- In single chain era things are easy: Full nodes don’t rely on validators for correct execution. Even if all validators collude, they can’t cheat full nodes, because full nodes download and verify of all transactions. Fraudulent blocks will be immediately rejected by full nodes. Validators are only trusted for liveness and censorship resistance, not for safety!
- In multi-chain era this not easy: One can’t expect ordinary people to run full nodes for all chains they are interested in. That’s very resource intensive (and no explicit rewards for running full nodes). Most of cross-chain activity is verified by light nodes. When Chain A and B talk to each other, we can think of them as running light nodes of each other. Unlike full nodes, light nodes can be tricked by colluding validators. If super majority validators were to collude, they can change the rules of the protocol. For example, chain A’s validators, can free mint unlimited tokens and send them to chain B. Chain B will not be able to detect this fraud!
We are at the verge of a deflection point in terms of how to reason about security in multi-chain. There are 3 camps;
- The good (1 of N): This camp imagines a future where light node security can be (almost) on par with full nodes; as long as there exists a single honest full node, all the light nodes are protected. This otherwise known as the 1 of N trust assumption. It requires a complete overhaul of blockchain design; multi layer arhitecture, data availability, fraud/zk proofs. It’s a tough road but can promise us millions of secure chains. Shout out to Ethereum and Celestia!
- The ugly (2/3 of N) : This camp lives in 2/3 of N trust assumption. Chain B always have to trust that chain A’s validators won’t collude. The reason this is ugly is that (i) only a handful validators form the 2/3 of N due to stake concentration, mev, delegation etc. I’d argue that this is not an engineering problem but a fundamental limit regardless of tech (ii) security defaults to economic security of the weakest chain.
- The bad (1 of 1) : In this distopian future, interoperability just means USDC transfers verified by Circle. Circle runs a full node for all the chains they are interested in. We already rely on them ensuring stable liquidity. Why not also rely on them for bridging it.
Let’s see together how this plays out…
