Understanding Trust-Minimized Bridges for a Secure Multi-Chain Future | Nomad AMA Recap
StellaSwap recently organized our first AMA with Nomad to understand their novel bridging architecture and how it could be the standard for multi-chain bridging going forward.
🕓 AMA Date: 1 April, 2022
👐 Guest: Pranay Mohan (Founder) & Julian (Head of Growth) | Nomad
🍁 Location: StellaSwap Discord
Importance of Understanding Bridging Landscape
The main reason why StellaSwap organized this AMA is to shine a light on a key component of the DeFi world that has often been overlooked. However, the frequency of exploits pertaining to bridging solutions — such as the recent $625 million Ronin hack — necessitates greater scrutiny, since bridges are vital in facilitating cross-chain asset transfers. It is therefore apt that StellaSwap organizes a session for everyone to understand the current landscape of bridging technology and what’s being done to solve various issues pertaining to bridges.
StellaSwap is happy to host an AMA with Pranay and Julian of Nomad. They’re working on important innovations on bridging technology.
AMA Recap with Nomad
Overview: We have just partnered with Nomad to expand our bridging infrastructure, not only that their novel bridging technology has more applications than just bridging. This is an important partnership for us at StellaSwap and in this AMA we will cover the following:
- Understand more about the integration
- Run down the technology behind Nomad bridge
- How Users can bridge their assets to Moonbeam using Nomad
- New services to expect for end users from this partnership
- What new farms that will go live
- First ever risk free no IL ETH farm to be launched in partnership with Nomad
Atticus | StellaSwap: Hello everyone I am Atticus, founder of StellaSwap and today we have with us founder and CEO of Nomad Pranay, also joining us as head of growth from Nomad Julian. So let us get a brief introduction from these guys and take this forward.
Pranay | Nomad: Super excited to be partnering with StellaSwap, I think the IL free solution is important for DeFi and Moonbeam, and we could not be more excited to be your bridge partner in bringing Nomad assets to Moonbeam in the form of adding liquidity in a lot of the assets that people know and love.
So I will give a quick intro about myself and also talk about Nomad, I went to school in Texas with it being an oil city, I got funneled into chemical engineering. Then moved into Tech after the Snowden revelations because to me privacy and rights in the digital world are very important and that led me to change careers in order to make a change in the most important domain which is the digital frontier moving forward.
In 2018 I fell down the rabbit hole. Through conferences and crypto events I have stumbled upon on zksnark protocol and was blown away with it. From that moment on I was sold and jumped fully into crypto, worked on different projects including the blockchain Celo which is where I got interested in bridging and interoperability which is what eventually led us to found Nomad. We found Nomad at the end of last year with the idea of how can we most effectively deploy trust minimized bridges initially across EVM chains and later on across any smart contract chain.
It’s very topical right now because of the Ronin hack two days ago, where people are asking:
“Hey is there actually a way to do lock and mint bridge in a safe manner? Is there always gonna be a risk if hundreds of millions of dollars are escrowed on for example Ethereum and moved to chains like Moonbeam, are we always at risk of getting rugged? “
And the big picture answer that I am here to provide is no. There are very secure solutions that we can deploy, the most trustless of which being things like IBC, but until those are ready in places like Ethereum, we have to find a solution that is available now and secure enough to move forward.
Julian | Nomad: Hey everyone I think that Pranay gave an excellent into to Nomad so I will leave that there. In Nomad I lead growth, anything from marketing, go to market strategy and interacting with the community falls under me. And since my last AMA Pranay suggested that I always include: the resident Memer to my work responsibilities.
I got into crypto around 2018, was trying to build bitcoin trading bots. After leaving a big hedge fund I stumbled upon Nomad and it matched my thesis and opinion about how bridging and interoperability should be approached. So excited to be working in Nomad and tying it back to StellaSwap, super excited to be part of your ecosystem bringing secure bridging.
Q1: Can you tell us more about the philosophy behind the design decisions that led you and your team to conceive Nomad? What problem were you trying to solve? And How is it fundamentally different from the rest of the already existing bridging solutions?
Pranay | Nomad: Great question to begin with, I think what really matters right now is after these three recent bridge hacks. The Ronin network, Poly network, and Solana wormhole. Together over $1.5B were lost to bridge hacks! That is just an absolutely astounding number. Who could have even thought at the beginning when Bitcoin was created that we are gonna get to a point where this amount of money exists on chain and could be lost or stolen.
So what that shows is two things:
- The importance of security
- The market need to bridge now
There has been a lot of hot takes due to the recent hacks, and some people said that maybe we should not even be bridging right now. I think it’s natural to have that response but I like the metaphor that Arjun from Connext, one of our close partners says: saying people should not bridge is like advocating for abstinence, that is not gonna happen because its fun which the same case with bridging. What we need is safe bridging, to allow people to bridge without losing their tokens.
So what can we do how can we allow for safe bridging? Well, the best solutions is using something like XCM, the reason Moonbeam is such as compelling chain and why StellaSwap has deployed on there is Moonbeam gives an EVM environment but more importantly it gives great access to the rest of the Polkadot ecosystem. So you can use XCM which is the crosschain messaging system for Polkadot to move assets and send messages from Moonbeam to other chains like Manta or Acala. The reason you can do that is because XCM protocol uses the relay chain underneath it, uses the security of the Polkadot validators to make sure there is no risk in moving funds. However, that same protocol that same messaging standard cannot be extrapolated to chains that are not connected to the Polkadot relay chain. So wherever possible we want to use fully trustless bridging protocols, we want to use XCM which works for all the parachains and then we want to use IBC whenever we are in Cosmos. But across EVM chains like Ethereum, Avalanche, Polygon and Fantom, these protocols don’t work well out of the box. So what we end up doing is using kind of like makeshift constructions. So multisig bridges, validator bridges, custodial bridges are result of these different constructions and people have to reason about different security models across different constructions.
Going from Ethereum to Solana you would use wormhole, Ethereum to Polygon you would use Polygon POS bridge. So it’s very confusing for the average user, but they just need to ape in order to get their tokens on the other side.
Atticus you brought earlier that multichain is the market leader, I respect them for capturing market share and deploying because they are meeting a user need. But under the hood they are using an MPC system which stands for Multi Party Computation. Meaning you have Many people that have sharded one key and are able to sign, as long as you have enough people performing signatures over certain threshold then you can authenticate a cross-chain message.
The way this security model works is you are relying on a certain number of actors out of all actors to do the right thing. So in Wormhole it has 19 actors and if 13 of them do the right thing we are good. But what if those 13 end up doing the wrong thing like what happened in the wormhole hack. Or In the Ronin bridge what if 5 of the 9 validators get corrupted by some adversary and do the malicious thing.
Fundamentally, throwing more bodies at the problem will only give you so much security. Especially if all the parties involved are running the same software. It just takes one exploit to rob the whole system. Additionally even if the system is secure, it increases overhead in a linear manner. Every single person added has to do the validation and be able to support the cross-chain message verification.
So this idea can work for now, but we don’t think it’s the most robust way to do it. And the Nomad philosophy is instead of solving the problem by throwing more bodies at it. Instead, let’s use an optimistic mechanism like optimistic rollups. What we will do is we will just have one party you can think of them kind of like the sequencer in optimistic rollups we just call them the updater. But there is only one person who has the ability to verify the cross chain message. But they key difference is once that message gets sent, we don’t allow it to settle immediately, the Nomad protocol says hey let’s wait for 30 minutes, and in that time if anybody in the world that is watching the system and running a watcher agent see something fishy they can report that on chain with the fraud proof and then prevent that message from settling. So fundamentally, the security model changes from being m of n actors to 1 of 1 can verify the message, but one of n provided that n is a huge numbers of watchers that are protecting the system.
We are not yet at the fully decentralized version of this setup, I want to be very clear that Nomad core team are running the agents right now and we are working on decentralizing the watchers.
But the point being is that the theoretical level of security once the system is fully decentralized is much higher than just some type of MPC or a threshold signature scheme.
The additional benefit of Nomad is its very easy for us to deploy the system because there is less overhead than a validator based system. We don’t need a 100 validators to be able to run
Nodes and support a new network we can just deploy smart contracts and have one updater and have the existing watchers support the new network.
So it’s pretty straightforward for us to add new chains and one of the things we are excited about is adding Evmos support which is kind of the sister chain to Moonbeam. We are excited about the chance to move Polkadot and Cosmos assets between the two chains and form this relationship between Ethereum, Cosmos and Polkadot.
Q2 : The current encumbrance is the way the economy security model has been predicated on an honest majority assumption. Inversely for you “Nomad” you have focused on a single honest verifier instead, can you shed light on this point?
Pranay | Nomad: Let’s explore honest majority vs single verifier. How that works is it splits the roles between the verifiers and the watchers. So how cross-chain verification works is you have two chains and what you are trying to do to is you are trying make a state transition or a state update on chain “A” and make sure that chain “B” know of that update so it can perform an action.
One example is token bridging. If I am sending 100 USDC on Ethereum to Atticus on Moonbeam, I would need to lock that 100 USDC on Ethereum and then the bridge system needs to mint a synthetic asset representing 100 USDC on Moonbeam and send it to Atticus on Moonbeam.
But in order for the destination chain to mint and send the USDC to Atticus, it needs to know that I did indeed lock the asset on the source chain, if I did not then we incur a double spend risk where there is a 100 USDC on Moonbeam and Binance Chain at the same time.
In order to do this we need some way to propagate the state from the home chain to the destination. The best way to do this is to run a lite client. So you run a lite client of the sending chain as a smart contract on the destination chain. This is in short how IBC works, and this is the only trustless way to do cross-chain bridging.
Nomad way is rather than having external validators or honest majority, is to have one verifier, lets assume that the person doing it is honest, and add another class of actors who cannot play a role in permissioning or verifying cross-chain messages. Instead, all they can do is revoke access.
The risk of the system as built right now is if any of these watchers are not honest they can perform a grieving attack, they can basically sever the channel when there is no risk involved. So what we need to start out with is a set of permission watchers that have incentive alignment with both chains to not grief or censor that chain unnecessarily.
In the long run we are working towards building a scheme where watchers can actually submit a proof on chain that can be verified proving that there was fraud on the source chain. A good metaphor I like to use is fire codes.
The honest majority is trusting somebody to tell you that there is fire in the building. Running a lite client is basically going everywhere with a fire extinguisher at all times so the chance of fire is zero because you are spraying everywhere with fire extinguishers whether there is a fire or not, which causes higher expenses. What Nomad says is that instead of letting anybody in the room, whenever they see fire they raise their hand and say there is a fire in the room, and at that moment we can use the fire extinguisher and put out the fire.
So it is simply a way of achieving cost savings and high security while incurring a trade off which is latency.
Q3: Let’s now focus on a major aspect of any bridge which is user experience, help us understand the entire user journey and what our users can expect from Nomad’s bridge
Pranay | Nomad: We have a community first approach and we work with the users to get the feedback and improve. From a product standpoint, we are trying to get to a world where people don’t know what chain they are on. Imagine if StellaSwap was deployed on many chains and users want to be able to stake or trade without caring what chain they are on. I have no doubt that this future will emerge eventually. But right now where we are at is people have to know what chain they are on and make a conscious decision to move their assets between chains. And what we are trying to do while we are in this stage is to make this experience as seamless as possible.
Every bridge transaction requires two transactions, Nomad abstract away the complexity of two transactions. We subsidize the fee on the cheaper chain and relay the transactions ourselves (Nomad core team) so that users don’t need to come back and claim the bridge transaction. We currently do this for every chain except Ethereum because of high gas costs.
We want to bring the bridging experience as close as possible to the single chain experience. We have a simple intuitive UI design and are always improving it with user feedback.
Any one from the StellaSwap community who has any feedback please do reach out to us on our socials, we take user feedback very seriously.
Julian | Nomad: With building cross-chain interoperability getting the community involved on every stage is vital to understand the community needs. Not only that but we want to explain to users how the bridging experience works and simplify it wherever possible. We are trying to build a public good over a toll road. A lot of different bridges charge fees where it is obviously a business at the end of the day. For us the bridging infrastructure is one of our many products and we want to offer to the community at large is the best adoptable way.
Q4: You have partnered with Connext to expedite the bridge transaction, can you tell us a bit more about this partnership and what users can expect?
Pranay | Nomad: We are very explicit with Nomad in terms of what the tradeoffs are. There are no solutions, only trade offs. The key trade off that Nomad makes is that it trades off speed for greater security and lower cost. In practice what this means is that when you bridge from Ethereum to Moonbeam you end up waiting 30 minutes more because there is a 30 minute dispute window.
We partnered with a team called Connext that offers a bridging solution. The key difference between Connext and others is that it is a liquidity network, it is not a lock and mint solution. Connext cannot mint tokens at the settlement layer but Nomad can so what we do is we use Nomad as the secure settlement layer.
Functionally what happens to the user funds when he trying to bridge USDC from Ethereum to Moonbeam using Connext is the fund gets sold on the source chain and then the router atomically sends you the USDC on Moonbeam chain. Which ends being just few minutes rather than waiting the whole 30 minutes.
Q5 Atticus: What are your plans going forward in terms of adding other chains so that we can look forward to adding them on StellaSwap, can you give us a rundown on what to expect?
Pranay | Nomad: We try to co-create our roadmap with our partners like StellaSwap so whenever you have a need to deploy on certain chain or add a certain bridge source to Moonbeam let us know we are part of the same community and we will adjust our roadmap to meet your own.
Our next deployment is going to be Evmos, we are thrilled to finally seeing an EVMchain coming to the Cosmos verse. After that we are focused on couple of the bigger more popular chains namely Gnosis chain and Polygon, after that we want to expand to all of the promising chains out there so Avalanche, Fantom, Binance Chain, Optimism and Arbitrum.
One of our goals this quarter is to deploy everywhere and make it so that users can experience the high security and ease of use of Nomad system anywhere where they want to go. As I mentioned earlier I envision a world where users don’t care or know what chain they are on and for that to happen we need to expand to all those chains.
StellaSwap is the first and leading Moonbeam DEX that offers an integrated gateway to the DeFi world. Users can swap, earn, yield farm, bridge assets, explore new projects and engage in NFT trading all from a single unified platform. StellaSwap’s products are structured in such a way that facilitates decentralized governance of STELLA holders, while continuing to innovate on the collective foundations by design.