NEAR's Rainbow Bridge Was One of the Best! And Now, They're Switching Away From It?!

By Michael @ CryptoEQ | CryptoEQ | 18 May 2023


You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets. 

67cbbf4723857b85c151585aa280e6d940346c501cef75bafd7dea02b44b24c9.png

Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:

  • Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
  • Early access to future CORE ratings: Being early is sometimes just as important as being right!
  • Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
  • CORE report Audio playback: Don’t want to read? No problem! Listen on the go.

 

NEAR Bridges

NEAR announced in May 2023 its intentions to partner with Wormhole Bridge to create a new zero-knowledge (ZK) based bridging solution to serve as the official cross-chain bridge in the NEAR ecosystem, replacing the Rainbow Bridge. The collaboration involves developers from both NEAR Protocol and Wormhole Bridge, intent on devising light client solutions to foster the usage of ZK Proofs in cross-chain transfers. Once the transition is complete, the Wormhole Bridge will shoulder the significant task of overseeing all NEAR's cross-chain transfers with Ethereum.

The integration of NEAR with Wormhole brings ZK Proofs into play, aimed at ensuring heightened security in cross-chain transfers between NEAR and Ethereum. ZK Proofs offer an effective approach to secure and verify transactions between the Ethereum and NEAR blockchains. Nevertheless, the process of ZK Proofs application can be computationally intensive, leading to the necessity for light client solutions, as expressed by the NEAR Foundation.

This collaboration is strategized to construct light client solutions that delegate a bulk of the computational requirements needed for ZK Proofs to an off-chain layer. This approach, as suggested by the NEAR Foundation, is projected to optimize storage and computational resources significantly.

 

What Was Rainbow Bridge and How Did It Work?

NEAR Protocol’s Rainbow Bridge connects the NEAR blockchain and Ethereum (and Aurora). It does so in a way that aims to require significantly less trust in third parties such as WBTC and similar custodial bridges in which the custodians and validators are wholly trusted. NEAR’s Rainbow bridge uses light client verification to ensure correct reporting for the sending and destination chain states.

Using the NEAR Rainbow bridge only requires trusting Ethereum’s miners, NEAR’s validators, and the quality of the code describing the light client on-chain, i.e., no major bugs. Practically all of the most significant bridge exploits have involved a critical threshold of validator keys associated with multi-sig control of the bridge, falling into the wrong hands. This motivates the need for a reliably secure cross-chain (L1-to-L1) bridging solution. 

A light client bridge involves instantiating light clients instead of full nodes in smart contracts. In the case of NEAR’s Rainbow bridge, a light client of the NEAR blockchain is instantiated in smart contracts on the Ethereum blockchain, and a light client of Ethereum is instantiated in smart contracts on the NEAR blockchain. Light clients use Merkle trees to link blocks end-to-end, enabling quick transaction verification without requiring the entire blockchain history—running smart contracts with GB or TB of on-chain data would be unfeasible. Light clients are still computationally intensive, though the trade-off here is viable to the extent that their use ensures bridged chains have reliable information about the status of the other chain. In addition to the light clients running on each chain, a system of relayers, connectors and watchers also support the process. 

The Ethereum light client on NEAR uses precomputed Directed Acyclic Graphs (DAGs) to reduce the hardware requirements on the NEAR chain. It's also assumed that 25 (NEAR) block confirmations will be sufficient for the finality of relayed Ethereum blocks. 

Let’s break down the main components.

  • A Near light client on Ethereum
  • An Ethereum light client on Near
  • Relayers between the chains that communicate via block headers
  • Connectors that cryptographically prove the transfer via the light clients
  • Monitors that watch for transactions and submit fraud proofs, if necessary

Relayers read block headers on one chain and send them to the other. The connectors prove the cryptographic hash of bridge transfers via the on-chain light clients. At the same time, the watchers observe the system and are tasked with raising a flag when suspicious behavior occurs via fraud proofs. Relayers must bond sufficient ETH with their proposed block headers to cover the gas fees associated with a challenge or fraud allegation, either burned or claimed by a challenger following an accurate allegation. Anyone can be a watcher, and eager users can also provide their fraud proofs if they choose, particularly if they’re skeptical of relying on watchers. 

Rainbow Bridge front-end visualization. Source: Rainbow Bridge front-end visualization. Source: nansen_alpha\Twitter

To run through an example: 

  • You deposit and lock ETH in a NEAR Rainbow bridge vault on the Ethereum side. 
  • Once a connector has verified the cryptographic proof associated with this depositing of funds, a Relayer sends block headers to the ETH light client on NEAR. 
  • A connector on NEAR then begins the process of issuing this ETH representation on NEAR. The cryptographic proof of the deposits used and the connector compares block headers via the light client to independently verify. 
  • The confirmation that everything is in order results in the minting of ETH on NEAR. 
  • There's now ETH locked in the vault on Ethereum and an equal value representation of ETH issued on NEAR. Should you want to remove your ETH from the bridge, you must burn your ETH representations on NEAR before unlocking your ETH on Ethereum. 

Transfers from Ethereum take ~10 minutes (20 blocks), while transfers to Ethereum can take up to 16 hours. This speed makes bridges like Synapse more competitive for outflows, all other things equal.  

The NEAR Rainbow bridge includes a generalized messaging protocol; therefore, it has utility beyond just transferring assets. On-chain voting could be supported via the bridge, allowing users to vote on governance items for a chain using their assets from another chain. Additionally, the bridge can reliably communicate the state of any smart contract on either chain to the other bridged chains. 

Comparing Rainbow Bridge's economics to other solutions. Source: Comparing Rainbow Bridge's economics to other solutions. Source: NEAR Protocol

Security

The Rainbow bridge is a trust-minimized bridge that relies only on the security of the underlying networks and introduces no new middlemen to execute cross-chain communication.

The only entities that a potential Rainbow bridge user needs to trust are:

  1. Ethereum miners (soon-to-be validators)
  2. Near validators

Because of Near’s light client approach with Ethereum, an attacker would need to compromise the source chain AND the light client on the target chain to steal funds, making it incredibly secure compared to simple externally validated/multi-sig bridges.

While NEAR’s rainbow bridge represents a significant improvement over the existing industry incumbents regarding security and meaningful decentralization, tradeoffs are made. The NEAR light client on Ethereum verifies everything in the block header except the signature since verifying validator signatures on-chain on Ethereum is prohibitively expensive. This “optimistic” approach is why watchers must keep an eye on the network and submit fraud proofs. 

The Ethereum research community discusses the efficacy of such a system at length, with concerns around conspiracies between miners and watchers. Despite such concerns, this system has already successfully prevented attacks on the NEAR Rainbow bridge. It's also possible that innovations on the Ethereum network might streamline this process further; EIP-665 would precompile signatures and simplify the watcher process.

Near’s optimistic+watchdog security approach has been tested in real life (at least) two times in 2022 by bad actors attempting to attack the bridge. In May 2022, Aurora Labs’ C.E.O. Alex Shevchenko tweeted about an unsuccessful attack in which the attacker attempted to become a valid Rainbow Bridge relayer to send doctored blocks, posing as light client information. The watchers did their job and recognized this to be an invalid block and challenged the transaction. MEV bots recognized the challenge transaction and extracted 2.5 ETH from the attacker. The bridge's connectors were paused while the attack was investigated before restarting regular operations.

Then, again, in August 2022, a similar attack was attempted but was successfully detected, stopped, and the attacker lost 5 ETH. It is encouraging to see the security incentives successfully defend the bridge and its funds.

How do you rate this article?

41


Michael @ CryptoEQ
Michael @ CryptoEQ

I am a Co-Founder and Lead Analyst at CryptoEQ. Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.


CryptoEQ
CryptoEQ

Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.