Exercises — Chapter 19: Interoperability: Bridges, Cross-Chain Communication, and the Multi-Chain Future
Section A: Conceptual Review
Exercise 19.1 — Why Isolation Is a Feature
Explain why blockchain isolation (the inability of one chain to natively read another chain's state) is a security feature rather than a design flaw. Your answer should address: a) What would happen if Ethereum validators were required to also validate Solana transactions. b) How a vulnerability on one connected chain could compromise another if they shared state. c) Why the traditional finance approach (shared settlement systems under legal authority) does not translate to decentralized blockchains.
Exercise 19.2 — Bridge Architecture Classification
For each of the following scenarios, identify which bridge architecture (lock-and-mint, burn-and-mint, liquidity pool, or light client) is being used. Justify your answer.
a) A user deposits 10 ETH into a smart contract on Ethereum. After 15 minutes, a relayer submits a cryptographic proof to Chain B, where Chain B's own validators verify the proof against their embedded Ethereum light client. 10 wETH are then minted on Chain B.
b) Circle receives a request to transfer 50,000 USDC from Ethereum to Avalanche. The USDC on Ethereum is destroyed, and 50,000 new USDC are created on Avalanche.
c) A user sends 5 ETH to a pool on Ethereum. A liquidity provider on Arbitrum releases 4.995 ETH (minus fees) from a pre-funded pool on Arbitrum to the user's Arbitrum address.
d) A user deposits 2 ETH into a vault on Ethereum. Five out of nine designated validators sign an attestation confirming the deposit. The attestation is submitted to Chain X, where a bridge contract verifies the signatures and mints 2 wETH.
Exercise 19.3 — The Interoperability Trilemma
The chapter introduces the interoperability trilemma: generalizability, extensibility, and trust minimization — at most two can be optimized.
a) Place each of the following on the trilemma, explaining which two properties they optimize and which they sacrifice: IBC, Wormhole (pre-hack), a centralized exchange transfer, and LayerZero.
b) Is the interoperability trilemma a fundamental constraint (like the CAP theorem in distributed systems) or an engineering challenge that could eventually be overcome? Argue both sides.
Exercise 19.4 — Wrapped Token Risk
A user holds 100 wETH (wrapped ETH) on Solana, obtained through Bridge Y.
a) List all the systems whose security the user is depending on. b) If Bridge Y is hacked and its Ethereum vault is drained, what happens to the value of wETH on Solana? Why? c) If Solana experiences a consensus failure (a long halt) but Bridge Y and Ethereum are functioning normally, can the user access their ETH? Explain. d) Compare this user's risk profile to someone holding 100 native ETH on Ethereum.
Section B: Technical Analysis
Exercise 19.5 — Ronin Bridge Post-Mortem
The Ronin bridge used a 5-of-9 validator scheme, and the attacker compromised 5 keys.
a) Calculate the number of unique sets of 5 validators (out of 9) that would constitute a valid signing quorum. (Use the combinations formula.) b) If Sky Mavis controlled 4 of 9 validators, how many additional validators needed to be compromised? What does this imply about the effective security of the bridge? c) Propose three specific changes to the Ronin bridge design that would have prevented or detected the hack. For each, explain the tradeoff involved. d) The hack went undetected for 6 days. Design a monitoring system that would have detected the unauthorized withdrawal within minutes. What metrics would you monitor, and what thresholds would trigger alerts?
Exercise 19.6 — Nomad's Zero-Root Bug
The Nomad hack exploited an initialization error that set the trusted message root to 0x00.
a) In Solidity, what does a mapping return for an uninitialized key? Explain how this interacted with the 0x00 root to make the proof verification accept any message.
b) The Nomad hack was called "the first decentralized hack" because anyone could copy the attack transaction. Explain why this was possible — what was special about the transaction structure that made it copyable?
c) Approximately 300 addresses participated in draining Nomad. Some were white-hat actors who returned funds. Discuss the ethical implications: if you discovered the exploit after others had already begun draining funds, would extracting assets with the intention of returning them be ethically justified? What are the legal risks?
Exercise 19.7 — IBC vs. Validator Committee Security
Compare the security guarantees of IBC (Cosmos) with a 13-of-19 validator committee bridge.
a) To forge a false cross-chain message via IBC, what would an attacker need to accomplish? Be specific about the consensus requirements. b) To forge a false cross-chain message via the validator committee bridge, what would an attacker need? How does this compare to (a)? c) If the value secured by the bridge is $5 billion, what level of economic security does each model provide? (Consider the cost of attacking each model.) d) IBC requires both chains to implement the IBC standard. Explain why this limits IBC's generalizability and discuss whether this tradeoff is worth the security benefit.
Exercise 19.8 — Cross-Chain MEV Calculation
Token X trades at $100.00 on Ethereum and $100.50 on Arbitrum. A trader wants to arbitrage this difference.
a) Calculate the gross profit from buying 1,000 Token X on Ethereum and selling on Arbitrum (ignoring all costs). b) Now account for costs: Ethereum gas (~$5 per swap), Arbitrum gas (~$0.10 per swap), bridge fee (0.05% of transfer value), and slippage (0.1% on each swap). What is the net profit? c) The bridge takes approximately 15 minutes to process the transfer. During this time, the price on Arbitrum could move. If the price moves against the trader by more than what percentage, the trade becomes unprofitable? (Use your answer from part b.) d) Compare this cross-chain arbitrage to a single-chain arbitrage where both DEXes are on Ethereum. What risks exist in the cross-chain version that do not exist in the single-chain version?
Section C: Design and Evaluation
Exercise 19.9 — Design a Bridge
You are tasked with designing a bridge to connect Ethereum to a new Layer 1 blockchain called NovaChain. The bridge must support transfers of ETH and ERC-20 tokens.
a) Choose a bridge architecture and justify your choice. Consider the tradeoffs between lock-and-mint, liquidity pools, and light client verification. b) Design the attestation mechanism. How many validators? What threshold? How are validators selected and incentivized? What happens if a validator misbehaves? c) Address the honeypot problem — how does your design mitigate the risk of a single large vault being drained? d) Design a monitoring and emergency response system. What events trigger alerts? Who can pause the bridge? What are the tradeoffs of having a pause mechanism? e) Write pseudocode for the core lock and mint functions on both chains.
Exercise 19.10 — Multi-Chain vs. Mono-Chain Position Paper
Write a 500-word position paper arguing either for the multi-chain thesis or the mono-chain thesis. Your paper must:
a) State your thesis clearly in the opening paragraph. b) Present at least three arguments supporting your position, citing specific technical evidence from this chapter. c) Acknowledge and respond to the strongest counter-argument from the opposing position. d) Address the bridge security problem: if you argue for multi-chain, explain how bridge risk can be managed. If you argue for mono-chain, explain how a single chain can meet the diverse needs of all applications.
Exercise 19.11 — ZK Bridge Design Analysis
Zero-knowledge bridges promise to eliminate the trusted intermediary problem by using cryptographic proofs instead of validator attestations.
a) Describe the workflow of a ZK bridge transfer step by step, from the user's deposit on Chain A to the asset appearing on Chain B. b) What computation must the ZK prover perform? Why is this computationally expensive? c) If a ZK bridge can generate proofs in 10 minutes, compare the user experience to: a validator bridge (30-second confirmation), a liquidity pool bridge (instant), and an IBC transfer (10-minute finality). Under what circumstances would users prefer the ZK bridge despite the latency? d) Could a ZK bridge have prevented any of the three major hacks discussed in this chapter (Ronin, Wormhole, Nomad)? For each, explain why or why not.
Section D: Research and Discussion
Exercise 19.12 — Bridge Hack Investigation
Research one bridge hack not covered in this chapter (e.g., Harmony Horizon, Multichain, Poly Network, or BNB Bridge). Write a technical analysis covering:
a) What bridge architecture was used? b) What vulnerability was exploited? c) How much was lost? d) How does this hack fit into the patterns identified in Section 19.4? e) What changes were made after the hack, and were they sufficient?
Exercise 19.13 — Intent-Based Cross-Chain Protocols
The chapter briefly mentions "intent-based" protocols as a response to cross-chain MEV.
a) Research UniswapX or the Across Protocol's intent system. How does expressing an "intent" rather than a specific transaction path change the user's experience? b) Who are the "solvers" or "fillers" in these systems, and what incentivizes them? c) How do intent-based systems address the bridging delay risk and cross-chain MEV extraction described in Section 19.7? d) What new trust assumptions do intent-based systems introduce?
Exercise 19.14 — Vitalik Buterin's Cross-Chain Pessimism
In January 2022, Vitalik Buterin argued that the future would be "multi-chain" but not "cross-chain" — meaning multiple chains would exist, but assets should stay on their native chain rather than being bridged.
a) Summarize his argument using the concepts from this chapter. b) Two months later, the Ronin hack occurred. Did this validate his position? Why or why not? c) Evaluate whether Buterin's position has been vindicated, modified, or refuted by developments through 2025, including the growth of Layer 2 rollups, ZK bridges, and the Cosmos IBC ecosystem.