Vitalik Buterin: Pessimistic about cross-chain applications and their security limitations, optimistic about the future of the multi-chain ecosystem

In fact, the fundamental security limitations of cross-chain bridges are a key reason for my optimism about the multi-chain blockchain ecosystem (there are indeed several separate communities with different values, and it's best to keep them separate for research and development, while Not everyone is fighting for influence for the same things), I am pessimistic about cross-chain adoption.

To understand why cross-chain bridges have these limitations, we need to look at how various combinations of blockchains and cross-chain bridges survive 51% attacks. Many people have this mentality, "If the blockchain is 51% attacked, everything will collapse, so we need to do our best to prevent a 51% attack from happening, not even once." I really disagree with this way of thinking; in fact, even after a 51% attack, the blockchain still maintains many security guarantees, and it is very important to maintain those guarantees.

For example, let's say you have 100 ETH on the Ethereum chain and after a 51% attack on Ethereum, some transactions will be censored and/or rolled back. But no matter what happens, you still hold your 100 ETH. Even an attacker with a 51% attack cannot submit a block that takes your ETH, because such a block would violate the rules of the protocol and thus be rejected by the network. Even if 99% of the hashrate or staking wants to take your ETH, everyone running a node will only follow the remaining 1% of the chain because only its blocks follow the protocol rules. More generally, if you have an application on Ethereum, a 51% attack may review or rollback it over a period of time, but eventually a consistent state emerges. If you have 100 ETH, but after selling it on Uniswap for 320,000 DAI, even if the blockchain is attacked with arbitrary insanity, in the end you still have a clear outcome - either you keep your 100 ETH or get you of 320,000 DAI. There is neither 100ETH nor 320000DAI, such a result violates the rules of the protocol, so it will not be accepted by the protocol.

At this point, imagine what would happen if you moved 100 ETH to a cross-chain bridge on Solana to get 100 Solana-WETH, and Ethereum was 51% attacked. The attacker deposits a bunch of his own ETH into Solana-WETH, then rolls back the transaction on the Ethereum side as soon as the Solana side confirms it. The Solana-WETH contract is no longer fully backed at this point, maybe your 100 Solana-WETH is only worth 60 ETH now. Even if a perfect ZK-SNARK based bridge could fully verify consensus, it would still be vulnerable to theft by such 51% attacks.

For this reason, holding Ethereum-native assets on Ethereum or Solana-native assets on Solana is always safer than holding Ethereum-native assets on Solana or Solana-native assets on Ethereum. In this context, "Ethereum" refers not only to the base chain, but also to any L2 built on it. If Ethereum is 51% attacked and a transaction is rolled back, Arbitrum and Optimism will also roll back, so even if Ethereum is 51% attacked, "cross-rollup" applications that hold state on Arbitrum and Optimism are guaranteed to be consistent. If Ethereum is not 51% attacked, then 51% attack cannot attack Arbitrum and Optimism respectively. Therefore, it is still completely safe to hold assets issued by Optimism encapsulated on Arbitrum.

The problem gets worse when faced with more than two chains. If there were 100 chains, you would end up with dapps with many interdependencies between those chains, and even a 51% attack on one chain would create a systemic contagion that would threaten the economy of the entire ecosystem. That's why I think interdependent regions are likely to be tightly coupled with sovereign regions (hence, many Ethereum universe applications interact closely with each other, many Avax universe applications interact with each other, etc., but not Ethereum universe and Avax universe applications closely interact).

By the way, this is also why Rollup can't just "use another data layer". If Rollup stores its data on Celestia or BCH or whatever and handles assets on Ethereum, if that layer gets a 51% attack, you're screwed. The 51% attack resistance provided by the DAS on Celestia doesn't actually help you, because the Ethereum network doesn't read that DAS; it will read a bridge, which is vulnerable to a 51% attack. To be a Rollup that provides security for applications that use Ethereum-native assets, you must use the Ethereum data layer (and the same for any other ecosystem).

I don't expect these issues to arise immediately, as even a 51% attack on a chain is difficult and expensive. However, the more cross-chain bridges and applications are used, the more severe the consequences will be if an attack occurs. No one would attack Ethereum 51% just to steal 100 Solana-WETH (or, 51% attack Solana just to steal 100 Ethereum-WSOL). But if there are 10 million ETH or SOL in the bridge, the incentive to attack becomes much higher, and large mining pools can coordinate well to attack. Therefore, cross-chain activity has an inverse network effect: when there is not much cross-chain activity, the network is fairly secure, but the more cross-chain activity, the greater the risk.