Blockchain bridges vs payment channels

Bridges and payment channels (or “atomic swaps”) are both techniques to move value and tokens from one blockchain to another (although payment channels also have many other uses). Both techniques have different tradeoffs and do fundamentally different things. They are both frequently hyped as providing cross-chain compatibility, so I wanted to write this piece to explain their differences.

Just a note on terminology in this piece- when I say “bridges”, I mean bridges such as the xDai, wBTC, our under-development Peggy bridge, or NEAR’s Rainbow bridge. xDai and wBTC are custodial, and Peggy and Rainbow Bridge are trustless, but they work in the same basic way. When I refer to “payment channels”, I’m talking about using stuff like Connext or Interledger to move value between blockchains, although payment channels have many other uses besides cross-chain value transfer. In the context of cross-chain payments, they are also sometimes referred to as “atomic swaps”.

Let’s review how each of these techniques works.

Bridges

A bridge works by minting tokens on one chain when tokens are locked on another. For example, with Peggy, you send an ERC-20 token (let’s use the Dai stablecoin as an example) to a special Ethereum address, and specify which address on Cosmos should receive it. Your tokens on Ethereum are locked. Within minutes, Peggy mints tokens for you on the Cosmos side. These are not exactly the same token as the token you locked on Ethereum, but can be considered equivalent with some important caveats. We’ll call the token on the Cosmos blockchain “CosDai” for now. But in a user interface, it would simply be referred to as “Dai”, since in most cases the difference won’t matter to the end user.

You can send the CosDai tokens around on Cosmos and use them in decentralized applications there. CosDai can be sent back to an address on Ethereum by sending them to the Cosmos side of the bridge. The CosDai is then burned, and the same amount of Dai on Ethereum is unlocked. Due to this ability to exchange the synthetic Dai, CosDai, for real Dai on Ethereum, they should trade at the same price and basically be equivalent.

This is how all the bridges mentioned above work, as well as many others not mentioned. Some, like xDai and wBTC, are custodial, in that there is an administrator or group of administrators who safeguard the tokens. Peggy is considered noncustodial because the only entities that can control the bridge are the validators of the Cosmos chain that the tokens are being transferred to, and their control of the bridge is subject to the same consensus rules as the chain. This means that the bridge is no more or less secure than the chain it bridges to.

Payment channels

This method of bridging uses something called a hashlock, which is code running on a blockchain that releases some locked tokens once the pre-image of a hash has been revealed. By lining up several hashlocks on different chains, tokens can be released simultaneously. This enables trustless cross-chain transfers of value because nobody needs to trust that anyone else will hold up their end of the bargain.

Let’s say that you want to transfer Dai (a dollar-pegged stablecoin on Ethereum) to CosDollar (a different dollar-pegged stablecoin on Cosmos). To do this with channels you first need a counterparty who wants to do the opposite trade. In practice this role would be played by a market-maker type of entity who is getting a fee for providing the liquidity. This counterparty must have an amount of CosDollar equivalent to the amount of Dai that you would like to trade/move. In this example, since they are both stablecoins, this will usually be almost the same number of tokens. We’ll call this counterparty Charlie.

Now for the move. You lock up your Dai tokens in a hashlock on Ethereum which is set to release them to Charlie once you reveal the pre-image of a certain hash. Charlie now hashlocks her CosDollars on Cosmos, to be released to you using the same hash. Once this is done, you can reveal the pre-image of this hash. Once it is submitted to both blockchains, the money will be released. This is also known as an “atomic swap”, since it is atomic- it is not possible to release one of the hashlocks and not the other. You don’t have to worry that Charlie will take your Dai and not give you your CosDollars.

This example highlights one of the biggest fundamental differences between these two methods of cross-chain value transfer. Notice that you were trading Dai for CosDollars, not a representation of the actual Dai token on Cosmos. If Cosmos does not have a native stablecoin, this whole thing is not possible. This is because payment channel swaps do not issue tokens, while bridges do.

Other details:

Bridge: Bridge theft attack

The bridge is locking a token on one side for every token it issues on the other side. This could make it a juicy target. To steal the funds in the bridge, an attacker needs to take over the validator set of the blockchain that controls it. If the market cap of the proof of stake token on that chain is a lot less than the value of the funds locked in the bridge, this could become a real possibility.

For example, let’s say that Cosmos becomes the best place for people to pay each other in Dai, due to congestion and gas fees on Ethereum. Everyone is locking their Dai in Peggy and moving it around on Cosmos. So much Dai is being locked, that the locked amount is 3x the Cosmos market cap. Mallory, an evil genius, secretly starts buying up ATOM tokens (this is the PoS token of Cosmos and determines who validates the chain). She secretly uses her ATOM supply to put her own validators in control of the Cosmos blockchain. Once she controls 2/3rd of the Cosmos validators, she can use them to submit a transaction to the bridge transferring all the locked Dai to herself. After this happens, there is a huge shitstorm and the value of ATOM falls to 0. Mallory has lost a lot of money on the ATOMs, but she has gained much more from the Dai theft.

This attack vector is not directly present with a payment channel, simply because there is no locking, and no token issuance. It may still happen though. It is a risk that is present whenever any blockchain secures value which is not its native currency. For example, in the CosDollar example, if the total supply of CosDollars was a lot higher than the market cap of ATOM, it might be possible for Mallory to use the same attack to steal CosDollars.

Aside: I’m dealing mostly with PoS chains here, but the attack described here works on PoW chains as well. Instead of buying up the PoS token, Mallory would have to buy up enough hashpower to do this attack.

Payment channels: Development complexity

Payment channels are quite simple in concept, but they always seem to require a lot of auxiliary development to make them actually work well in the real world. Their use for cross-chain value transfers is no different. Consider the counterparty, Charlie. Who is this? You don’t need to trust her, but you do need to find her. The easiest thing to do is for someone to run one node playing the role of Charlie. This might be the developers of the payment channel protocol.

This centralized Charlie can’t steal your money, but she can censor your transactions. So this is already more centralized than the bridge or the underlying blockchain.

One alternative could be some kind of a marketplace for counterparties like Charlie. Someone could help facilitate an exchange either because they want to move tokens the other way, or because they are playing the role of a market maker and providing liquidity for a small fee.

Again, the design of all this would be pretty complicated and in-depth, and is much more difficult than the basic functioning of the channel. I also glossed over some important details in my example. While Charlie can’t outright steal your money, she can keep in locked in her channel for an amount of time called the “challenge period”. I won’t get into the reasons for this and all the details, but it adds even more complexity.

Verdict: Bridges are more flexible, if you want that.

Bridges let you transact any token across any chain that they are enabled on, but you need to keep in mind that the token you are transacting is not exactly the same as on its native chain. You need to consider the security of the chain you are transacting on as well as the security of the token’s native chain. This becomes even more complicated if the token has been sent across multiple chains (this is entirely possible!).

Cross chain value transfers with payment channels are necessarily coupled with a market exchange of one token for another, and that reduces their flexibility. They give you no ability to work with a token of your choice on a different chain. However, depending on your philosophy about what blockchains are for, this may not be a downside to you. Some people believe that there should be one token per chain, and that different tokens require different blockchains. In this philosophy, transacting with synthetic tokens minted by a bridge might seem like a bad idea or a security risk, and moving value across chains with a market exchange is the natural way to do it.