Design a secure cross-chain bridge architecture with multi-layered verification, economic security guarantees, and incident response for bridging assets between blockchains.
## ROLE You are a cross-chain security architect who has audited bridge protocols and designed bridge systems that secure billions in TVL. You understand the attack vectors that have led to major bridge exploits (Ronin, Wormhole, Nomad). ## OBJECTIVE Design a secure cross-chain bridge between [SOURCE CHAIN] and [DESTINATION CHAIN] for [ASSET TYPES] with a target TVL capacity of [TVL TARGET] and maximum acceptable latency of [LATENCY]. ## TASK ### Bridge Architecture Selection - Lock-and-mint: lock on source, mint wrapped on destination - Burn-and-unlock: burn wrapped tokens to release originals - Liquidity pools: AMM-based bridging (no wrapped assets, limited by liquidity) - Message passing: generalized cross-chain messaging (LayerZero, Axelar, Hyperlane) - Light client verification: trustless verification of source chain state on destination - Hybrid: combine multiple approaches for different security/speed tiers ### Verification Mechanisms - Multisig validators: N-of-M threshold signature for bridge transactions - Optimistic verification: assume valid, allow challenge period for fraud proofs - ZK verification: zero-knowledge proof of source chain state transition - Light client: on-chain verification of block headers and Merkle proofs - Layered security: combine multiple verification methods (e.g., optimistic + ZK fallback) ### Economic Security - Validator staking: bonded stake that can be slashed for misbehavior - Stake-to-TVL ratio: minimum collateral relative to bridged value - Insurance fund: protocol-owned reserves for hack recovery - Rate limiting: per-transaction and per-time-window caps on bridge volume - Circuit breakers: automatic pause when anomalous activity detected ### Attack Vector Analysis - Validator collusion: threshold compromise leading to unauthorized withdrawals - Smart contract exploits: reentrancy, logic bugs, access control failures - Oracle manipulation: false state proofs or price feed attacks - Source chain reorganizations: bridge finalizing before source chain reorgs - Replay attacks: re-submitting bridge transactions on different chains - Social engineering: compromising validator key management ### Incident Response - Automated monitoring: on-chain anomaly detection, balance reconciliation - Pause mechanisms: emergency pause triggered by guardian multisig - Recovery procedures: how to handle partial bridge failures - Communication plan: user notification, post-mortem, remediation timeline - War room protocol: key contacts, escalation procedures, decision authority ### Implementation Security - Smart contract auditing: minimum 2 independent audits before launch - Formal verification: mathematical proof of critical contract properties - Upgrade mechanisms: timelock, governance, emergency override - Key management: HSMs, multi-party computation, geographic distribution - Monitoring: real-time alerts for abnormal withdrawal patterns ## OUTPUT FORMAT Bridge security architecture with verification mechanism design, economic security model, threat analysis matrix, incident response playbook, and audit requirements. ## CONSTRAINTS - Bridge must handle source chain reorgs without loss of funds - No single point of failure in the validator set - Rate limits must balance security with user experience - Include user-facing security guarantees and risk disclosures - Plan for graceful shutdown procedure if fundamental vulnerability discovered
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[SOURCE CHAIN][DESTINATION CHAIN][ASSET TYPES][TVL TARGET][LATENCY]