As the blockchain industry moves towards interoperability and Web3, there is an increasing number of methods to move assets across different blockchains.
However, with the prevalence of hacks and exploits, there have been many concerns about the security and safety of assets that are transferred across chains.
Rubic’s One-Click Cross-Chain Swap tool solves many of these issues. Why should you trust Rubic for safe cross-chain swaps? How does Rubic maintain security for its users and partnered projects?
Explore it all right in this article.
Are Cross-Chain Swaps Secure?
A cross-chain swap is smart contract technology which enables transfers of tokens between two unique blockchains. It allows users to swap tokens directly to another blockchain without an intermediary or central authority.
Cross-chain transfers are often risky, but they unlock vast opportunities across the multi-chain world — such as staking, farming, acquiring specific tokens, etc. It has gained a lot of traction in the last year, and similarly, it has become a favorite attack vector for hackers. Taking into account bridges alone, a massive $2 billion has been stolen across 13 cross-chain bridges this year, equaling 69% of all funds stolen in 2022 so far.
Cross-chain bridges are inherently vulnerable to hacker attacks. They’re classified into trusted (custodial) and trustless (noncustodial). The former relies on a third party to make transfers, and the latter relies only on smart contracts and algorithms. Both feature significant flaws and technical weaknesses. Trusted bridges lose out due to their centralized aspect, while trustless bridges become vulnerable to exploits coming from software. Is it possible to eliminate these breaches and avoid hacker attacks?
So far, there hasn’t been a perfect solution to solve this conundrum; to provide impeccable security in cross-chain technology. All of the recent hacker attacks (the Ronin Bridge protocol, Harmony One’s Horizon Bridge) elicit many questions regarding the safety of cross-chain swaps.
To bring forth the interoperable future, cross-chain technology has evolved from cross-chain bridges alone to cross-chain aggregators. Cross-chain aggregators bring together bridges and DEXs, allowing users to spend less time and effort on transferring their assets across blockchains, compared to cross-chain bridges.
Also, aggregators tackle the issue of security differently, mainly because they integrate multiple solutions and can maintain swaps through different providers. The integration of numerous bridges and DEXs allows them to switch off the provider that has gone out of service, and to redirect the user towards a different, functional provider.
Further, cross-chain aggregators usually have larger infrastructure, teams, and developer support, which allows for the maintaining of security on a higher level, and elaborates on more innovative measures to ensure the safety of swaps. The Rubic One-Click Cross-Chain Swap service has become one of these security innovators.
How Does Rubic Maintain Security?
Rubic, as a first-mover in the cross-chain market, as well as among DEX & bridge aggregators, has heightened the robust practices of maintaining security for its users, as well as for the integrators of its SDK and widgets.
Rubic’s cross-chain tools are built on the following core principles:
Rubic combines many bridges and providers, guaranteeing swaps even if one or many providers are down. Thanks to Rubic’s model architecture (Cross-Chain, On-Chain, Status Manager, Token Manager, Revert Manager), it continues to execute basic functions even if there’s something wrong with other modules.
Due to the aggregation of 70+ bridges and DEXs, Rubic guarantees sufficient liquidity when making any swap (which cannot be said when using other bridges) even if some of Rubic’s providers either stop operating, run out of liquidity, or get hacked.
Rubic doesn’t exploit any external servers: only Frontend and Blockchain. This significantly decreases attack vectors (like DDOS attacks). To find the best swap options for most cross-chain and on-chain providers, Rubic appeals to the provider’s API, and then the data is processed through their services.
Like most other crypto projects, Rubic adopts security measures such as:
- Audits — A security check of Rubic’s smart contract codes is provided by independent companies and developers.
- Bug Bounty Program — A reward program for developers who find critical vulnerabilities in Rubic’s smart contracts.
- Status Monitoring — In case of any critical issues, Rubic goes into Maintenance mode, notifying all the users and integrators.
On top of this, Rubic has implemented additional security practices: performance monitoring, accident management, and Rubic’s SDK Process Management.
Rubic’s Security Pillars
To ensure the high performance of Rubic’s cross-chain tools, Rubic’s team utilizes a Provider/Blockchain Monitoring Dashboard, scores providers for stuck transactions, daily volume, refunds, and and checks our SDK’s live status.
Rubic utilizes automated tools for monitoring social networks for any potential risks with bridges or chains. If any issues arise, we use direct channels of communication with all bridges and providers to react quickly.
In case of an accident that might occur with one of Rubic’s integrated providers/blockchains, Rubic’s platform — as well as Rubic’s SDK/Widget — continue to function by taking the following measures:
- All of Rubic’s integrators are immediately notified (via Discord and Telegram).
- A compromised provider/bridge is switched off for all integrators by immediately getting paused in the smart contract. In turn, Rubic continues working as usual by redirecting transactions to other providers.
In case of any issues with Rubic’s SDK, we take the same actions — immediate notification of its integrators, and the switching off of the compromised provider/bridge. Rubic’s technical support is also always ready to assist 24/7.
Rubic’s SDK Process Management
Rubic is not just a platform enabling cross-chain swaps for individuals, but also a cross-chain toolkit for crypto projects, and all of these principles work very well for Rubic’s SDK/Widget integrators as well.
Continuous integration has allowed Rubic to build up the most robust principles of testing, staging, and production environments. Seamless, fast, and secure SDK management is accomplished by the following:
- A code approval process includes the review of several developers, while a release approval process includes the review of the Product Manager and QA.
- The smart contracts are audited.
- Rubic uses direct communication channels for updates (new version release updates, comments) to reduce the possibility of installing a compromised version.
Rubic’s SDK Architecture
Rubic’s Cross-Chain tools & services have unique architectures which provide the ultimate cross-chain swapping experience for its users and integrators. It’s still being constantly improved and streamlined on all levels.
Overall, the architecture of the protocol is based on three things: core SDK modules, modules related to external API (providers, CoinGecko), and the blockchain interaction module (RPC Node).
1. Rubic’s SDK, which is also deployed in its main app, consists of the following modules: Cross-Chain Manager, On-Chain Manager, Status Manager, Token Manager, and Revert Manager.
2. Rubic’s SDK interacts with blockchains through the RPC Node. Rubic’s SDK accesses blockchain nodes to retrieve blockchain meta-information, invoke smart contracts, or send transactions.
3. The Cross-Chain Manager incorporates on-chain swaps as well. To find the best swap option and build the optimal route, Rubic’s SDK reaches out to the provider’s API, after which the transaction is sent to Rubic’s smart contracts, which call the contracts of cross-chain providers in return.
4. The On-Сhain Manager facilitates instant trades, and allows one to swap tokens on the same blockchain. To deliver transaction data and rates, Rubic appeals to 0x and 1inch as on-chain providers via external API. For the rest of the providers, Rubic receives data from the blockchain through the RPC Node.
5. The Status Manager module provides the status of a cross-chain swap, and is connected to the ‘My Trades’ section shown on app.rubic.exchange. In the cases of Celer and deBridge, the Status Manager reaches out directly to the smart contract. Finally, the Status Manager returns with the ultimate status of a transaction.
6. The Token Manager module keeps the information about tokens, and interacts with CoinGecko to receive the USD value of each of them.
7. The Revert Manager ensures the operation of the auto-refund function. If any error occurs in a transaction, the funds are saved in the form of transit tokens, and afterwards get sent back to their owners. In the case of Symbiosis, Rubic’s SDK contacts the Symbiosis Revert API. On Rubic’s app, it’s realized through the section in “My Trades” called “Recent Trades”. If a trade hasn’t been completed in the target network, users will see the “Revert Transaction” option.
Improving Security Further
Even in its nascent stage of development, cross-chain technology has already gained enough traction to become a favored attack vector for hackers and the like. Now, even a small breach can turn into a dramatic exploit with huge losses, sometimes for the entire market. Hacker attacks will likely continue having victims around the cryptosphere, and it’s very much necessary to place maximum attention on the security pillars of cross-chain projects.
As a huge crypto hub for cross-chain aggregators, bridges, and DEXs, Rubic has always taken care of the security of assets that are transferred through Rubic’s dApp and SDK. As hacker attacks become more sophisticated, Rubic’s team is constantly developing new features, allowing us to continue evolving the security for our users and partnered projects.
Security is a must. A high level of security is one of Rubic’s top priorities.
What is Rubic?
Rubic has been one of the first players in the cross-chain market, as well as one of the first DEX & bridge aggregators. Rubic aggregates 15 blockchains with 70+ DEXs and bridges (which is the biggest number amongst aggregators so far).
As the premier One-Click Cross-Chain Swap service & tool for crypto projects, Rubic allows swapping 15,500+ tokens across 15 blockchains, with higher transaction speeds, lower fees, better rates, and heightened security features.