BitVM 并不安全 一文揭晓其根本性问题
作者:Tyler Whittle & Rijndael 来源:medium 翻译:善欧巴,比特币买卖交易网
介绍
BitVM 桥本质上在经济上不稳定。他们依靠桥梁运营商的偿还。如果桥运营商在预先指定的时间内成功偿还所有 L2 到 L1 的提款,那么桥运营商就可以索取锁定在 BitVM 桥合约中的等量资金。如果他们不这样做,那么验证者可以有效地销毁锁定在 BitVM 桥合约中的资金。
BitVM 桥接器面临的挑战是它们必须依赖于预签名交易。因为我们没有契约,所以 BitVM 设置中的唯一选择是:a.) 将锁定的 UTXO 支付给证明者,或 b.) 销毁 UTXO。
桥梁运营商依靠能够获得流动性来支付任何提款。流动性需求与桥的 TVL 成线性比例。如果过桥运营商未能支付所有提款费用,过桥资金将被烧毁。这意味着 BitVM 桥越大,用户资金的风险就越大。
本文将通过一个示例来介绍 BitVM 桥的最终命运。
更新: 本文指出,如果提款未完全处理,资金将被烧毁。这是不正确的。事实上,对于如果不处理提款会发生什么,并没有明确的规定。一些设计建议选择另一个预定义的运营商来尝试处理提款,但该新运营商将面临与第一个运营商相同的流动性挑战。其他人建议将资金转移到多重签名,将桥梁转变为集中式托管桥梁。但根本问题仍然是一样的:运营商必须筹集资金才能处理提款,否则安全模型就会崩溃。
1. 初始配置
此图显示了 BitVM 桥接至 L2 的初始配置。Alice和Bob在L1上都有5个BTC,Lisa有0个BTC。桥接运营商拥有 3 BTC 的流动性。尚未将任何加密货币存入桥中或记入 L2 上。验证器被配置并监控整个系统。
2. Alice 和 Bob 将 10 BTC 存入网桥
在第 2 步中,Alice 和 Bob 将他们的 5 个 BTC UTXO 存入 BitVM Bridge 合约中。L2 正在“监听”桥接合约。当它看到存款时,它会向 Alice 和 Bob 各存入 5 个 L2_BTC。
3. Bob发送Lisa L2_BTC
在步骤 3 中,Bob 向 Lisa 发送 4 L2_BTC。也许他打赌输了,或者丽莎卖给了他一些艺术品。
4.Lisa和Bob退出
在步骤 4 中,Lisa 和 Bob 已完成所有 L2 交易并准备返回 L1。他们都分别创建了 4 L2_BTC 和 1 L2_BTC 的提现交易。当这种情况发生时,他们的 L2_BTC 会被桥合约烧毁,但桥运营商只有 3 BTC 可用于在 L1 上支付!
BitVM Bridge 上的提现我们来谈谈 BitVM Bridge 提现的工作原理。每N 个月,BitVM Bridge 合约都会有一个截止时间,检查提款状态。然后,桥接运营商还有额外的 M 个月时间来支付承诺期内截止之前发起的任何提款。重要的是,这笔支出必须来自桥运营商来源的流动性 BTC 。在所有提款都已支付之前,桥运营商无法访问桥合约中锁定的任何 BTC 。
5. 银行挤兑
在第 5 步中,Alice 意识到 Bob 和 Lisa 的提款(总计 5 BTC)超过了桥接运营商的流动资金总额(3 BTC)。她知道,如果桥接运营商未能向 Lisa 和 Bob 支付 5 BTC,则桥接资金可能会被验证者烧毁为费用。因此,她做了经济上合理的事情并提取了资金。她希望自己能从桥运营商拥有的 3 BTC 中获得一部分回报,而不是被困在桥上 0 BTC 的 L2 上。截止期在 Alice 提交提款请求后立即结束。
BitVM 合约支出路径BitVM 的核心问题是 L2 用户无法领取锁定在桥中的资金。只有两条支出路径:1.) 到桥操作员,或 2.) 烧毁。这意味着,如果桥操作员失败,L2 参与者唯一的办法就是希望验证者烧掉桥。
6.流动性危机
在第 6 步中,桥梁运营商面临流动性危机。截止日期刚刚过去,他们负责从 L2 提款 10 BTC。桥梁运营商需要在手头只有 3 BTC 的情况下获取 7 BTC 的流动性。提交期结束时,网桥运营商未成功向 L1 付款。
对网桥运营商的流动性要求为了能够偿还一段时间内的任何提款,网桥运营商需要将流动性 BTC 与锁定在 BitVM 网桥中的 BTC 保持 1:1 的比例。这意味着桥梁越成功,对桥梁运营商的资金要求就越高!
7. 验证者挑战网桥运营商
在第 7 步中,验证者发现从 BitVM Bridge 合约中提取的资金并未在 L1 上支付。验证者 1 发起与桥操作员的挑战-响应游戏。由于桥牌运营商没有支付截止前发起的所有提款,他们将输掉这场比赛。
挑战-响应游戏验证者和桥操作员之间的挑战-响应游戏需要预先设定的时间来解决(从几周到几个月不等)。它涉及交易在 BitVM Bridge 合约设置中商定的原像以及 L1 SPV 付款证明。
8. 验证者销毁桥梁资金
在第 8 步中,验证者 1 赢得挑战-响应游戏。这使得锁定在 BitVM Bridge 合约中的代币被烧毁。L2 提款者眼睁睁地看着他们锁定在桥中的资金现在永远丢失了。
9. 桥梁倒塌完成
在我们的最终状态下,桥梁已经倒塌。桥运营商按照从 L2 提取的金额的比例支付其拥有的 3 BTC,剩下 0 BTC。Alice、Bob 和 Lisa 都只能拿到少量补偿。
结论
BitVM 桥并不是真正的桥,它们只是桥运营商用来进行乐观的偿还机制。与让桥运营商承担资金风险不同,BitVM 桥实际上是让桥的用户承担资金风险。
这个玩具例子很好地说明了 BitVM 桥梁的不稳定性。桥梁规模越大、运营越成功,桥梁运营商就越难满足流动性需求。在某些情况下,资金流出可能会超过桥梁运营商持有的抵押品。例如,2021 年 Arbitrum 在一周内就出现了超过 10 亿美元的资金流出(来源:@Data_Always)。对于 L2 上的所有人来说,最理性的做法就是提取资金到 L1,因为他们会认为桥梁运营商无法获得必要的流动性。
关于 MEV 最后一个有趣的点
一些桥梁设计提出,对恶意桥运营商的惩罚将是验证者将 UTXO 变成“任何人都可以花费”。如果桥梁垮塌,锁在里面的所有资金都将被用来支付费用。TVL 越大,最大的矿池就越有动力串通压垮桥梁并收取费用[1]。很容易想象出具有 5B+ 美元 TVL 的比特币 L2。如果这座桥建立在 BitVM 上,这将是我们在比特币上见过的 MEV 的最大机会。
The bridge introduced by Shanouba Bitcoin Trading Network is inherently unstable economically. They rely on the repayment of the bridge operator. If the bridge operator successfully repays all the withdrawals within the pre-specified time, the bridge operator can claim the same amount of funds locked in the bridge contract. If they don't do this, the verifier can effectively destroy the funds locked in the bridge contract. The challenge for the bridge is that they must rely on pre-signed transactions because we don't have a contract. The only choice in the setting is to pay the locked witness or destroy the bridge operator to pay for any withdrawal by obtaining liquidity. The liquidity demand is in linear proportion to the bridge. If the bridge operator fails to pay all the withdrawal fees, the bridge funds will be burned, which means that the bigger the bridge, the greater the risk of the user's funds. This paper will introduce the final fate of the bridge through an example. This paper points out that if the withdrawal is not fully processed, the funds will be burned. In fact, this is incorrect. There is no clear stipulation about what will happen when handling withdrawals. Some design suggestions suggest choosing another predefined operator to try to handle withdrawals, but the new operator will face the same liquidity challenge as the first operator. Others suggest transferring funds to multi-signature to turn the bridge into a centralized hosting bridge, but the fundamental problem remains the same. The operator must raise funds to handle withdrawals, otherwise the security model will collapse. The figure shows the initial configuration and the capital of the bridge. There is a bridge operator with liquidity that hasn't deposited any cryptocurrency in the bridge or recorded it. The verifier is configured and monitors the whole system and will deposit them in the contract. The bridge is listening to the bridge contract in step. When it sees the deposit, it will send it to and to each deposit. Maybe he lost the bet in step, or Lisa sold him some artworks and quit. In step, he has completed all the transactions and is ready to return. They all created and paid the withdrawal. When this happens, they will be burned by the bridge contract, but the bridge operator can only use it to withdraw money from the payment. Let's talk about the working principle of withdrawal. Every month, the contract will have a deadline to check the withdrawal status, and then the bridge operator will have an extra month to pay for any withdrawal initiated before the deadline of the commitment period. It is important that this expenditure must come from the liquidity of the bridge operator's source. Before all withdrawals have been paid, the bridge operator cannot access the bridge contract. In the first step, any bank run realized that the total withdrawal of Sum exceeded the total liquidity of the bridge operator. She knew that if the bridge operator failed to pay Sum, the bridge funds might be burned as expenses by the verifier, so she did something economically reasonable and withdrew the funds. She hoped that she could get some returns from what the bridge operator owned instead of being stuck on the bridge. The core problem of the contract expenditure path was that the user could not get it immediately after submitting the withdrawal request. The funds locked in the bridge have only two expenditure paths to the bridge operator or burn, which means that if the bridge operator fails, the only way for participants is to hope that the verifier will burn the bridge liquidity crisis. In step, the bridge operator is facing a liquidity crisis. The deadline has just passed, and they are responsible for withdrawing the liquidity that the bridge operator needs to obtain when it has only the money at hand. At the end of the submission period, the bridge operator failed to pay the bridge operator's liquidity requirements in order to be able to repay it for some time. Any withdrawal bridge operator in the bridge needs to keep the ratio of liquidity to lock in the bridge, which means that the more successful the bridge is, the higher the capital requirement for the bridge operator is. The verifier challenges the bridge operator. In step, the verifier finds that the funds withdrawn from the contract are not paid. The verifier initiates a challenge response game with the bridge operator. Because the bridge operator does not pay all the withdrawals initiated before the deadline, they will lose the game. The challenge-response game needs a pre-set time to solve, ranging from weeks to months. It involves the original image agreed in the contract setting and the proof of payment. The verifier destroys the bridge funds. In the first step, the verifier wins the challenge-response game, which makes the tokens locked in the contract burn. The cashiers watch their funds locked in the bridge lose forever now. The bridge collapsed in our final state, and the bridge operator pays in proportion to the amount withdrawn. Paying the rest of the bridge and all of them can only get a small amount of compensation. The conclusion is that bridges are not real bridges. They are just optimistic repayment mechanisms used by bridge operators. Unlike letting bridge operators bear the capital risk, bridges actually let bridge users bear the capital risk. This toy example well illustrates the instability of bridges. The larger the scale of bridges, the more successful the operation, the more difficult it is for bridge operators to meet the liquidity demand. In some cases, the capital outflow may exceed the collateral held by bridge operators, such as in. Within a week, there have been more than 100 million dollars of capital outflows. The most rational way for everyone in the world is to withdraw funds because they will think that bridge operators can't get the necessary liquidity. Regarding the last interesting point, some bridge designs put forward the punishment for malicious bridge operators, and the verifier will become anyone who can spend it. If the bridge collapses and all the funds locked in it will be used to pay the fees, the largest mine pool will have more incentive to collude to collapse the bridge and collect fees. It is easy to imagine bitcoin with US dollars. If the bridge is built on the bridge, this will be the biggest opportunity we have ever seen on bitcoin. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。
