Proposing having Celer cBridge for the Moonbeam Ecosystem
Hey all this is Ilnaw from Celer Network. As addressed in @alexei’s post, there are a number of risks we absolutely must address when considering different bridging options. The most imperative one being the security of a particular bridge. At the end of the day, the result of the bridging process is similar, it’s just the process itself that needs to be examined.
Unfortunately, as @alexei mentioned, both Multichain and Wormhole have been exploited in smart contract hacks in the past and we are happy to see them recovering well, but it doesn’t change the fact that it has happened. Smart contracts are extremely difficult to manage as if they don’t change, the hacker has a massive amount of time to look for potential vulnerabilities or exploits. There was also a bit of a lack of security monitoring in general. Part of the reason these vulnerabilities exist is that some models are inherently flawed.
In comparison, we at Celer use a two-fold approach to security that makes it incredibly difficult for any exploits to be executed by malicious actors and has been proven through an extensive cross-chain transaction history of $10 billion. As proven by our analytics, we have seen our fair share of market conditions and users; we have built trust from the market in our protocol. Some points we’d like to highlight are that cBridge was launched in July 2021 and has seen huge traction and growth with:
- Over $10 billion cross-chain transaction volume processed
- Over $217 million in TVL
- Over 867k in number of transactions
- Over 204k in unique users using cBridge
Celer cBridge supports 37 chains and 135 tokens in cross-chain bridging, including the bridging of USDC, USDT, and ETH on Moonbeam. For the full list of chains and assets that cBridge supports, you can look here.
Celer cBridge comes with two security models that apply to cross-chain transfers on a per-tx basis.
- Cosmos-consensus Security Model
By default, inter-chain dApps rely on the security of the State Guardian Network (a Cosmos Chain) by processing messages routed from another chain without delay. The SGN offers L1-blockchain level security just like Cosmos or Polygon with it being a Proof-of-Stake (PoS) blockchain built on Tendermint with CELR as the staking asset. If a guardian acts maliciously, its staked CELR will be slashed by the consensus protocol. This level of economic security is something that grows with the staked CELR’s value and is simply not available in simple Multi-signature or MPC/PoA-based solutions. As of early September 2022, SGN has 21 validators, with renowned entities such as Infstone, Ankr, Cosmostation, Binance and Everstake running validators.
- Optimistic-rollup-style delay buffer Security Model
Even under the extreme case of 100% of the guardians behaving maliciously, inter-chain dApps can maintain full security with an optimistic-style delay buffer. Instead of instantly processing a message routed by the SGN, cBridge can inject a mandatory delay buffer and anyone can run an independent watchtower service to double-validate the message on the source chain. If the watchtower service detects any inconsistency, it can prevent the message from being processed before the delay expires.
In the cBridge production, optimistic-rollup-style delay-buffer execution is used for certain large-sized transactions along with an independent sentinel system. For any large transaction larger than a certain amount, two-txs are needed to actually make the bridge happen: a “commit” transaction that will trigger the time buffer and then after the time buffer, a “confirm” tx. If the sentinel system observes that the “commit” tx does not have a matching source in a different chain, it can immediately pause the token bridging process. The sentinel system also continuously monitors the bridge for small transactions as well to detect and prevent any unexpected smart contract bugs. There is also rate-limiting for token bridging as the last resort to the worst-case scenario.
Celer cBridge is also using security measures on all levels of operations:
Smart contract-level rate-limiting to risk control and monitor sudden volume surges;
Transaction-level sentinel for on-chain bridge in/out balance monitoring;
Front-end and website integrity monitoring for codes and contract addresses;
CertiK, PeckShield and SlowMist have audited Celer cBridge. Furthermore, cBridge has one of the more extensive bounty programs in the space via a $2 million offer on Immunefi.
There’s more to interoperability, as Celer has been spearheading cross-chain message passing with its Celer Inter-chain Messaging framework implemented in different dApps to enable various one-click and one-tx cross-chain user experience. Examples include one-click cross-chain token exchanges with Rango Exchange, cross-chain perpetual swaps with SynFutures, and cross-chain governance with Futureswap. We are excited to support Moonbeam dApps to enable similar features with IM down the road.