Chapter 7

Bridge Security Models

Bridge security is not binary. Designs range from a handful of trusted signers to cryptographic proofs verified on chain. The right question is not "is it secure?" but "who must collude, and what do they gain if they cheat?" TVL in the bridge contract is the prize.

Each model trades trust, cost, and latency differently — there is no free lunch for cross-chain verification.

Verification models compared

Model	Who verifies	Main risk
Trusted multisig	Small signer set	Key compromise or collusion
External validator set	Proof-of-stake committee	Majority attack on attestations
Optimistic proofs	Watchers challenge fraud	Liveness failures and slow exits
ZK light client	On-chain proof of L1 state	Implementation bugs in verifier

Map the model to the bridge you use. A multisig with five keys and no public audits is a different risk profile than a zk light client anchored to Ethereum.

Trusted bridges move fast because verification is a signature check. They also fail catastrophically when keys leak — the Ronin hack exploited exactly that shape of trust assumption.

Trust-minimized designs cost more and take longer but shrink the trusted middle. No bridge matches the security of staying on one base layer; the goal is to know precisely what you are accepting instead of assuming parity.