Risk Assessment
The security and reliability of crypto bridges are critical for user trust and confidence. For Web3Shield, this trust forms the foundation of our one-click insurance product. To ensure that this trust is well-founded, we have instituted a comprehensive risk assessment framework.
The risk assessment methodology presented in this section is adapted from the work of Joel John. To explore the original work in its entirety, please refer to "Assessing Blockchain Bridges".
This section introduces our approach to evaluating crypto bridges. Our methodology is rooted in high-level factors, which are essential determinants of a bridge's risk profile. Each factor comprises specific categories with their own allocated scores, resulting in a cumulative risk score for each bridge. This score informs our decisions on insurance terms and conditions for the respective bridge.
Our objective is to ensure transparency in our risk assessment process and provide our stakeholders, both bridge partners and users, with insights into the measures and standards we uphold.
Key Assessment Criteria
When assessing the viability and reliability of a bridge for integration with our one-click insurance product, we examine a set of core criteria. Each criterion gives us a snapshot of the bridge's overall quality, functionality, and trustworthiness:
Security: How secure your parked assets are on a bridge
Performance: The economic model behind a bridge-related transaction
Extractable value: The possibility of flashbots or other intermediaries extracting a portion of the transaction
Connectivity: The number of networks a bridge is connected to
Capability: The extent of assets supported by a bridge
Security
The integrity of a crypto bridge, and consequently the confidence users place in it, hinges squarely on its security provisions. As we evaluate the safety standards of a bridge, it's essential to consider not just the overt mechanisms but also the underlying assumptions and contingencies.
The essential facets that shape a bridge's security framework:
Degree of Liveness Assumption: evaluates the duration a bridge has to dispute a potentially malicious transaction, with longer times indicating greater security vigilance.
Validator Collusion: assesses the risk of validators accessing user funds, with ideal systems ensuring no single validator has direct access to these assets.
Measures for Worst Case Scenarios: evaluate the provisions in place, including separate capital pools or token incentives, insurance coverage, etc. to compensate users post a potential hack.
Soundness of Code: assesses the combination of multiple audits and the capital allocated to bounties, encouraging thorough scrutiny by top minds for potential vulnerabilities.
Simply integrating Web3Shield's One-Click Insurance SDK enables bridges to increase their overall security rating!
Performance
In evaluating the efficiency of a bridge, we delve into various parameters that impact the user experience and financial feasibility. Let's dive into the intricacies that define a bridge's performance:
Cost of bridging: evaluates the scalability of fees, with special attention to the surges during cross-chain exchanges as asset volume increases.
Liquidity Rebalancing Needs: evaluates the efficiency of AMM pools in handling large exchanges, rewarding systems with stable, low-cost transactions, and penalizing those requiring frequent rebalancing or imposing high fees after minimal thresholds.
Latency: assesses bridge speed, favoring those completing transfers within 5 minutes and penalizing those taking more.
Extractable Value
Extractable value, though often overlooked, can have a profound impact on user experience and the overall security of assets. To shed light on its nuances, we've centered our attention on a few select metrics:
MEV Leak: evaluates the susceptibility of a bridge to transaction front-running, with bridges exhibiting robust protective measures against high-value MEV extractions scoring higher.
Censorship resistance and position on the permission spectrum: gauges a bridge's resilience against potential future sanctions, prioritizing permissionless and highly censorship-resistant platforms.
Churn: evaluates a bridge's capital efficiency by measuring the monthly capital flow in relation to its total value locked, highlighting bridges that optimize capital without excessive idle assets.
Connectivity
A bridge's versatility and reach in the vast blockchain ecosystem are often reflective of its adaptability and utility. Let's take a look at the metrics that define a bridge's connectivity:
Types of Chains Supported: evaluates a bridge's ability to interact with diverse networks and layers, ensuring they're not merely focused on popular EVM-based chains but offer varied asset flow.
Number of Chains Supported: measures the breadth of a bridge's connectivity, assessing not just the count but the seamless communication between these supported chains.
Web3Shield offers a chain-agnostic One-Click Insurance solution, enabling bridges to support their Security standard while maintaining Connectivity!
Capabilities
With Capabilities, we delve into the depth and variety of functions a bridge can perform, reflecting its utility in the decentralized space.
ERC20 Support: evaluates the bridge's capacity to handle multiple Ethereum/EVM based tokens.
Contract Calls: measures the bridge's capability to engage with smart contracts on destination chains, enabling advanced cross-chain interactions and operations.
We've delineated the crucial metrics that underpin the evaluation of bridges' risk profiles. Through a meticulous examination of security parameters, performance standards, extractable values, connectivity, and capabilities, we aim to offer an exhaustive and objective analysis. This framework will serve as the foundation for our one-click insurance product, ensuring that our offerings are grounded in a robust assessment.
Last updated