MAP Protocol Strikes Back at Stargate: Stargate was born with security risks

csoO3qyKwb6RoeARFkpjt84X GXNVpI0hStyr6U3n9s2ZmJMLnn2RNsJiwTiRvzoKoGbN8a0ao1YjzYQjAxMOYQNJAs46pKYQqopjTOTMCIsbAysWLbVVekBhnEFlGeGlxphUoSV

22 Mar 2022, a community member of MAP Protocol “James” raised several questions in Stargate’s official telegram group criticizing the security and cross-chain mechanism of this cross-chain project. Core members of Stargate official group “Primo” and “EchoesOfTheEye” join the debate to defend themselves. 

Let’s take a detailed look at what actually happened. 

MAP Protocol member James firstly raised the question of the safety mechanism of Stargate.

James: What are your technology mechanisms? I didn’t find it more for cross-chain bridges, the safety model is the most concerning problem for the community. If this is another MPC cross-chain bridge project, I feel ashamed about it. no matter how popular it is.

James: So high TVL and exchange volume are just attracting money which is stupid if Stargate technology is MPC. MPC means user cross-chain assets are governed by the core dev team, by a small group person. This technology is used by Anyswap / THORChain / Celer / Wormhole. Last year, I lost 1 Bn because of this technical mechanism. I do not think the market needs another weak project.

Stargate member EchoesOfTheEye avoided the question with tech docs links.

EchoesOfTheEye: Maybe here you can find something you want https://stargateprotocol.gitbook.io/stargate/. Stargate was built on LayerZero, and both were developed by LayerZero Labs. and this one is layer zero underlined Stargate implementations https://layerzero.network/pdf/LayerZero_Whitepaper_Release.pdf.

Stargate Admin Primo responded with a lengthy reply.

Primo: Light nodes are great, you take the entire history of block headers (sequentially) and store them on the other chain, and vice versa. Then with this history, you can submit a tx proof against it and easily confirm validity. The problem? Writes on blockchains are notoriously expensive, $10s of millions per day per pairwise chain to do something like this on Ethereum so it’s not something that’s viable in the current environment. Middlechains, however fundamentally the tradeoff you are making is that you are relying on this chain to perform your validation and trust its consensus. It has full signing authority to write its own transactions out to destination chains and those chains trust it implicitly. Typically if this consensus can be attacked/exploited even for a short matter of blocks it has the ability to effectively take all liquidity on all paired networks almost instantly (This was seen recently with the PolyNetwork hack). So you have these networks that typically are something like 10-30 validating nodes and anywhere from 50-300m bonded value meant to secure 10s of billions of dollars of value on connected chains… while also aspiring to become as decentralized as possible. These systems are some of the single most attractive honeypots in all of the crypto because unlike reorging an entire chain typically a viable attack requires much fewer resources and almost immediately results in the ability to then write those transactions out to the paired networks and say “Hey, all of that liquidity belongs to me. So, now we have an Ultra Light Node which is basically taking a single block header and streaming it on demand. 2 parties in this process, the Oracle (Chainlink, Band, etc.) responsible for passing the block header and the Relayer responsible for forwarding the transaction proof. The outcomes here are fairly straightforward, but the implications are really interesting. The outcomes are basically (honest, honest), (honest, dishonest), (dishonest, honest), (dishonest, dishonest). In the case that both the relayer and the oracle are honest, the transaction is validated on-chain and forwarded to the destination application. In the case Oracle is honest and Relayer is dishonest — fails to validate, Oracle dishonest and Relayer is honest — fails to validate. So now the only case for malaction is the case in which both the Oracle and the Relayer are inactive malicious collusion together. Now what this means is that first off say for example you choose Chainlink for your oracle. That means any malicious action is first predicated on defeating the Chainlink DON, meaning that in the worst case (the case the Relayer is fully colluding with the oracle) it still reduces to being as secure as the Oracle. The second thing is that even in the extreme case where you do have this malicious Oracle who is colluding directly with a Relayer (say Relayer A). All risk is 100% siloed to the Oracle – Relayer A pairing. Anybody using Relayer B-Z, unaffected. Anybody relaying their own tx, unaffected. Anybody using Oracle B-Z, unaffected. This sharding of risk is a super super attractive property when compared to current middlechain solutions. Now lastly, what this means is that any User Application can always relay their own transaction proofs and have 100% control over their security. Even in the case of a malicious oracle, as long as they are not actively colluding maliciously with the oracle against themselves they remain completely unaffected. So, in summary, the tradeoffs are — We will be slightly more expensive than a middle chain (since we’re performing validation of the tx directly on-chain) but the benefit is no catastrophic central point of failure and the extreme fragmentation of risk.

James: Thank you for your reply, I have read Stargate’s white paper. It is good at finance. what you said 10-30validator bonded 50-300M is not a blockchain security system. O3swap, using a polynetwork bridge which had 1Bn bonded assets, but was stolen 1Bn one night. What you said is MPC or threshold signature mechanisms, not decentralized technology.

Primo: A relayer/oracle can have 10,000 permissionless nodes each, there are no constraints on them – you can take existing sets of decentralized networks (ie a tx going from Solana to Cosmos could have the complete set of Solana validators as oracle and the complete set of tendermint validators as relayer). There are no constraints and it’s as open and permissionless as possible but it gives each application the level of control as to what they want to opt-in to.

James: I know it, relayer’s duty is to transfer transactions, oracle is verifying price mistakes. but what is most important is which group is responsible wIth cross-chain assets (determined center for asset going where ), or, in other words, which group validates the account book of the whole event. This important role should be permissionless. That is a decentralized cross-chain indeed otherwise is a defi application strong project that is weak in infrastructure. I think Stargate’s finance mechanisms are good, but cross-chain technology infrastructure is weak. Why does Stargate use another permissionless cross-chain network as infrastructure, just focusing on the finance revolution? I know some practical cross-chain decentralized projects.

EchoesOfTheEye: Please elaborate on why it is weak. I’m referring to the relayer/oracle pattern.

James: Relayer & oracle model of what admin said is strong. but relayer and oracle roles are just conducting the order of validator which is a duty for the whole account book and asset to go where. If the validator is not permissionless, the root is weak. Last year, O3swap had 1Bn locked value in the pool, which is amazing, but what happened? be stolen by a hacker. users and investors lost a lot.

EchoesOfTheEye: So still the risk is nodes(relayer, oracle) colluded right? every Blockchain the Risk is nodes colluded but LayerZero is open btw you can choose your security level for your App”

James: If permissionless collusion is no way. what you challenge is challenging BTC/ETH consensus system. 

EchoesOfTheEye: Just quick review map protocol, MAP Protocol still use wrap token? mUSD? and middle chain which is very risky. No wrap token bridge from STG tho

James: As a decentralized cross-chain project, the token should be on every chain. It is not funny. You may take a look at our whitepaper https://files.maplabs.io/pdf/mapprotocol_whitepaper_en.pdf. Why the middle chain is risky? Cosmos is a middle chain and DOT also.

EchoesOfTheEye: No more wrap token plz, Do you remember Solana Wormhole incident?

James: What we are taking (MAP Protocol) has cryptographic proof

Primo: It is permissionless, it’s all done in a contract that lives on a chain. It’s no different from using a DEX/AMM, bookkeeping, and movement is 100% contract-based with messaging for coordination. Yes understood, you are concerned broadly about the state of X-chain. LayerZero addresses this but you are talking about other systems and I agree with you

James: Technology must be shown stupid in an earlier era, but long term to see, Ethereum / Cosmos, all good ones. What you said has any Cryptographic proof? Infrastructure revolution need Cryptographic proof

James: Stargate has the same crypto proof of MAP Protocol and Cosmos, yet relying on independent of relayer and oracle. That is hard. It’s a strong assumption that oracle and relayer are independent. The assumption endangers the whole system’s trust setup as well as users’ assets in the system. Just like an optimistic roll-up, it is optimistic. Layerzero cross-chain is a good direction for the technology community but needs chain infrastructure to support, which will be safe indeed. If using external technology to act as the cross-chain of independent infrastructure, it has to be a middle chain.

Another member of Stargate commented on James’ question. 

Seq: LayerZero enables trustless interoperability without the overhead of adding another blockchain/consensus in the middle – which not only acts as a bottleneck in terms of performance between connecting all these chains but also can’t scale security to secure the value of assets transferring through it. At some point, there is less stake securing the chain than what can be stolen and then becomes vulnerable. It is also a single point of failure. DAPPs built on LayerZero can configure their own security, not limited to a hundred validators like solutions that add a blockchain in the middle but can have as many permissionless nodes for each relayer/oracle if they wish. You can have the entire validator set of the source and destination chains if you want to create trustless interoperability. It’s the ultra-lightweight endpoint on each chain and where an oracle reads the block header from one chain to send to another – which could use Chainlink Decentralised oracle Networks or whatever they desire, and the relayer fetches the proof for the transaction. They would need to compromise the oracle AND the relayer so is also incredibly secure (especially when you can have very large sets for each independent role)

James: Middle chain is not necessary unless each chain deploys the Layerzero cross-chain SDK in their infrastructure. If not, that has a security hazard.


The debate ended here. Until now, we have not seen more effective feedback from other Stargate members about the safety risks raised by James from MAP Protocol. 

To summarize, two projects are using two different safety mechanisms to achieve decentralization and secure cross-chain assets. 

MAP Protocol is using a middle chain to balance the functionality, efficiency and security with cryptographic proof. Similar to Cosmos, MAP Protocol relies on cryptographic proof rather than trusted relayers when verifying cross-chain messages, facilitating cross-chain transfer as well cross-chain swap, which has been proven to be robust and safe by the industry. 

On the other hand, Stargate is built without a middle chain and places the trust on relayers and Oracle. When Stargate in the future supports asset transfer from X number of chains to another X number of chains, does it mean that it has to deploy X^2 of light clients on each chain? Don’t forget, risks always come with complexity.

To achieve true interoperability is a common vision for all cross-chain players. We are happy to see more discussions and explorations and promote dynamic liquidity migration across the blockchain universe together.

disclaimer
angel nodes 970x90
angel nodes 970x90