Bridge rate limits are a simple yet effective solution to protect blockchains against large security exploits. Pioneered by Osmosis, they’re becoming an industry standard.

Our goal at Range is to make IBC and the interchain the most secure DeFi ecosystem for users and institutions. We’re collaborating with leading teams such as Osmosis and Stride to make this a reality, building risk tooling such as the IBC dashboard and improving the state of the art with the upcoming IBC Rate Limits v2 release.

Our decision to focus on IBC Rate Limits as the best sufficiently decentralized solution to improve the security of the interchain by an order of magnitude became clear after the Dragonberry, one of the most important events in the history of the interchain.

Bridges are the weakest link in crypto, accounting for more than $3B in losses due to exploits in the last 3 years. Most bridges handle large TVL and have complex codebases, and many have taken centralized design shortcuts, making them an attractive target to attackers.

However, historically, most of the bridge exploits have been due to software bugs and implementation errors and not to the exploitation of a weakness at the protocol level. Examples of this are the Wormhole exploit (>$300M) and Nomad ($190M). These examples show that no matter how sound a protocol is, there can always be implementation bugs, and trust-minimized bridges like IBC are no exception.

In October 2022, the BSC bridge suffered an exploit of over $100M, which could have easily become the largest hack in crypto history. The root cause was a flaw in the IAVL Merkle proof verification system using a non-maintained Cosmos IBC library. Soon after, a group of developers and researchers discovered the Dragonberry vulnerability, which made forging proofs in IBC possible so that a malicious user could double-spend assets in multiple chains. The exploit of Dragonberry could have meant the loss of 100s of millions of dollars in the interchain. The vulnerability was patched on time but showed again that sound trust-minimized protocols are also vulnerable to software bugs.

In response, the Osmosis team introduced IBC rate limits in October 2022 after the BSC hack and Dragonberry incidents. It’s been the first proposed standard of bridge rate limits implemented in production. Let’s explore what rate limits are, the current version, and what the future looks like.

IBC Rate limits are thresholds expressed in static periods (e.g., 24 hours) that measure the net flow of an asset (inflows vs. outflows) compared with the quota of a channel. If the quota is surpassed in the given time period, no further IBC transfer will be allowed until the next period starts.

This mechanism essentially prevents the movement of huge amounts of funds in and out of the protected blockchain in a short time interval. Thus, this would limit the amount at risk that a hacker could extract in a security exploit.

Let’s take as an example the largest bridge hack in the history of crypto: the $624M Ronin bridge exploit. If the Ronin bridge had set rate limits stating that a max $10M can move out of the Ronin chain every 24 hours, the exploited amount would have been reduced by a whopping 98%.

Rate Limits are a type of post-deployment security mechanism in the same group of circuit breakers, pause functionality, or settlement delayers such as timelocks. In contrast, security measures such as audits and formal verification are pre-deployment security measures.

One of the key differences between rate limits and other post-deployment security measures, such as pause triggers, is that they don’t introduce substantial centralization vectors in a protocol or blockchain. The main decision communities must make, usually via governance, is how tight each threshold is for every asset and route, navigating the trade-off space between security and liquidity.

Rate limits are becoming a must-have standard for blockchains that secure real economic activity, and TVLs adopted both in the interchain and beyond, such as in the Wormhole Bridge.

IBC Rate Limits were originally designed and developed by Osmosis and went live in February 2023. They are the first standard governance-configurable implementation of a cross-chain bridge token transfer rate limit in the wider crypto ecosystem.

In the Osmosis implementation, the rate limit logic is implemented as a CosmWasm smart contract, which interacts with an IBC Middleware package that wraps the standard ICS-20 transfer application. To check the current rate limits, you can check the IBC Dashboard.

Since then, alternative IBC Rate Limits implementations have appeared, most importantly Stride’s, which developed a version of IBC Rate Limits as a native Cosmos SDK module. This has enabled other Cosmos SDK chains that do not support CosmWasm to integrate IBC Rate Limits into their applications.

Notably, the Cosmos Hub just integrated IBC Rate Limits via the v16 upgrade, enhancing the security of the largest Cosmos SDK chain by economic value, setting a new industry standard, and protecting the Hub and the whole Atom Economic Zone against security incidents in IBC, or any of its counterparty chains.

IBC Rate Limits are at the v1 stage, which has already proven incredibly effective in protecting economic value and assets in blockchains such as Osmosis. However, the current rate limits functionality is rudimentary and doesn’t enable teams and communities to set and adjust thresholds dynamically and accurately.

In the coming months, Range, in collaboration with Osmosis, will launch IBC Rate Limits v2 to bring IBC and cross-chain security to a new level in the interchain and make it available to the rest of the blockchains connected to IBC. We’re confident that in the near term, bridge rate limits will become a standard and the obvious solution to make each project in the interchain 10 times more secure.

IBC Rate Limits: Elevating Cross-Chain Security to the Next Level was originally published in Interchain Ecosystem Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

121 +