Fantom is competing with Ethereum Layer-2 solutions insofar as the value proposition revolves around increased transactional throughput and low transaction fees. The below chart shows Polygon averaging a significantly higher (5x) average TPS for Polygon out in the wild. The quickly evolving world of Layer-2 scaling solutions for Ethereum might feature a slower time-to-finality than Fantom, though this doesn’t appear an insurmountable barrier to adoption for prevalent L2 technologies on Ethereum. This means Fantom is moving into a very competitive ecosystem.
Fantom plans to facilitate private transactions via Layer-2 solutions rather than focusing on building private transactions into the core protocol directly. Fantom announced an integration with , a privacy-oriented Layer-2 payments solution with ~20,000 active users. Since Suterusu was already built on Ethereum, Fantom was able to easily plug in due to EVM compatibility by design. Suterusu uses zkproofs to offer privacy guarantees similar to
Fantom works by employing its own unique Lachesis consensus protocol, a type of Directed Acyclic Graph (DAG) featuring an asynchronous BFT consensus protocol (aBFT). It's also fully compatible with the Ethereum Virtual Machine (EVM), allowing for developers to easily port their decentralized applications (dApps) from the Ethereum mainnet to the Fantom mainnet. Naturally, such bridges require sufficient liquidity of the utilized tokens to work reliably. As always, a risk of protocol changes on either the sender or destination chain might interfere with token transfers or affect tokens locked in the bridge. Similar to any bridge that involves staking and slashing, the expected rewards for validators should be greater in scenarios where they materially contribute to consensus than in scenarios where they attack or try to exploit the network (i.e., expected value of honest block generation should exceed the expected value of fraud).
Due to EVM compatibility, the Fantom AnySwap bridge is highly popular amongst crypto users. This bridge acts as a cross-chain portal between most well-adopted blockchain networks, using Fantom’s infrastructure as a crossover point. This includes:
- Avalanche
Multichain
Multichain has two mechanisms to bridge assets: cross-chain bridges and routers. Cross-chain bridges first lock tokens in a secure multi-party computation (SMPC) address, then a smart contract mints the equivalent amount of wrapped assets on the destination chain into the user's wallet (lock-and-mint method, discussed below). Withdrawing assets is the exact opposite: burn the wrapped assets, and then the SMPC address releases the native tokens back to the user on the original chain. Importantly, no humans are involved in this process.
Lock-and-Mint (LaM)
LaM bridges use off-chain validators/verifiers and a lock-mint-burn solution to overcome the communication barriers between separate L1 blockchains. The validators are responsible for the assets and functionality of the system. They're third-party actors introducing new trust assumptions unique to the validator set. Practically speaking, lock-and-mint is similar to an automated bank; they manage transactions in a more centralized, trust-based manner.
You lock your assets on the source chain and then mint new synthetic/wrapped “equivalent” tokens on the new chain. All networks have a native token, and any other network can issue its own version of that token by “bridging” the asset. This system's security depends on the bridge and network of validators that validate transfers. This bridge type is currently the most common, despite being the most vulnerable. For instance, wBTC (wrapped available on Ethereum) is one of the largest bridges by TVL and utilizes the centralized company BITGO as the sole validator set. BitGo is responsible for all users' TVL.
Multi-party computation (MPC) is a solution for securing data among several participants in a private manner. It allows many parties, each with their own private data, to verify the final computation without revealing their own secret portion of the data. Each participant in an MPC possesses a piece of confidential information. Typically, one entity owns one part of a cryptographic key that can move funds or change code.
Even if a bridging protocol has a limited quantity of relayer nodes, the relayers can be chosen at random from the pool of candidates to create the multi-party computing (MPC) group. To authorize a cross-chain transaction, the protocol can require a minimum number of relayers to come together and sign the message before any action can be taken. The greater the threshold of an MPC group, the less likely it is that relayer groups will collude.
Multichain utilizes this key architecture to secure its LaM bridge. The decentralized SMPC node network runs the distributed signature algorithm, albeit just 21 of them. This process means Multichain is a de facto multi-party custody system with federated validators. Each of these 21 nodes independently verifies the source chain’s status and reaches a consensus together using the threshold-distributed signature algorithm on the verification results. No complete private key is shared at any point in the bridging process because nodes don't share their private keys with each other. All nodes can not reach a consensus unless each node singularly agrees. As a result, Multichain’s SMPC network guarantees correct results and can provide fast finality.
Unsurprisingly, the largest number of Multichain active user addresses are on BNB Chain, Polygon, and Ethereum. One element that is somewhat surprising is that the majority of Multichain funds are on Fantom (40%+).
Multichain’s router works a bit differently, enabling any asset to be transferred, whether it is a native token or a token created using Multichain’s bridge infrastructure. The router is more akin to a liquidity pool; hence liquidity drives a user’s ability to bridge (as well as the overall UX) in the Multichain pools.
To bridge tokens from chain A to chain B using the router:
- You deposit 10 ETH (as an example) to a Multichain pool on chain A
- 10 "multi-ETH” (a wrapped version of ETH) are then minted on chain A
- The SMPC node network then mints 10 multi-ETH on chain B while at the same time burning 10 multi-ETH tokens on chain A
- As long as the number of ETH tokens in the Multichain pool on chain B is greater than the multi-ETH tokens created, then those ETH tokens are sent to your wallet on chain B and the multi-ETH tokens are burned
To the extent there aren’t enough multi-ETH tokens in the pool on chain B, you’ll be left with residual multi-ETH that can be later redeemed for ETH when they become available.
As mentioned, you must pay close attention to liquidity in Multichain pools. Otherwise, your experience could suffer. A potential router user must ensure sufficient depth in the Multichain pool to obtain the native asset; otherwise, they’ll have to wait for other users to refill the pool, and they can swap out of the wrapped asset.
But what happens when liquidity doesn’t exist on the other side of the bridge? To solve this, Multichain created a function that mints a token called “multiUSDC.”
Let’s say we’re trying to move $100 USDC from Ethereum to Fantom, and only $50 of liquidity currently exists in the Fantom USDC pool:
- Deposit USDC into the bridge on
- Receive multiUSDC on
- $50 of our multiUSDC would be burned and swapped for real USDC, and the remaining $50 'multiUSDC' would stay in our wallet. The multiUSDC still acts as an I.O.U from the protocol
Security and Trust Assumptions
Issues arise for Multichain if people stop using it or protocols don't provide sufficient liquidity. In these cases, the router would become useless, and the classic lock-and-mint bridge would be the only option.
Another potential failure point relies on the 21 nodes’ trustworthiness in verifying transactions. Multichain economically incentivizes validators' behavior, but they still represent “trusted third parties.” The nodes in Multichain's SMPC control individual externally-owned accounts with public addresses correlating to the ultimate private key. There are 21 nodes in total, operated by various institutions in the crypto industry. These accounts can transfer assets to the destination chain, which only verifies the sender's address and not the message itself.
Consensus requires the majority of nodes to come together to verify the messages.
The security of this protocol, therefore, depends on the reputational security of the SMPC nodes, which presupposes an honest majority of more than half of all nodes. 13 signatures are required for cross-chain data transmission, and 12 nodes must collaborate to censor communications.
Additional cons include the following notable examples:
- 81.4% of supply is locked in a contract, and those tokens could come onto the market in the future
- Future utility for MULTI token is up to a governance vote
- Without liquidity, it offers no competitive advantage over wrapped asset bridges
Two Previous Hacks
July 2021
In July 2021, the (at the time) experimental Anyswap multichain prototype V3 router was targeted in a successful hack. It is important to note that the Anyswap LaM bridge was not impacted and only the new cross-chain liquidity pools under the V3 Router on BSC were subjected to the hack. At a high level, the hacker was able to break the MPC that Anyswap had in place. The hacker deduced the private key to this MPC account by discovering two transactions with the same R-value signature. In a post-mortem, the Anyswap team was able to reproduce the attack method, further proving their MPC design was sub-optimal.
This hack resulted in a significant loss for Anyswap, with approximately $8 million being stolen off the platform. The Anyswap team took immediate action to secure all exploited funds and remedy the situation but the damage was already done. Additionally, the patch that the Anyswap team released to fix the bug received some from experienced crypto and DeFi professionals.
January 2022
In just ~six short months later, (now) Multichain suffered another hack. In January 2022, multiple hackers exploited flaws in Multichain's smart contracts to steal ~$3 million across six token pairs on the project's router. Due to a flaw in the coding for these tokens' contracts, an attacker was able to steal any users' funds that had previously created approvals for any of the six coins.
Ironically, the Multichain team uncovered this issue first and issued a public statement asking users who may be susceptible to revoke the approval. However, this notice also alerted the attackers to the issue. Multiple attackers targeted Multichain users who had approved these tokens and stole almost $3 million worth of tokens from the project.
Multichain has undergone numerous public and also offers a $2M bounty with Immunefi.
