Count of Monte Crypto: Accounting-based Defenses for Cross-Chain Bridges
About
Between 2021 and 2023, crypto assets valued at over \$US2.6 billion were stolen via attacks on "bridges" -- decentralized services designed to allow inter-blockchain exchange. While the individual exploits in each attack vary, a single design flaw underlies them all: the lack of end-to-end value accounting in cross-chain transactions. In this paper, we empirically analyze 10 million transactions used by key bridges during this period. We show that a simple invariant that balances cross-chain inflows and outflows is compatible with legitimate use, yet precisely identifies every known attack (and several likely attacks) in this data. Further, we show that this approach is not only sufficient for post-hoc audits, but can be implemented in-line in existing bridge designs to provide generic protection against a broad array of bridge vulnerabilities.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Cross-Chain Bridge Transaction Analysis | Ronin | Reported Count2 | 1 | |
| Cross-Chain Bridge Transaction Analysis | PolyNetwork 2021 | Reported Count18 | 1 | |
| Cross-Chain Bridge Transaction Analysis | BSC Token Hub | Reported Count2 | 1 | |
| Cross-Chain Bridge Transaction Analysis | Wormhole | Reported Transactions Count1 | 1 | |
| Cross-Chain Bridge Transaction Analysis | Nomad | Reported Count962 | 1 | |
| Cross-Chain Bridge Transaction Analysis | Harmony | Reported Transactions15 | 1 | |
| Cross-Chain Bridge Transaction Analysis | HECO | Reported Transactions Count8 | 1 | |
| Cross-Chain Bridge Transaction Analysis | Qubit | Reported Transactions16 | 1 | |
| Cross-Chain Bridge Transaction Analysis | Anyswap | Reported Count4 | 1 | |
| Cross-Chain Bridge Transaction Analysis | PolyNetwork 2023 | Reported Transactions Count136 | 1 |