Developers
Use cases
Knowledge hub
Background
LI.FI knowledge hub
the problem

Avalanche Bridge — A Deep Dive

Designed by Ava Labs, Avalanche Bridge is a quick, secure, and low-cost way to bridge assets between Avalanche and Ethereum. With Avalanche Bridge, users can execute cross-chain transfers between Avalanche and Ethereum in a single on-chain transaction.In this article, we will cover the following:

  • Avalanche Bridge: An Overview

  • Avalanche Bridge Design and Architecture

  • How It Works — Transaction Lifecycle

  • Security Model

  • Incentives

  • LI.FI Evaluation Model

  • Supported Chains and Assets

  • Team and Community

  • Closing Thoughts

Avalanche Bridge: An Overview

Avalanche Bridge (AB) was launched in July 2021 by Ava Labs. The AB replaced a previous bridge design, the Avalanche-Ethereum Bridge (AEB). Along with shortening the name (AEB -> AB), the upgrade to AB saw a 5x decrease in fees, stronger security, and faster finality for bridge users.Built with retail users firmly in mind, Avalanche Bridge prides itself on giving users a simple interface and seamless experience moving assets to and from the Avalanche ecosystem. Avalanche Bridge adds trust assumptions via a wardens-based system that moves assets cross-chain affordably and efficiently. Notably, Avalanche Bridge relies on a relationship between an enclave, or a private codebase, and four “wardens” run by Avascan, BwareLabs, Halborn, and Ava Labs that watch for and relay cross-chain information to the secure enclave.As described in its documentation and marketing materials, the Avalanche Bridge prides itself on the following characteristics:

  • Security — AB is audited and is built with security-first technologies

  • Cost-Effectiveness — minimizing the cost of bridging assets is prioritized

  • Speed — a transaction should execute in the least amount of time possible

  • Transparency — users are informed of their transfer status at every step of the way

  • Intuition — a clean UI allows crypto users (new and old) to utilize the system

  • Ecosystem support — easy integration with Avalanche tools

  • Multi-chain — supporting multiple blockchains and assets

This document examines Avalanche Bridge in the content of the above characteristics, along with the standard criteria employed in LI.FI deep dives.Let’s jump into the details.

Avalanche Bridge Design and Architecture

The design of Avalanche Bridge can be broken down into two parts, a group of relayers and a private codebase that verifies the transactions sent by the group of relayers. In Avalanche Bridge terminology, this group of relayers is called “wardens,” and the private enclave is an “Intel SGX” application.

ArticleImg

Wardens

The foundational job of a warden is to monitor the Avalanche and Ethereum blockchains. When a warden sees a supported ERC-20 token sent to the Avalanche Bridge’s Ethereum wallet they relay that information to the Intel SGX enclave. On the way, from Avalanche to Ethereum, wrapped ERC20 assets are not sent to the Avalanche Bridge wallet. Rather, the enclave (which is made up of four wardens) watches for the wrapped ERC20 asset to be “burned”, and signals the transfer of the equivalent amount of other assets to Ethereum.From there, the transaction is confirmed, and the token is either locked and minted (Ethereum -> Avalanche) or burned and released (Avalanche -> Ethereum). Notably, for a cross-chain transaction to be confirmed, three out of the four wardens must have reported to the enclave with the exact same information.To do its job, a warden consists of three components: a Golang server (which indexes Ethereum and Avalanche transactions and communicates directly with Avalanche Bridge), an AvalancheGO node, and an Ethereum Geth node. Together, these three components allow wardens to:

  1. monitor both chains for potential cross-chain transactions

  2. communicate with the bridge to relay information about cross-chain transactions and

  3. track the wrapping and unwrapping of assets once the information has been relayed

In addition to tracking transactions, each warden stores a secret share from the Intel SGX enclave. This means that the private key of the enclave, which we will discuss shortly, is only available if 3/4 warden shares their private key at one time. Because of this, Avalanche Bridge could potentially restart the Intel SGX enclave at any point, even if it were wiped out, as long as ¾ wardens shared their key successfully.Lastly, a warden is in charge of ensuring that information such as fees, minimum transfer requirements, and supported ERC-20 tokens are available to the public, as the Intel SGX enclave is not publicly accessible. This means that it is up to the wardens to educate the Avalanche user base on such details.The wardens are run by Avascan, BwareLabs, Halborn, and Ava Labs — which are four of the most prominent stakeholders in the Avalanche ecosystem. According to documentation, Avalanche does plan to expand the warden set, though no specifics have been announced.

Intel SGX Enclave

To put it simply, the SGX application is a private enclave that requires 3 out of 4 wardens to submit the same transaction before signing off on a bridge transfer between Ethereum and Avalanche. Notably, each warden communicates with the enclave independently via encrypted messages utilizing TLS and including HMAC signatures.Let’s dive into this at a deeper level. Intel Software Guard Extensions (SGX) is a code set that allows a system to operate with private regions of memory, called enclaves, where contents are protected and unreadable outside of any process or entity outside of the enclave itself. This SGX application, this enclave, is the core to the Avalanche Bridge, as it signs off on cross-chain transfers. One of the biggest risks of the Avalanche Bridge system is someone being able to fake a private enclave.Avalanche Bridge relies on “remote attestation,” a computer science process wherein a third party (a warden) can attest that a remote entity (the enclave) is running the correct code and can be trusted. From there, a communication system can be established by the third party and the remote entity. In the context of Avalanche Bridge, remote attestation by wardens force the enclave to prove its identity, show that its source code has not been tampered with, the enclave verifies its identity, that the source code hasn’t been tampered with, confirm that it’s running on a genuine SGX enabled platform and that it has the latest security updates. Furthermore, after each warden provides attestation of the enclave, it will post the report to a public JSON file.As discussed above, the private key of the Avalanche Bridge enclave is protected because the key is split into four “secrets” and distributed to the four wardens. Each time the enclave is started up or the warden is asked for a secret share, the warden performs remote attestation with the enclave to ensure it is acting as it should.Once established, the enclave’s purpose is to communicate directly with wardens to learn about on-chain events and then sign off on cross-chain transfers between Ethereum and Avalanche, which includes the minting of wrapped ERC assets on Avalanche and the release of ERC-20 tokens back to Ethereum.

ArticleImg

How It Works

A cross-chain transfer on Avalanche Bridge is quite simple from a bird’s eye view.Author’s note: the Avalanche Bridge experience must be funneled through their user interface. Sending tokens directly to the bridge contract will potentially lead to stuck funds.Essentially, a user will send an ERC-20 token to the Avalanche Bridge address on Ethereum. Then, the wardens work with the secure enclave to validate the transaction. Once validated, a wrapped ERC-20 token is minted on Avalanche and sent to a destination address.The process is a little bit different on the way back. Assets are not sent to the Avalanche Bridge’s c-chain wallet. Instead, they are just “unwrapped” or “burned” by calling the method on the smart contract. Once that is done, a native ERC-20 token is unlocked on Ethereum and sent to the destination address.

ArticleImg

Before we move on, a few interesting characteristics of Avalanche Bridge must be addressed.

  1. Transaction speed — A transaction on Avalanche Bridge takes about 10–15 minutes. The vast majority of this time is due to restrictions in Ethereum’s finality. The Avalanche side of the Avalanche Bridge only takes a few seconds to process.

  2. Fees — Avalanche Bridge charges transfer fees for both the gas costs on Ethereum and Avalanche, along with the operational cost of bridge infrastructure. When moving from Ethereum -> Avalanche, this fee is currently $3 in the ERC-20 token being moved. The bridge fee moving from Avalanche to Ethereum is currently $20 + the estimated price of Ethereum gas at the time of transaction.

  3. Role of AVAX token — To initiate transactions on Avalanche, AVAX, the native token of Avalanche, is required. Due to the nature of bridging from Ethereum to Avalanche, wherein it is presumed that a user has never been to Avalanche before and, therefore, does not hold AVAX, for any cross-chain transfer larger than $75, a small portion of AVAX is airdropped to a user’s wallet to facilitate a user’s first transaction post bridge. Furthermore, the Avalanche Bridge user interface automatically cancel any transfer of funds from Avalanche back to Ethereum when the transfer amount is less than the fee amount.

  4. Limitations in functionality and wallet support — Users can only send tokens to the same wallet address on the other chain. Furthermore, sending tokens directly to the bridge’s wallet will result in the loss of funds. Avalanche Bridge recommends that users only interact with the bridge via their user interface. In addition, smart contract wallets, like Ambire or Gnosis Safe, are not supported by Avalanche Bridge.

Security Model

Avalanche Bridge’s security model is based on the following:

  • Smart Contract Audits — the Avalanche Bridge has undergone a third-party

     audit from Halborn

    . Any future changes or contracts must undergo similar audits via Halborn.

  • The Enclave — While the design of AB is trusted (due to the reliance on only four wardens at the moment), it is secured using Intel SGX Enclave technology that utilizes secret sharing to splits up the private key of the enclave among wardens.

  • Reputation — The wardens of Avalanche Bridge are financially and reputationally incentivized to act in good faith. If a firm like Ava Labs were to act maliciously in allowing for erroneous cross-chain transfers, then the integrity of the entire Avalanche ecosystem would be under fire.

  • Finality — At the base layer, the cross-chain transfers must be approved by nodes on either Ethereum or Avalanche. While this finality section cannot combat malicious information, it can cement cross-chain transfers. Once a user receives assets, they are immutably theirs once enough blocks have been confirmed on Ethereum and Avalanche.

Risks

As a dApp developer integrating an external tool, the biggest risk is always the reliability of the tool and the underlying trustlessness of any of the systems the tool implements. In the case of Avalanche Bridge, here are the most significant risks

  • Smart Contracts — although Avalanche Bridge has been audited and was built by one of the strongest teams in crypto, there are always risks when humans write code.

  • Trustedness — Avalanche Bridge employs a trusted design — meaning the reputation of the wardens is central to the success of Avalanche Bridge. If wardens were to collude or get hacked, this poses a significant risk, as there are only four wardens trusted to validate transactions.

  • Blockchain Uptime — Avalanche Bridge connects Ethereum and Avalanche, which brings on the risks associated with 1) the integrity of the underlying blockchains and 2) the integrity of the tokens, be it ETH or ERC-20s. If Ethereum or Avalanche were to stall or be 51% attacked (which may never happen), the Avalanche Bridge would most likely be hugely affected (though, due to its trusted nature, it could go offline quickly)

  • Intel SGX Enclave — while the remote attestation-based secure setup of the Intel SGX enclave is currently cutting edge and follows best practices, as with all technology, this could soon become outdated.

  • Mainnet — The Avalanche Bridge holds all collateral in its Ethereum wallet. If this wallet were to be successfully attacked, then the wrapped assets on Avalanche would fail to hold value. (For reference, the Avalanche Bridge site

     

    provides

     

    proof of assets links here.)

LI.FI Evaluation Metrics

ArticleImg

Author’s Note: native bridges will inherently score lower on security, connectivity, and statefulness than generalized data messaging bridges, trusted bridges, or trustless bridges. This is because teams oftentimes prioritize reputational security and Ethereum connectivity over system trustlessness and connecting with other chains.

Let’s evaluate Avalanche Bridge’s design according to the following attributes:

  • Security — Avalanche Bridge’s security is based on a trusted design. There is a foundational assumption that wardens will act correctly due to their overall reputation and pre-existing stake in the Avalanche ecosystem. Three out of the four wardens are necessary to sign off on a transaction, meaning that 75% of validators must collude to erroneously mint tokens on Avalanche from Ethereum. This sounds like a large percentage; however, with only four wardens, Avalanche Bridge has three rather public attack vectors. That being said, the “enclave” is secured via Shamir Sharing — meaning the secret key is split among the four wardens, making it very difficult for someone to mimic the enclave’s origination, which would give an attacker the clearance to sign off on transactions and get that 75% collusion. Despite the somewhat trusted design and limited number of wardens, if you agree with the premise that an actor such as AvaScan will not take steps to hurt the ecosystem their tech is built on, the argument can be made that Avalanche Bridge is adequately secure. However, an expanded Warden set, which is on the roadmap, would make LI.FI much more comfortable in recommending Avalanche Bridge.

  • Speed — With an average bridging time of 10 minutes (with most of this time allocated for Ethereum finality and just a few seconds for Avalanche finality), Avalanche Bridge should not be considered a fast bridge. However, due to the reliable nature of block times on both Ethereum and Avalanche, the expected speed can be trusted if the user chooses to pay the recommended amount of gas.

  • Connectivity — Avalanche Bridge’s connectivity is severely limited at the moment, as it only facilitates transfers between Ethereum and Avalanche. However, this is subject to change. As announced a few months back, the team plans to allow for native Bitcoin bridging.

  • Capital Efficiency — Due to the unpredictable nature of Ethereum gas fees, Avalanche Bridge charges an additional $20 fee on bridging transactions from Avalanche to Ethereum, which is relatively high. However, the fee from Ethereum to Avalanche is only $3 (in the token being bridged). Additionally, Avalanche Bridge has instituted a failsafe wherein bridging attempts are automatically blocked by the UI if the amount being bridged does not exceed the transaction fees. On the liquidity side, there is no information on who is providing funds, though the Ethereum side currently holds over $2 billion in assets.

  • Statefulness: As currently constituted, the statefulness of Avalanche Bridge, aka the ability to pass messages outside of just token transfers, is limited. Avalanche Bridge is built as a lock and mint mechanism, meaning that cross-chain transfers can only be done through minting or burning wrapped ERC-20 tokens on Avalanche. However, as an externally verified bridge, there is certainly the possibility that Avalanche Bridge will expand this capability to other types of assets, such as NFTs.

Supported Chains and Assets

Avalanche Bridge is a two-way bridge to and from Avalanche and Ethereum.As of now, Avalanche bridge supports the following:

  • ERC-20 tokens from Ethereum -> Avalanche as wrapped ERC-20 tokens

  • Wrapped ERC-20 tokens from Avalanche -> Ethereum as native ERC-20 tokens

When bridging assets from Ethereum to Avalanche, assets will be designated as wrapped via a “.e” at the end of the asset (ex: WETH -> WETH.e). The “.e” is then dropped when sending assets from Avalanche back to Ethereum.Notably, Avalanche Bridge does not support other types of asset transfers, including Avalanche native tokens being sent to Ethereum.

Team

Avalanche Bridge was created by Ava Labs, the firm that initially developed and launched Avalanche as a layer 1 smart contract chain to compete with Ethereum.

Community

You can stay updated about Avalanche Bridge and its community through the following:

For more information on Avalanche Bridge, here are a few other recommended reads:

Closing Thoughts

As covered above, the Avalanche Bridge is a fantastic solution for moving assets to and from Ethereum or Avalanche — and the data backs it up. For example:

  • The bridge currently supports $2.1 billion in Ethereum assets on Avalanche, based on the holdings of its Ethereum address.

  • Data from DeFi Llama shows that at over $2 billion in assets, Avalanche Bridge would rank as a top 5 bridge by total-value locked.

  • In the thirty days before June 10th, Avalanche Bridge supported just under a total of $5 billion in deposits and withdrawals, at an average of 200–300 transactions per day.

We’re excited to integrate Avalanche Bridge into LI.FI and offer its features to our users. We believe the vision and values of both teams are aligned towards creating a highly interoperable multi-chain ecosystem. We look forward to working closely with the Avalanche Bridge team to build key infrastructure for the multi-chain future.

FAQ: Avalanche Bridge — A Deep Dive

Get Started With LI.FI Today

Enjoyed reading our research? To learn more about us:

Disclaimer: This article is only meant for informational purposes. The projects mentioned in the article are our partners, but we encourage you to do your due diligence before using or buying tokens of any protocol mentioned. This is not financial advice.

Circle's Cross-Chain Transfer Protocol (CCTP) — A Deep Dive

Tails Integrates LI.FI's SDK