English

Xscope: Hunting for Cross-Chain Bridge Attacks

Software Engineering 2022-08-16 v1 Cryptography and Security

Abstract

Cross-Chain bridges have become the most popular solution to support asset interoperability between heterogeneous blockchains. However, while providing efficient and flexible cross-chain asset transfer, the complex workflow involving both on-chain smart contracts and off-chain programs causes emerging security issues. In the past year, there have been more than ten severe attacks against cross-chain bridges, causing billions of loss. With few studies focusing on the security of cross-chain bridges, the community still lacks the knowledge and tools to mitigate this significant threat. To bridge the gap, we conduct the first study on the security of cross-chain bridges. We document three new classes of security bugs and propose a set of security properties and patterns to characterize them. Based on those patterns, we design Xscope, an automatic tool to find security violations in cross-chain bridges and detect real-world attacks. We evaluate Xscope on four popular cross-chain bridges. It successfully detects all known attacks and finds suspicious attacks unreported before. A video of Xscope is available at https://youtu.be/vMRO_qOqtXY.

Keywords

Cite

@article{arxiv.2208.07119,
  title  = {Xscope: Hunting for Cross-Chain Bridge Attacks},
  author = {Jiashuo Zhang and Jianbo Gao and Yue Li and Ziming Chen and Zhi Guan and Zhong Chen},
  journal= {arXiv preprint arXiv:2208.07119},
  year   = {2022}
}

Comments

To appear at the Tool Demonstration Track of ASE'22. Please cite the conference version

R2 v1 2026-06-25T01:42:38.551Z