DLT Interoperability and More ⛓️#15 ⛓️ — SoK: Not Quite Water Under the Bridge: Review of Cross-Chain Bridge Hacks

Rafael Belchior
3 min readNov 30, 2022


In this series, we analyze papers on blockchain and interoperability.

This edition covers a paper that surveys cross-chain bridge hacks.

➡️ Title: SoK: Not Quite Water Under the Bridge: Review of Cross-Chain Bridge Hacks
➡️ Authors: Sung-Shine Lee, Alexandr Murashkin, Martin Derka, Jan Gorzny

➡️ Paper source: https://arxiv.org/abs/2210.16209

➡️ Background:

Background on blockchain interoperability can be found here.

The background on bridges can be found in Section 2 of the current paper, but the process, in a nutshell, is:

Source: https://arxiv.org/abs/2210.16209

This is, it follows a lock-unlock mechanism. Lock tokens on the source chain (namely on the custodian contract), which emits an event. A communicator watches these events and issues debt tokens (a representation of the token on the source chain). The structure and types of communicators can be found in our work published at ACM DLT.

➡️ Contributions:

  • The authors describe the general structure of a bridge.
  • The authors explore real-world examples of cross-chain bridge hacks

💪 Strong points:

  • The present paper is very well written and easy to follow. The reader will find an immense value that is easy to digest.
  • This work leaves many directions open for future work: explore mitigations to attacks, asset transfer/bridging standards (such as our work in SATP — which, by the way, is a public group, join us!), incident management responses, visualization tools for on-going attacks, such as HyperSec, and others, which we will cover in a future article.

🤞 Suggestions for improvement:

🔥 Points of interest:

  • “The custodian-debt issuer architecture is designed to avoid double spending of digital assets that have been sent across a bridge; it is important that bridges only mint digital representations only after receiving the true asset on the source blockchain. This prevents double spending by only having one representation of the token freely transferable at a time.”
  • Section 3 discusses attacks on the custodian component. “The first exploit involves changing the privileged address that can access the digital assets, using cross-chain function calls. The second exploit aims to forge proofs that are accepted by custodians to release assets. The third exploit aims to trick the custodian into emitting deposits when it should not.”
  • Section 4 reviews “the debt issuer component of a bridge. The exploit aims to arbitrarily mint debt tokens on the destination blockchain.”
  • Section 5 explains “exploits targeting the communicator component of a bridge. The first exploit aims to trick the communicator into forwarding invalid messages from one blockchain to the next, while the second uses a 51% attack on a blockchain to cause a blockchain re-organization after the communicator receives a valid message. These exploits can be thought of as polluting the data source of an oracle, the communicator.”´
  • Section 6 depicts “exploits based on the token interfaces used in bridges. The first exploit relates to token approvals for bridges, while the second exploits the EIP-2612 interface function built into some ERC-20 tokens.”

🚀 How does it relate to our work at Técnico Lisboa, INESC-ID, and Blockdaemon? (views are my own and do not necessarily reflect the opinions of my employer)

  • Enabling secure, scalable interoperability is an important part of what we do at Blockdaemon. Studying cross-chain bridge hacks allows a better understanding of interoperability security.

🚀 What are the implications for our work?

  • This work helps us build more secure blockchain interoperability middleware.



Rafael Belchior

R&D Engineer at Blockdaemon. Opinions and articles are my own and do not necessarily reflect the view of my employer. https://rafaelapb.github.io