Secure bridges are hard. Let me highlight some thoughts around the bridges between Ethereum and
Quote Tweet
holy fucking shit @wormholecrypto is not having a good time right now
Show this thread
1
11
35
Conversation
First - I anticipate people trying to frame this as "see - that is why you should use L2 and not side chains" - but they are wrong!
The advantage L2s have, is that there is no need for trusted operators. So if a bridge operator would turn malicious or would get compromised...
2
4
15
you can rightfully say: see L2! But if there is a logic error/bug in a bridge - this can happen in the very same way in any L2. In fact, L2 designs are often more complicated than bridges of side chains so there is absolutely no reason to believe that they are less likely to...
1
2
21
have bugs. Just take the recent DYDX bug as evidence:
Quote Tweet
All L2 efforts should be pushed and applauded. But it is still part of the truth that it will take years for them to “harden” and truly offer the same security as funds on L1. twitter.com/dYdX/status/14…
Show this thread
1
6
Now talking about - first - yes the security is currently essentially an advanced multisig. While we have plans after "the merge" to update the security to the full validator set of Gnosis Beacon chain (currently 23k validators) currently it is a handful of trusted..
1
8
entities. However - that aside - the bridge is powerful and had a bunch of additional security measures put in place: first - at the core is an "arbitrary message bridge"
docs.tokenbridge.net/eth-xdai-amb-b
It allows to not only bridge tokens but really message.
1
6
This is why it is e.g. possible to have a DAO on Gnosis Chain control a Safe on mainnet:
Quote Tweet
zodiac bridge module 
DAOs can now have cross-chain control
by equipping this module, a DAO on one chain can control the assets and interact with systems like a @gnosisSafe on an *entirely different* EVM chain
DAOs can now have cross-chain control
by equipping this module, a DAO on one chain can control the assets and interact with systems like a @gnosisSafe on an *entirely different* EVM chainShow this thread
1
1
9
Build around the core AMB (arbitrary message bridge) is the Omni Bridge that allows to bridge any ERC20 token.
youtube.com/watch?v=WMubAC
Build by and team with a history of building bridges since 2017 - none of those had any incident so far.
Replying to
Being prudent engineers security measures had been put in place like "daily limits". So in case of a hack - bridges funds can only be stolen up to a limit, giving time for a more secure "bridge governance" multisig with 15 independent cold wallet signers to intervene.
1
1
8
The bridge team kept innovating and created a setup where bridged funds can be used in low risk lending protocols (Aave and Compound) while using the returns to subsidize bridge gas costs for users.
2
4
There is a current proposal to Gnosis DAO (I very much support) to use yield to buy full insurance for the bridge. To me that would be an ideal win win for the chain (GNO holder) and bridge user:
1
18