Exploits

The two protocols will implement a standard for issuers to control the "canonical" minting of tokens, helping to reduce losses from unofficial bridges.

Connext cross-chain bridging protocol has announced a new token standard to reduce losses from bridge hacks. According to a July 24 announcement, the new “xERC-20” standard allows token-issuers to maintain a list of official bridges and control how many tokens can be minted by each.

In addition to Connext, DeFi platform Alchemix Finance will implement xERC-20 tokens, the announcement stated.

Connext Alchemix

Today, Connext is announcing support of the xERC20 standard and onboarding projects into safely bringing their tokens to every chain.

As our flagship user, we've been working with @AlchemixFi to bring $alUSD, $alETH, and $ALCX to @arbitrum and @optimismFND. https://t.co/S2tBLpuuqe

— Arjun | xERC20 arc (@arjunbhuptani) July 24, 2023

The new token standard was originally put forth on July 7 as Ethereum Improvement Proposal (EIP) 7281. It was co-authored by Connext’s founder, Arjun Bhuptani. At the time, Bhuptani said it would help to minimize losses from bridge hacks by acting on the principle that “Token issuers are the ones who get rekt when bridges get hacked.”

Instead of each bridge issuing its own version of a token on every network, the new standard would allow bridges to mint “official” or “canonical” versions of each token. However, they can only do this with the permission of the token issuer, and this permission would be enforced through smart contracts. Token-issuers would also be able to limit the number of coins that a particular bridge could mint, the proposal stated.

Under EIP-7281, bridges could still mint their own versions of tokens, but such derivative coins would not be considered “canonical” versions. As a result, consumers would eventually come to reject unofficial versions of coins. In Bhuptani’s view, this would lead to a safer DeFi space because it would put the responsibility of avoiding bridge hacks squarely on the shoulders of each token-issuer, which would help to prevent end-users from suffering losses.

To become an official part of the Ethereum ecosystem, an EIP has to be approved by EIP Editors, a process that can take months. The July 24 announcement said the standard will now be implemented in Connext and Alchemix ahead of its official approval, allowing end-users to rely on it immediately.

Related: Multichain bridge hack was a “big blow” to Fantom ecosystem, says Cronje

In the announcement, Connext stated that the token standard will be “forward compatible” with the official version should it eventually be approved by the EIP Editors. Bhuptani argued that the new implementation will prevent bridges with bad security or excessive centralization from being taken seriously, stating:

“This approach [...] encourages open competition and innovation as token issuers now have the flexibility [to] granularly update their preferences for supported bridges over time. Instead of prioritizing building a monopoly on liquidity, or trying to corner market share by locking-in token issuers (or in some cases entire chains), bridges are now forced to have an ongoing focus on their security and quality of service, lest they be delisted."

The issue of bridge security has become a hot topic in the crypto community. These concerns were amplified on July 7, when over $100 million was mysteriously withdrawn from the Multichain bridging protocol. The Multichain team at first only referred to the withdrawals as “abnormal,” but later clarified that an unknown individual had accessed their CEO’s cloud storage system to withdraw the funds without users’ consent.