Abstract
Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks, causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and the relation between overarching architectures, underlying components, and exploits is shallow. We address this gap through a multivocal literature review covering 64 different bridges, including 31 exploits and four known bugs over three years (2021–2023). Our analysis identifies 13 architectural components of blockchain bridges. We link the components to eight types of vulnerabilities, also called design flaws. Furthermore, we identified prevention measures and proposed 11 impact reduction measures based on existing and possible countermeasures to address the imminent exploitation of design flaws. The results present an overview of the state of the art in bridge security, future research directions, and guidelines for designing and implementing secure cross-chain bridge architectures.