Skip to content

Cross-Chain Bridges: Blockchain Interoperability Guide

DodaTech Updated 2026-06-22 8 min read

In this tutorial, you'll learn cross-chain bridges including trusted and trustless bridges, wrapped tokens, liquidity networks, and how different blockchains transfer assets between each other. Why it matters: The multi-chain ecosystem has over 100 active blockchains with $200B+ in assets, but they operate in silos. Bridges enable interoperability, allowing value and data to flow between chains. By the end, you'll understand bridge architectures and build a simple bridge.

A cross-chain bridge is a protocol that enables the transfer of assets, data, or messages between two or more different blockchain networks, creating interoperability in the multi-chain ecosystem.

Bridge Architectures

Bridges use different security models to transfer assets between chains.

Bridge Type Trust Model Security Speed Examples
Custodial/Wrapped Trusted Low (honeypot) Instant WBTC, Binance Bridge
Multisig Semi-trusted Medium Fast Polygon Bridge, Ronin
Liquidity Network Trustless High Instant Hop, Across, Stargate
Light Client Trustless Highest Slow IBC (Cosmos), Rainbow
Optimistic Trustless High 30 min delay Nomad, Synapse
flowchart LR
  subgraph "Ethereum"
    A[User sends ETH]
    B[Bridge Contract]
    C[ETH locked in contract]
  end
  
  subgraph "Validator Network"
    D[Validator 1]
    E[Validator 2]
    F[Validator 3]
  end
  
  subgraph "Polygon"
    G[Bridge Contract]
    H[User receives MATIC]
    I[WETH minted]
  end
  
  A --> B
  B -->|Lock| C
  C -->|Event emitted| D
  C -->|Event emitted| E
  C -->|Event emitted| F
  D -->|Sign message| G
  G -->|Mint| I
  I -->|Send to user| H

Wrapped Tokens (Custodial Bridge)

The simplest bridge: lock tokens on one chain and mint wrapped tokens on another.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

// Chain A: Deposit contract
contract WrappedTokenBridge {
    IERC20 public token;
    address public custodian;
    uint256 public totalLocked;
    
    event Deposited(address indexed user, uint256 amount);
    event Withdrawn(address indexed user, uint256 amount);
    
    constructor(address _token) {
        token = IERC20(_token);
        custodian = msg.sender;
    }
    
    function deposit(uint256 _amount) external {
        token.transferFrom(msg.sender, address(this), _amount);
        totalLocked += _amount;
        emit Deposited(msg.sender, _amount);
        
        // Off-chain: custodian mints wrapped tokens on destination chain
    }
    
    function withdraw(uint256 _amount) external {
        // Called when user returns wrapped tokens on destination chain
        require(_amount <= totalLocked, "Insufficient liquidity");
        token.transfer(msg.sender, _amount);
        totalLocked -= _amount;
        emit Withdrawn(msg.sender, _amount);
    }
}

// Chain B: Mintable wrapped token
contract WrappedToken is ERC20 {
    address public bridge;
    
    constructor(string memory name, string memory symbol) ERC20(name, symbol) {
        bridge = msg.sender;
    }
    
    function mint(address _to, uint256 _amount) external {
        require(msg.sender == bridge, "Only bridge");
        _mint(_to, _amount);
    }
    
    function burn(uint256 _amount) external {
        _burn(msg.sender, _amount);
    }
}

Expected behavior: User deposits 10 ETH on Ethereum. The custodian mints 10 WBTC (Wrapped BTC) on another chain. User can return WBTC to burn and receive ETH back.

Liquidity Network Bridges

Trust-minimized bridges using liquidity pools instead of locked assets.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

contract LiquidityBridge {
    mapping(address => uint256) public liquidity;
    
    event LiquidityAdded(address indexed provider, uint256 amount);
    event Swap(address indexed user, uint256 amountIn, uint256 amountOut);
    
    function addLiquidity() external payable {
        liquidity[msg.sender] += msg.value;
        emit LiquidityAdded(msg.sender, msg.value);
    }
    
    function swapToChain(uint256 _amount) external {
        require(_amount <= address(this).balance, "Insufficient liquidity");
        require(liquidity[msg.sender] == 0, "LP cannot swap");
        
        // Lock the sender's tokens on this chain
        IERC20(token).transferFrom(msg.sender, address(this), _amount);
        
        // Transfer ETH to sender (from LPs)
        payable(msg.sender).transfer(_amount);
        
        // On destination chain, the bridge unlocks equivalent tokens
        emit Swap(msg.sender, _amount, _amount);
    }
    
    function removeLiquidity(uint256 _amount) external {
        require(liquidity[msg.sender] >= _amount, "Insufficient");
        liquidity[msg.sender] -= _amount;
        payable(msg.sender).transfer(_amount);
    }
}

Expected behavior: LPs deposit ETH on one side. Users swap tokens for ETH (paying a fee). The destination side sends tokens to the user from its liquidity pool. LPs earn fees from both directions.

Building a Simple Bridge

Create a minimal trustless bridge between two chains using Merkle proofs.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

contract MerkleBridge {
    struct Transfer {
        address sender;
        address recipient;
        uint256 amount;
        uint256 sourceChainId;
        uint256 destinationChainId;
    }
    
    bytes32[] public roots;  // Merkle roots of transfer batches
    mapping(bytes32 => bool) public usedProofs;
    
    event TransferInitiated(address indexed sender, address indexed recipient, uint256 amount, uint256 destinationChainId);
    event TransferClaimed(bytes32 indexed transferHash);
    
    function initiateTransfer(address _recipient, uint256 _amount, uint256 _destinationChainId) external payable {
        require(_amount > 0, "Amount must be positive");
        
        // Lock ETH
        emit TransferInitiated(msg.sender, _recipient, _amount, _destinationChainId);
    }
    
    function claimTransfer(
        bytes32[] calldata _proof,
        bytes32 _transferHash,
        address _sender,
        address _recipient,
        uint256 _amount
    ) external {
        require(!usedProofs[_transferHash], "Already claimed");
        require(verifyProof(_proof, roots[roots.length - 1], _transferHash), "Invalid proof");
        
        usedProofs[_transferHash] = true;
        payable(_recipient).transfer(_amount);
        
        emit TransferClaimed(_transferHash);
    }
    
    function verifyProof(bytes32[] calldata _proof, bytes32 _root, bytes32 _leaf) internal pure returns (bool) {
        bytes32 computedHash = _leaf;
        
        for (uint256 i; i < _proof.length; i++) {
            bytes32 proofElement = _proof[i];
            
            if (computedHash < proofElement) {
                computedHash = keccak256(abi.encodePacked(computedHash, proofElement));
            } else {
                computedHash = keccak256(abi.encodePacked(proofElement, computedHash));
            }
        }
        
        return computedHash == _root;
    }
}

Expected behavior: Users initiate transfers on source chain. Validators aggregate transfers into a Merkle tree and submit the root. Users submit Merkle proofs on the destination chain to claim their funds.

Bridge Security Risks

Bridges are the most attacked components in crypto, accounting for over $2.5 billion in losses.

// Bridge risk assessment
const bridgeRisks = [
  {
    type: "Validator Collusion",
    description: "8-of-10 multisig validators collude to steal funds",
    example: "Ronin Bridge hack ($620M, 2022)",
    mitigation: "Use trustless bridges with economic security (bonded validators, slashing)",
    severity: "Critical]
  },
  {
    type: "Smart Contract Bug",
    description: "Vulnerability in bridge contract code allows draining",
    example: "Wormhole hack ($326M, 2022)",
    mitigation: "Multiple audits, formal verification, bug bounties, timelocks",
    severity: "Critical"
  },
  {
    type: "Liquidity Manipulation",
    description: "Attacker manipulates pool prices during bridge operation",
    example: "Nomad bridge exploit ($190M, 2022)",
    mitigation: "Price oracles, slippage limits, circuit breakers",
    severity: "High"
  },
  {
    type: "Reentrancy",
    description: "Cross-chain reentrancy attacks via message passing",
    example: "Poly Network hack ($611M, 2021)",
    mitigation: "Reentrancy guards, checks-effects-interactions",
    severity: "High"
  }
];

bridgeRisks.forEach(risk => {
  console.log(`${risk.severity}: ${risk.type}`);
  console.log(`  Mitigation: ${risk.mitigation}`);
});

// Expected output:
// Critical: Validator Collusion
//   Mitigation: Use trustless bridges with economic security...
// Critical: Smart Contract Bug
//   Mitigation: Multiple audits, formal verification...
// High: Liquidity Manipulation
//   Mitigation: Price oracles, slippage limits...
// High: Reentrancy
//   Mitigation: Reentrancy guards, checks-effects-interactions...

Common Errors and Misunderstandings

1. Assuming Bridge Transfers Are Instant

Most bridges have delays: optimistic bridges (30 min), validator-based (minutes to hours), and light-client bridges (varies by finality).

2. Not Checking Wrapped Token Authenticity

Fake wrapped tokens exist on every chain. Always verify the official bridge contract address. Use block explorers to verify token source.

3. Underestimating Bridge Risk

Bridges are prime targets for hackers. Over $2.5B has been lost in bridge hacks. Never leave large amounts on bridges longer than necessary.

4. Confusing Wrapped and Native Tokens

Wrapped ETH (WETH) on Arbitrum is not the same as native ETH. WETH requires unwrapping via the bridge. Native gas tokens differ on each chain (ETH on Arbitrum, MATIC on Polygon).

5. Ignoring Slippage in Liquidity Bridges

Liquidity bridge rates change with pool depth. Large transfers have significant price impact. Always check minimum output before bridging.

Practice Questions

  1. What are the four main types of cross-chain bridges? Custodial (trusted), Multisig (semi-trusted), Liquidity Network (trustless), and Light Client (trustless with highest security).

  2. How does a wrapped token bridge work? Lock the original asset on the source chain. Mint an equivalent wrapped asset on the destination chain. Burning the wrapped asset unlocks the original.

  3. What is the biggest security risk for bridges? Validator collusion in multisig bridges. If the majority of validators cooperate maliciously, they can steal all funds in the bridge.

  4. Why do some bridges have withdrawal delays? Optimistic bridges have challenge periods (30 min to 7 days) allowing anyone to submit fraud proofs. This provides security without requiring validator trust.

  5. What is the difference between a canonical bridge and a third-party bridge? A canonical bridge is built and maintained by the rollup/sidechain team (e.g., Arbitrum Bridge). A third-party bridge is independent (e.g., Hop, Synapse). Canonical bridges are generally more trusted but may have limited features.

Challenge

Build a trust-minimized two-way bridge between two local Hardhat networks using Solidity. Implement Merkle tree-based transfer batching, a validator set with bonded stake and slashing for fraud, optimistic challenge period with fraud proofs, and automatic relayer for claim submission. Test a complete transfer cycle.

Real-World Task

Create a cross-chain token transfer dashboard using React and ethers.js that monitors bridge contracts on Ethereum Sepolia and Arbitrum Sepolia. Users can initiate transfers, view pending bridge operations, check liquidity pool depth on both sides, and track historical bridge usage with The Graph subgraph queries.

Frequently Asked Questions

Are cross-chain bridges safe?

Bridges carry significant risk. Of the top 10 DeFi hacks, 7 involved bridges. Only use audited bridges with timelocks, slow withdrawals, and economic security (bonded validators). Avoid new or unaudited bridges. Never bridge assets you cannot afford to lose.

How long does a cross-chain transfer take?

Depends on bridge type: liquidity bridges (30 seconds to 2 minutes), canonical rollup bridges (10 minutes to 7 days for L1 withdrawal), light client bridges (1-5 minutes after finality). Always check the specific bridge's expected time.

What is the cheapest bridge?

Liquidity network bridges (Hop, Across, Stargate) offer competitive rates for small transfers. For large transfers, canonical bridges (Arbitrum, Optimism) may be cheaper. LayerZero-based bridges are also cost-effective. Always compare fees across multiple bridges.

Next Steps

After understanding bridges, explore MEV extraction and protection, then dive into zk-Rollups for the future of blockchain scaling and interoperability.

Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro