Cosmos Introduces IBC Rate Limits to Combat Bridge Hacks
By setting rate limits on token movements across chains, Cosmos is pioneering a method to significantly decrease the impact of bridge hacks in web3.
By setting rate limits on token movements across chains, Cosmos is pioneering a method to significantly decrease the impact of bridge hacks in web3.
To date, cross-chain bridges have lost over $2.8 billion to hacking, making up almost 40% of the total value stolen in Web3, according to DefiLlama. These bridges have proven to be some of the cryptocurrency world’s most vulnerable points.
Even though development teams work hard to secure their systems with numerous audits, the measures haven’t been entirely effective. No smart contract audit can guarantee 100% security because complex, ever-changing code will always have bugs.
Recently, however, Cosmos introduced a straightforward but effective approach to bridge security. Instead of trying to prevent hacks altogether, this method focuses on limiting their potential damage. The solution involves setting rate limits on how much can be transferred through a bridge protocol within a set time frame.
Known as IBC Rate Limits, these are thresholds set for specific periods (e.g., 24 hours) that monitor the net flow of an asset (inflows vs. outflows) against a set quota. If this quota is exceeded in the given period, no further IBC transfers are allowed until the next period.
These rate limits aim to prevent large inflows and outflows of IBC tokens in short periods, offering an effective way to protect blockchains from significant security exploits. For instance, let's consider the largest bridge hack in cryptocurrency history—the $624 million Ronin Bridge exploit. If Ronin Bridge had imposed a rate limit of $10 million per 24 hours, the lost amount could have been reduced by 98%.
IBC rate limits are already live on Cosmos, and users can monitor IBC net inflows and their safety quotas through a dedicated dashboard.
The introduction of this security feature marks a significant milestone for the Cosmos ecosystem. It is also particularly timely, as a recent blog post by Asymmetric Research revealed a critical vulnerability in the Cosmos’s inter-blockchain communication protocol. This vulnerability could have allowed the infinite minting of IBC tokens on Cosmos chains, with a potential loss of hundreds of millions. Fortunately, security researchers patched the bug before it could be exploited. Even if such an exploit had occurred, IBC rate limits would have mitigated the impact.
Currently, the technology is in its v1 version, which is somewhat basic and lacks the ability for teams to set and adjust thresholds dynamically. To address this, the project plans to launch IBC Rate Limits v2 in the coming months.
Given the success demonstrated in Cosmos, bridge rate limits are likely to become a standard solution, significantly enhancing the security of bridges within the Web3 ecosystem.