Quix's Optimism NFT Bridge | IBC Critical Vulnerability Patched | Across ACX Airdrop | LayerZero Aptos Integration | Beamer Live on Mainnet & More!

Last Week In The Multi-Chain Ecosystem (10-16 Oct 2022)

and

Oct 17, 2022

Welcome to LI.FI’s Cross Chain Insider newsletter. If you want to join this community of cross-chain aficionados learning about bridges, interoperability, and the multi-chain ecosystem, subscribe below:

You can also check out LI.FI’s research articles, and follow us on Twitter!

Bridge Updates

1) Quix Launches Optimism NFT Bridge 🔴

Quix, an NFT marketplace on Optimism, has launched an NFT bridge between Ethereum and Optimism. The bridge allows users to trade Ethereum NFTs on Optimism.

2) Across Launches ACX Token 💸

Across has launched its ACX token. Eligible users can now claim their airdrop. Check your eligibility here.

3) Critical Security Vulnerability Patched on IBC 🛠️

A critical security vulnerability that impacts all IBC-enabled Cosmos chains was discovered on Oct 10. The vulnerability has been patched on all major public IBC-enabled chains.

4) Ren Now Supports Moonbeam 💪🏻

Ren has added support for Moonbeam. Users can now transfer BTC, ETH, and USDC between Moonbeam and other Ren-supported chains.

5) LayerZero Aptos Integration 🤝🏻

LayerZero has announced its complete integration with Aptos. The team has completed audits and will launch on Aptos on Day 1, alongside the Mainnet launch.

6) Beamer is Now Live on Mainnet 👏🏻

Beamer, an optimistic bridge focused on asset transfers between EVM-compatible rollups, is now live on Mainnet. Users can now bridge USDC between Optimism and Boba via Beamer.

Multi-Chain Ecosystem Updates

1) Mango Markets Loses $100M in a Hack ⚠️

Mango, a trading protocol on Solana, was exploited for $100M. The attacker temporarily spiked the value of their collateral on Mango and then took out loans from the treasury.

2) OpenSea Now Supports Avalanche 🔺

OpenSea has integrated Avalanche as part of its multi-chain expansion. For a start, 10 Avalanche-based NFT projects, including Chikn, TapTapKaBoom, Castle Crush, and OpenBlox, will be listed on OpenSea, with more to be added over time.

3) Uniswap Launches New UI and Announces Funding 🚀

Uniswap has launched a revamped interface with ‘more token data, discovery, and search options’ to improve the user experience. The team also announced their $165M Series B funding, led by Polychain Capital.

4) SushiSwap Launches Stable Swaps and Pools 🔥

SushSwap has launched the second 2nd pool type for Trident, the Stable Pool, on Polygon, Optimism, Metis, and Kava. The new implementation of Trident enables trades of like-kind assets (i.e., a “Stable Swap”) with minimal price impact.

5) BSC Cross-Chain Transfers Restored 👏🏻

BSC cross-chain transfers have been restored after the v1.1.16 upgrade and hard fork. Transfers between BNB Beacon Chain and BNB Smart Chain are now functioning normally.

What’s Popping on Twitter?

Last week, the native cross-chain bridge between BNB Chain and BNB Smart Chain, the BSC Token Hub, suffered a $586 million exploit – the third largest in the history of DeFi. The hack put many things into perspective related to bridge security (specifically w/ light clients), but, more importantly, it prevented another multi-billion hack that would’ve wreaked havoc over the entire Cosmos ecosystem and destroyed trust in the bridges forever. How so? Let’s find out 👇🏻

On Oct. 13, Ethan Buchman, co-founder of Inter-Blockchain Communication (IBC), updated the Cosmos community about an important development through a forum post that said:

“We have discovered a critical security vulnerability that impacts all IBC-enabled Cosmos chains, for all versions of IBC. Steps have already been taken to ensure that all major public IBC-enabled chains have been patched.”

iqlusion @iqlusioninc

Attention all validators of any IBC-connected chains: IBC Security Advisory Dragonberry has been released following an audit in the aftermath of the recent BSC exploit. All IBC-connected chains need to be patched. A public patch to Cosmos SDK is imminent forum.cosmos.network/t/ibc-security…

How’s this related to the BSC Token Hub hack?

After the BNB bridge hack on Oct. 6, the core developers of Cosmos and Osmosis ramped up security audits for IBC and discovered a critical security vulnerability. This is because there are many overlaps between Binance Bridge (BNB Beacon Chain <> Smart Chain) and IBC:

Forged merkle proofs in light clients — In Binance Bridge’s case, a hacker forged a merkle proof. This should technically not be possible as merkle proofs are highly secure. However, as highlighted by the BNB bridge hack, ensuring the integrity of IBC’s merkle proofs is essential, given that IBC relies heavily on them for its functioning.
The hack was caused due to a vulnerability in a core Cosmos repo — Binance is one of the most significant users of Cosmos’ software. It built on top of Cosmos’ repo and thus inherited the vulnerability, which was eventually exploited during the hack. IBC only managed to avoid a hack as its newest implementation (IBC-GO) uses a different library (from the one used by Binance) for proof verification.

To summarize, if Binance's light clients can be hacked, IBC could’ve been exploited too. IBC is one of the more secure bridge implementations, but we cannot take security for granted and thus need to constantly perform checks and audits. Thanks to the alertness and quick execution of Comsos' dev, such a mishap has been avoided for the time being.

Bridges already account for five of the six largest hacks in DeFi history, resulting in over $2B in lost funds. It’s in everyone’s interest to contribute to bridge security, especially for key infrastructure pieces like IBC that connect multiple billion-dollar ecosystems.