature” with a malicious sysvar account that forged the message to mint the wETH on Solana. Therefore, the bridge minted wETH without an equivalent deposit on the Ethereum network.
Multichain (Anyswap) Bridge hack: $1.4m - A vulnerability in the code for the $ANY intermediary token’s contracts allowed an attacker to steal funds from users who had previously created approvals for them.
QBridge Hack: $80m - Bypassed the verification process by evading the bridge’s smart contract.
Polynetwork Bridge Hack: $600m - The hacker exploited a vulnerability in the way the bridge verified smart contracts. By changing a list of public keys to match their private keys, the hacker could reroute the funds to personal wallets.
THORChain Bridge Hack: $7.6m - Exploited a bug in Bifrost, THORChain’s Ethereum bridge via abusing an override loop (designed only to be used in a vault transfer incident).
Security was not the deceased’s only issue- bridging finality was also extremely poor, observable for example in Arbitrum and Optimism’s L1<>L2 bridge having a one-week withdrawal time when coming back to the Ethereum mainnet. Polygon’s bridge takes 30m to 3 hours to move funds between ETH and MATIC. Anyswap takes from 10 to 30 minutes.
While retail users saw the beginnings of the bridging trilemma when attempting to transport funds between ETH and BSC, the issue has remained a centerpiece of DeFi’s barriers to attaining mass adoption. The bridging trilemma involves finality, security, and composability.
Now that our multichain world has expanded far beyond just ETH and BSC- we now have 152 chains, and each chain is isolated, all the same, forcing users to operate within more and more walled ecosystems.
With VC’s patented “L1 Rotation Trade” only ensuring this fragmentation of user flow and liquidity will only become worse, what options do we have?
Ethereum>BSC>Polygon>Fantom>Avalanche>Solana>Aptos>To infinity, and beyond! (pls stop)
In order to understand the risks of wrapped tokens, first we need to understand what a wrapped asset is. A wrapped asset is a token that generally represents a crypto asset, and is (supposed to be) backed by the represented asset or assets of equal value. The backing asset is put in a vault called a “wrapper” (hence wrapped asset).
Many of us have interacted with Wrapped Bitcoin (wBTC) which was launched in June 2019, or wETH (Wrapped Ethereum) when using DeFi dApps. Many of us have used “USDC.e'' on Avalanche by using Avalanche’s bridge as just a few examples of wrapped assets.
The central problem with asset wrappers, taking USDC.e for example is this; imagine the smart contract controlling the assets on ETH is hacked and the funds are stolen. Now the wrapped assets on AVAX (USDC.e) have no value. You’ve just lost your funds to custody risk.
Connecting disparate chains adds many new layers of complexity. Every new network creates a new set of idiosyncrasies, mechanisms, and other nuances that developers need to contend with. Security concerns remain ever present, and dealing with additional smart contract deployments adds a mounting risk of getting rekt. This adds additional time and consideration even when taking an Ethereum application multichain to Binance Smart Chain, even with its basis being the Ethereum codebase. When you start thinking of even more disparate networks like Cosmos, Solana, and Aptos, things get even hairier. (Wouldn’t it be nice if we had a generalized messaging base layer to fix that…).
For example, SushiSwap exists on seventeen different networks with each deployment running in a walled garden. If Sushi wanted to sync states between their Ethereum smart contracts and all of their altchain deployments, they’d have to write code for every separate bridge that exists on each of these chains to interconnect them. The end result is dozens of separate sets of code (more risk), with unique interfaces and nuanced security properties. Since the ecosystem of bridges and new L1/L2s is constantly growing, this becomes an untenable proposition.
This is why (in my opinion) Sushi chose, like us, to utilize LayerZero. Which LayerZero you ask? Uh…
Firstly, what is LayerZero? Cosmos? Polkadot? Chainlink CCIP? Synapse? Hop? Router Protocol? Multichain.xyz? Hyperlane? A flying spaghetti monster?
While ‘layerzero’ can be interpreted in many different ways, a universal definition is: ‘A communication protocol, enabling smart contract execution across multiple chains, with one transaction from any one source chain enabling cross-chain functionality for dApps and (native) token bridging’.
Cosmos/Axelar: A “layer-zero,” sometimes referred to as the “internet of blockchains”. Cosmos is a cross-chain network that connects blockchains, utilizing IBC (Inter Blockchain Communication) built on Tendermint BFT to facilitate interoperability between networks. The major issue with Cosmos is it introduces an intermediary (think a middleman). Secondarily, IBC alone does not interconnect blockchains. They must first meet certain specifications surrounding their module system, consensus state introspection, etc.
Polkadot: A “layer-zero,” that utilizes two types of blockchains. The main network is called the relay chain, where transactions are permanent, and user-created networks are called parachains. Instead of IBC, Polkadot uses XCM, or “Cross-Consensus Messages,” that are executed in the XCVM, or the Cross-Consensus Virtual Machine. Polkadot again introduces a middle-man via the relay chain that also does not natively support the EVM or Ethereum Virtual Machine.
Multichain (Anyswap): Born Anyswap, Multichain is a cross-chain bridge enabling bi-directional token transfers. AnySwap relies on an intermediate token, ANY, based on Fusion distributed control rights management. Introducing an intermediate token introduces higher cost, slower finality, and security risk. Multichain was hacked for $3m.
Chainlink CCIP: Chainlink’s Cross-Chain Interoperability Protocol. Still unreleased, CCIP is admittedly very similar in nature to LayerZero. However, it does not feature the customizability or modularity of LayerZero. The security is monolithic to Chainlink- not allowing us to spin up custom relayers, or use outside oracles to Chainlink. Our vision is to continue Sushiswap Kashi’s multiple oracle vision. (Boring built this for a reason).
(note: these descriptions contain opinions that some may disagree with. please research these yourself.)
While there are even more “LayerZero’s” only one is live on mainnet that offers a truly lightweight, agnostic modular infrastructure, trustless generalized messaging layer (that’s what we want).
While some “omnichain” protocols have chosen to take the impractical path of trying to support all “LayerZero’s”, Tapioca has made a very calculated decision to only develop and support thee LayerZero.
Let’s first go over what this architecture entails:
LayerZero Endpoints exist on each (supported) chain. Any chain with a LayerZero endpoint can conduct cross-chain transactions involving any other chain with a LayerZero Endpoint. With a small amount of code, any chain can be supported.
ULN or Ultra Light Nodes allows lightweight cross-chain messaging with configurable trustlessness on the specification of Oracle and Relayer, the two roles that are relaying block information and transaction proof across chains. These on-chain assurances are facilitated by off-chain entities.
Relayer, or in our case, the Pearlayer will allow TAP to be staked in a DPoS (Delegated Proof-of-Stake) system allowing for token holders to delegate to validators who secure our cross-chain messaging system. If a validator tries to commit any harmful behavior, slashing will occur. Any Oracle can be used, but our configuration utilizes Chainlink. However, we do cross-check Chainlink with other data providers in a sanity check. Some controversy was created from LayerZero utilizing a DON (decentralized oracle network) “Industry TSS” of Polygon, Sequoia, and FTX. However, this is all meaningless to Tapioca due to the fortunately highly customizable nature of LayerZero.
Speaking of that customization, LayerZero even lets Tapioca decide on the rules and consensus required to approve cross-chain transactions, giving full control over our own security profile and level of decentralization. This gives us the ability to create our own relayer, with the aforementioned aptly badass name of Pearlayer (the Pearl Relayer).
To support a new chain, Tapioca does not need to deploy its core smart contracts to each chain. Instead, Tapioca only needs to deploy a proxy contract which is a lightweight contract used to send and receive messages from the newly supported chain to our host chain, which is an optimistic Ethereum roll-up**. This allows Tapioca to reunify liquidity, user flows, and greatly reduce infrastructure risk.**
To ensure valid delivery, the only requirement is that for any given message sent using the LayerZero protocol, the Oracle and Relayer must be independent of each other.
Let’s take for example a user who has requested to deposit MATIC on Polygon, to borrow usd0 on Arbitrum.
The user deposits $MATIC from Polygon, which is then passed to the Polygon LayerZero endpoint.
The endpoint sends information to the Pearlayer (Relayer) and Oracle (Chainlink) - both separate off-chain entities with almost no way for collusion to occur.
Chainlink confirms the block header.
Pearlayer confirms the transaction on Polygon.
Assuming everything is valid, the requested action (borrow usd0 on Arbitrum) is committed.
If there is any contention to the validity of the message between Pearlayer or Chainlink, the smart contract is paused and not committed on Arbitrum.
(Note: There are other security variables we have enacted, but this is a high-level overview).
You may say, “But there’s potential for collusion between Oracles and the Relayers!” Let’s take a look at an extreme case of Chainlink’s consensus being corrupted and Pearlayer colluding, and how other edgecases will get stopped in their tracks.
Precrime allows Tapioca to stop an exploit before it matters.
Due to LayerZero’s “Pre-Crime,” solution, Tapioca can run a defined set of assertions on a locally forked blockchain to verify that every cross-chain message being delivered will never result in a compromised state. If these assertions ever fail, Pearlayer will not deliver the message, preventing the attack and saving Tapioca from almost certain disaster.
Tapioca also uses Forta locally on our host network for real-time threat detection. Forta is also used by Lido, Balancer, Maker, and other top protocols. This chosen security architecture also results in negligible increases in finality time and fees to the end user. This security-first architecture makes Tapioca one of the most secure decentralized money markets ever created.
At Pearl Labs, we always thought one of the key innovation points of LayerZero was the neglected OFT or “Omnichain Fungible Token” super standard. Instead of creating bridges with liquidity on both sides that creates enormous and well-evidenced smart contract risk, finality, liquidity fragmentation woes, or wrapped tokens with large custody risk, our tokens (TAP & usd0) can bridge chain to chain at a token level, just like when you transfer an ERC20 token using transfer().
Stargate’s $STG is an OFT, and Circle among other centralized stablecoin issuers are testing OFT wrappers for their stablecoins. The obvious endgame goal of the OFT standard was to create a native OFT decentralized stablecoin that can bridge at a token level, and that’s what our usd0 is- the most composable stablecoin ever created, purpose-built for the omnichain future.
Not only is the OFT a shared token super standard across all supported chains (12 at the moment) offering unparalleled liquidity reunification and composability, but also can be seamlessly bridged across these chains with exactly 0 fee- just gas!
With LayerZero’s guarantee of valid delivery, the token is burned on the source chain and minted on the destination chain directly through the token contract. OFTs token supply is actually elastic between all supported chains.
(don’t worry, there’s more on usd0 to come soon 😉).
In our world, with over 150 blockchains for users to choose from (no longer just BSC and ETH) navigating through the array of options can feel overwhelmingly complicated. Moreover, the lack of unity between chains has led to the fragmentation of liquidity, difficulty creating money legos with a lack of compatibility, and security woes due to more and more unique blockchains with nuanced approaches to smart contracts.
In a space where attention often centers on unsustainable and risky offerings, it is time to return to the fundamentals: developing safe, secure, and user-friendly infrastructure through seamless interoperability that facilitates real yield and the continued innovation and adoption of decentralized finance. The rallying cry of
the Omnichain Future TapiocaDAO.**
Currently, rather than the fluid experience that one would encounter when using modern websites and apps like Google and Netflix, the current blockchain experience is defined by all of its disjointed parts. While the multichain reality is upon us, it created more problems than it solved. For users, money is money. Bridges (RIP) offered unconnected money which was nothing more than store credits. usd0 is the first truly interconnected decentralized money.
Even with L1s increasing throughput and innovating other nuances, it’s all for naught without seamless interoperability. Do you know anyone who cares about the specs of Facebook’s servers? No- they only care that they can talk to friends across borders. In the blockchain world, you couldn’t talk to blockchains across other blockchains borders until now, through TapiocaDAO leveraging LayerZero.
Through offering truly seamless interoperability, more and more users will be able to benefit from higher capital efficiency through defragmented liquidity, and streamlined user experiences. Mass adoption can come, to the only secure, real sustainable yield-providing, seamlessly interconnected money market to rule them all.
- veMatt, TapiocaDAO Pearl Club Member #0