Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Dev Bharel: Wormhole – The Cross Chain Messaging Protocol
Episode Date: November 3, 2022Wormhole is a decentralized cross chain messaging protocol powering the transfer of value and information across high value chains. A network of Guardian nodes secure the protocol by observing and att...esting to events and data on its connected chains. These attestations are gossiped around the open Wormhole peer-to-peer network, allowing anyone connected to the network to observe the flow of information. Portal is a bridging app built on top of Wormhole where users can seamlessly bridge tokens and NFTs across supported chains and easily enter the network’s ecosystem.We were joined by Dev Bharel, Developer Relations for Wormhole. He gave us great insight into how the protocol works, security assumptions and incidents, the concept of generalized messaging passaging, and the Portal Bridge as a first adopter of the Wormhole protocol. We also chatted about what else is being built on Wormhole, and how you can get involved.Topics covered in this episode:Dev's background and how he got into cryptoAn overview of WormholeThe different network ecosystems in Wormhole and challenges with adding new networksThe Wormhole guardian network and its plans for expansionThe user experience on Portal BridgeRelayers on the networkUsing Wormhole bridge assets directly with non-native tokensThe Wormhole hack and the changes that have been madeUsing zero knowledge proof on bridgesEpisode links: Portal BridgeWormhole hackBug bounty programDeveloper docsWormchainxHack hackathonWormhole on TwitterDev on TwitterSponsors: Omni: Access all of Web3 in one easy-to-use wallet! Earn and manage assets at once with Omni's built-in staking, yield vaults, bridges, swaps and NFT support.https://omni.app/ -This episode is hosted by Felix Lutsch. Show notes and listening options: epicenter.tv/468
Transcript
Discussion (0)
Welcome to Epicenter, the show which talks about the technologies projects and people driving decentralization and the blockchain revolution.
I'm Felix and today we're speaking with Deff Borell, who is working on developer relations at Jump Crypto, a core contributor to Wormhole.
Warmhole is a cross-chain messaging protocol that allows users to access applications across networks.
Before we talk with Dev about Warmhole, we'd like to tell you about our sponsors this week.
Omni.
Omni is your favorite new multi-chain mobile wallet that puts the power of Web3 at your fingertips.
In just three tabs, you can stake and manage your assets on over-22 build-in protocols,
including all major EVMs, layer-toos, and non-evams like Cosmos, Solana, and year and more.
Omni extracts away all complexity while being fully self-custodial,
meaning getting yield on your crypto has never been this easy and secure.
Omni also has multi-chain NFT support, so you can view all of your NFTs in one place,
and you can flex your cleanest NFT by setting it as your app background.
Don't forget to check the Explore section in the app
for your daily fix of the hottest dabs, yields and news across chains.
On September 7th, Omni upgraded this app to provide you with more functionality
than tens of different Defi daps and wallets combined.
To highlight their transformation, they renamed from StakeWallet to Omni,
the next generation super wallet.
Join thousands of users on this next generation wallet
by downloading it today on iOS and Android at Omni.app.
Another news, we're hiring.
Episander is hiring.
we're looking for a community manager to help grow our audience and take App Center to the next level.
If you're passionate about crypto and creating great content, we want to hear from you.
Full details can be found at the careers page that we're going to link in the show notes.
Please share with anyone who you think might be a good fit for this role.
So today I'm really excited to be joined by Def.
I was working as a core contributor with Warm Hole.
Warmhole is an exciting network and cross-chain protocol.
Generally, we start these episodes by introducing our guests.
So hi, Def.
Hi, happy to be here.
Hey, Def, your core contributor to Warmhold with Jump.
Usually at the start of the episode, we often try to find out how did our guests get into crypto?
And in this case, also specifically how did you get into working with Jump?
I'm on the wormhole.
Yeah, so I'm one of the very old people in crypto.
I got into crypto in like 2013 in high school.
This was before we even called crypto, you know, blockchain.
This was in the Bitcoin days.
And I got involved with an organization called the blockchain education network.
Back then, it was like the Bitcoin education network called Ben.
And I used to organize events with like all the disparate college students.
all around the universities in the United States so we could do meetups and hackathons and so on.
And I got really into decentralized identities, zero knowledge proofs, all that kind of stuff.
Fast forward.
I've built a couple of companies.
And then eventually I ended up joining Jump as a developer relations.
But one of the most interesting facts is that while I was doing, I've been doing developer advocacy for a long time.
While I was working in decentralized identity and building my startups, I was.
also going around to over 200, 300 hackathon events, sponsoring, mentoring, or participating at
dressed up in a full space suit, teaching students how to write like solidity code as if it was
the word of God, you know, like this is the coolest thing. So one of my greatest achievements,
one of the things that I'm really proud of is that there are hundreds of thousands of
engineers whose first ever taste of blockchain technology was through one of my workshops.
So taking all of that, all of that experience and all of that history with crypto and all of that context around how crypto was formed, I eventually applied for a job to jump through my friend Anthony Ramirez, who mentioned that they were looking for core contributors for one of the projects that they were few are really passionate about, which is Wormhole.
And Wormhole, again, is a cross- messaging platform.
Now, I got really excited about Wormhole because I'm an engineer, and I love tackling a lot of different problems.
So I was coming from the Solidity World, but I wanted to have a lot of different, like, I wanted to go into different ecosystems.
And so Wormhole is an interesting challenge where as an engineer, I don't just have to, I don't just do, I don't have to learn just one ecosystem.
I have to like really be on my feet dancing and learning a lot of different challenging ecosystems
and, you know, whether that's rust for Solana, move for Aptus and Suey, Cosmwasum, for injective
or what, you know, any of these ecosystems and picking that knowledge up and picking those
architectures up. So I ended up at jump. We're doing core contribution for wormhole back in February of this year.
Yeah, that's an amazing history. I didn't know.
that you've been around for so long, that's, that's super cool to have guests there that are, like, dating way back and have seen a lot. I'm sure you took a lot of lessons away from that. And as our guests can see today, you don't wear a space suit anymore, but maybe, maybe you can make a return.
I still got the, I still got my space painting. I don't know up there if you can see it. Yeah, yeah, yeah, awesome. Yeah. Nice.
Cool. All right. Yeah, definitely. I think, yeah, one of those super interesting things I think about warm hole or generally about the space you're, you're in is.
It's like you said, you're touching upon so many different network ecosystems.
That's actually quite similar to what we're working on.
And I think that's one of the nice spots in the space.
But I guess before we dive into that even more, maybe you can explain to us, you know, what specifically, what is Wormhole in your words?
And then we can take it from there.
Yeah.
So Wormhole is a cross-chain messaging layer.
And a lot of people confuse this.
We'll confuse two things.
They confuse Wormhole and Portal.
And I'll talk about what those things are separately in just a second.
But Wormhole basically is a way for us, in layman's terms, it's a way for users to not care about developer choices.
And what I mean by that is when we look at blockchains, we look at blockchains as different infrastructure providers.
Just like in Web 2, we have Microsoft Azure, we have AWS, we have Google Cloud Engine.
We have our Google Cloud Platform.
In Web 3, we have Solana, Ethereum, Polygon, Injective, all of these different chains.
These are all infrastructure.
A user should not care about what infrastructure the developer chooses to deploy their application.
When I go to my bank's website, I don't care that my bank is on Google Cloud platform, right?
I just care that it's a good application that I get to use, and that's it.
And so Wormhole is that missing piece of technology that allows different infrastructure providers to connect to each other.
So the end user can get an application rather than an infrastructure to interact with.
So it's this layer on top of blockchains that really for the end user makes it so they can interact with just clear applications.
Now on top of that, an application was built called Portal.
The portal asset bridge is what most people and consumers actually end up using.
And it's a simple way to just move tokens from one chain to another.
Now, while it's super useful right now because one of the biggest use cases for blockchain technology is tokens,
we're seeing some interesting use case pop up that are non-token-based use cases.
For example, like cross-chain governance or NFT support or like, you know,
gaming or other things that are not just tokens.
And those are going to use that generic message passing layer that wormhole has
without necessarily using token passing as we see it in portal.
All right. Thanks.
Yeah, that makes a lot of sense.
I think there's really, there's a lot of applications that can still be unlocked.
And before you even had something like wormhole, right,
like the general way of bridging to other networks,
it's either impossible or through some centralized party.
So I think this is a very important like kind of step towards really interconnecting this, this, these ecosystems.
Now, you mentioned already like a bunch of the chains that, um, Wormhole today supports.
Um, can you talk a little bit about, you know, how, how do you add support for, for a network in Wormhole?
what are the challenges with adding a new network to this kind of layer to this protocol?
Yeah, so first and foremost, the wormhole is a decentralized protocol.
What that means is the core contributors can't just add a network.
This is one of the biggest misconceptions that people usually run into.
The core contributors might write some code that says, hey, we can add in, here's sample code,
here's a working connection to this new network.
But at the end of the day, it gets proposed to our guardians.
Our guardians are the wormhole validators.
So every wormhole validator, which observes messages on all of the chains that we connect to,
has to basically run a node for every chain that wormhole wants to connect to.
And so if a new network wants to be added to the wormhole ecosystem, they have to propose to the guardians, hey, please run a node for our chain, our network, our protocol.
And the wormhole guardians have to do a governance vote.
The 19 guardians have to decide, yes, we want to run this network.
No, we don't want to run this network.
And after that vote passes, is that network live?
Yeah, that makes sense.
That's, I guess, so can you talk a little bit about how does this,
I guess this guardian said today who they are and I guess how the governance works now
and maybe also a little bit how do you plan to expand?
As you mentioned, there's 19.
Obviously, it's a very high burden, I guess, on these guardians to support so many networks.
how do you maybe imagine or how does Warhol imagine to grow that?
And yeah, what do you see as the steps for that?
Yeah, so the Guardian Network was chosen as the top 19 validators in the space.
So it's not that, you know, these are 19 random validators.
These are validators that are in the blockchain space, unique and separate.
it. So there's a very high anti-collusion probability. What that means is, like,
it's very unlikely that these 19 unique companies would collude with each other because they
have a reputation at stake. So beyond just, you know, value, like other, for example, our
competitors might say, use a proof of stake system, which allows you to become a guard or become
a validator on their network. On the wormhole guardian network, you have your,
reputation at stake as well because there's there's that bigger context of this these guardians being
the bigger validators in the space. And again, as we mentioned, there's a big burden there.
Now, we are thinking about ways to propose to guardians to expand the guardian set. The wormworld
contributors are working on improvements such as worm chain and a variety of other improvements that
we can't talk about just yet just because the designs aren't finalized.
But the idea is if the guardians want to expand and want to grow, there are potential ways
that we're currently discussing with them to grow that pie.
That being said, again, like you said, it's a huge burden to be a guardian on a wormhole network.
So one of the scaling solutions that we're looking into right now is instead of having
guardians run full nodes use something like zero knowledge proofs for validation.
And we're trying that out, you know, in testing and design phasing right now.
So we don't have to worry about guardians running full nodes, but they can actually run
zero knowledge proof systems to test state from different chains and grow that validator set.
Awesome. Yeah, that is definitely something we should get into a little bit later again.
because that seems quite interesting how you might use zero knowledge proofs to do that.
But I guess before we get there, maybe you can talk a little bit about just kind of the
bridging experience.
Now talking about Portal, if you have a new network, can you walk us a little bit through
how would I as a user interact with Portal?
And yeah, can you just like walk us through this flow, maybe?
Yeah, so to interact with portal, first of all, you can just go to portalbridge.com, I believe that's the website. Let me double check. Yeah, portalbridge.com. But really, so the way wormhole works is you start on a source chain, you emit a message, that message gets observed by the guardians to make sure that it's valid. And then a relayer comes along, picks it up, and then submits it onto the target chain. The most
confusing and non-intuitive part about this is the relayer.
And we'll talk about why in just a second.
But everything else is fairly simple.
You go to portalbridge.com, you start your transfer.
You say, I want to bridge five whatever tokens over to a different network.
Now, it's really important to note the difference between bridging a token and swapping a token.
A lot of people come to portal and they are.
like, why can't I swap a token?
Why is it only letting me bridge a token?
And the reason for that is when you bridge a token,
you're sending the same token from point A to point B.
When you swap a token, you're exchanging one token
for one token to another token on another chain.
And swapping a token requires things like price oracles,
requires things like exchange rates,
requires someone to take on counterparty risk.
There are other applications,
that have been built on top of Portal that allow you to swap tokens.
For example, Swim is a great example where you can do stable swaps.
And we have a couple of other partners that are building some swaps that you can interact with.
But Portal basically is a very basic primitive that lets you just bridge the same token from point A to point B.
The second thing to note about Portal bridging, just like any kind of bridging,
is that the way bridges generally work is that they lock up your token on one side
and they mint an IOU on the other side.
So they mint a wrapped version of the token on the foreign chain.
The wrapped version can always be redeemed one for one for the locked up version on the source chain.
So it can be treated basically the same as if it was the source chain token.
But that means that if you want to use it,
it on the foreign chain, sometimes you might run into problems because you have to swap it
for the native version. An example is USDC. So for example, if I want to bridge USC from, say,
Ethereum to Solana, USC has its own mints on Ethereum and Solana. And so if you're using
portal, you might have to, after you bridge your USDC over to Solana, swap the portal
USDA into the native mint for USC on Salada.
So those are two kind of caveats, gotchas that people often run into with portal.
Now, let's talk about the relair bit that I just discussed a little while ago.
The relayer is a kind of dumb piece of software.
It's a web service that listens for messages that guardians have signed and submits them
onto target chains.
It's necessary because someone has to pay the gas.
for transactions on the target chain.
There's no such thing as a free lunch.
Just because you create a transaction on a source chain
doesn't mean that you have paid the gas on the foreign chain.
So the relayer is in charge of paying the gas on the foreign chain.
Now you might be asking, why would a relator do this?
The reason relators do this is when you're creating a transaction
on the source chain, one of the things that you're doing
is that you can often attach a fee for a relayer.
You can say, here's 50 cents, please relay my transaction,
to Solana. And a relayer might say, okay, cool, the transaction fee is only 25 cents.
So I'll pay the transaction fee. I'll pay the gas fee of Solana and pocket the difference
between the relayer fee and the gas fee. And in this way, if they do enough transactions,
they can actually earn money. But they can't modify the message in any way. The wormhole
architecture is such that it's just a dumb message. But basically relators can just submit messages
just a target chain. Hopefully that covers the portal flow.
Yeah, that's that's super interesting. And so the benefit for the user, I guess, is also that
this tip that you give the relayer, you're paying that in the native currency on the source
chain or can you also like attach tips in different ways or how does it currently?
Yeah. So right now, you can pay in, I think, stable coins and native currencies.
But there's nothing stopping you from attaching a fee in whatever token you choose.
The relayer just has to accept it.
And relayers are selective about accepting different tokens because they want to make sure that the tokens that are accepting actually have liquid markets.
Right.
If you attach, for example, your Shiba, Inu derivative, you know, 12, and that doesn't have a liquid market anywhere,
the relayer might not be willing to accept that as a fee because they can't exchange it for something that they can use to pay gas.
Makes sense.
And maybe like in practice, do you have insights into like how many of these relays are running or is this like something that, you know, is dominated by certain people that run this?
Or is it like more distributed?
Would you like to see more people running relays?
Yeah, we definitely want to see more people running relays.
I think right now we have something like 10 relairs running.
But basically, one of the things that we often see is that there aren't relayers.
So relars are a huge topic of conversation.
Like we could spend hours talking about just relars because we have new things rolling out
called generic relairs, plug-in relays.
Reelairs are a huge amount of optimization that's being done in the wormhole network.
But as they stand right now, one of the things is that,
we generally see application-specific relayers.
And what that means is, just like portal is an application,
if you have an application using Wormhole,
you might actually run your own relayer
just for the messages for your application.
And so generally we see a variety of different app of relays
where you might have 10 portal relays running on various different chains.
So for every chain that Wormhole connects to,
there might be a different relays,
that's submitting messages for each chain.
That way they only have to worry about the gas
for the specific chain that they're submitting transactions on.
But then you also see application-specific relayers.
And so in that case, you might have as many relays as there are applications.
So the answer is it is distributed.
It is kind of a scatter plot of different modules.
And we're trying to make that much easier by writing some sample code
and writing some architecture that makes plug-in reliance
layer is really, really easy and easy to deploy.
All right.
Awesome.
Yeah, that's, that's very cool.
I think, I guess, you know, the, we talked a little bit about this bridging and then
the assets that are created essentially when you move through the chain.
And as far as I understand, like, basically what you're saying is also that warm hole basically
won't cover this use case of like switching then to the native token, whatever that might mean.
but that is something that should be built on top,
but is being built on top, potentially even by the application
that is using wormhole as like kind of a infrastructure.
Now, I guess maybe the question is,
is there also like, are some of these wormhole bridged assets
being used directly when there is maybe no native token
on that chain?
And how does liquidity work in that case?
How do you guarantee that?
Yeah, that's an excellent question.
So the word we use for, so in the USDC example,
USDC has a mint on both chains.
But if you don't have a mint on any chains,
for example, you create your token.
We call these cross-chain tokens or cross-chain assets,
X assets.
If you want your token to be an X asset,
all you have to do is created on one chain
and then use a bridge to have a canonical
representation of it on all other chains.
So, for example, if tomorrow I were to launch Devcoin and then just bridge it over
using portal onto Clayton and, you know, Ethereum and all these other different chains,
I would just have the portal wrapped version, but because I would claim it as the canonical
version of that token, I would let developers know that, hey, please use the token here
as the official token.
And so that way you help consolidate liquidity pools.
Now, there's nothing stopping someone from using a different bridge to bridge that token over,
but because I've taken the proactive step as a developer to say that the canonical version of my token is the portal-wracked version of my token,
generally developers will consolidate around that token rather than using different bridges.
So a lot of this has to do with just user awareness and user experience,
and letting developers and users know that, hey, you can use my token on other chains.
You can use this token on other chains.
But please use the canonical mint rather than a non-canonical mint as otherwise you need a liquidity pool.
I see.
Yeah, yeah, exactly.
I think a lot of the issues of the user experience actually that are supposed to be solved
somewhat by the bridges kind of reappear in this.
Like now we have these different representations.
It obviously also creates like a little bit opportunity maybe for like these swap protocols.
I know like for example, Sabre or Solana had like a big kind of market just to like exchange between these different representations in a stable swap manner.
But obviously I don't know if that's the ideal path.
So would you generally say that you would like is the goal for Bromhole to like get these X assets to be the canonical representation?
I assume basically the answer is yes, but maybe on top of that.
Yeah, is that kind of also part of, let's say, the business model for Wormhole to have that?
Or I guess we kind of talked a little bit about.
Let me maybe introduce a concept here that it will help guide this conversation.
One of the things that WormWCorp contributors just launched and was approved domain net is contract control transfers.
You might hear this called payload three.
It's a portal-specific payload.
And I'll talk about why I'm talking about this technical.
It's a technical thing.
But it allows for, it's a primitive that allows for building some really, really cool swap infrastructure.
And so contract control transfers allow you to send tokens alongside a payload from one chain to another.
And this is really, really cool because in one atomic transaction, you can say, I want to,
say send Ethereum, along with the payload, the payload says, please swap this Ethereum for
Solana, and then I'd go send the Solana to this address. And so what this will do is I can pay
an Ethereum on one side, have that atomic transaction, that transaction goes to Solana,
swaps it for Solon and deposits the sold into the account that I want.
and then pays the relay or whatever the fee is.
And what that allows me to do is, again, do that swap,
build that swap on top of portal without needing to do multiple transactions.
And in one atomic transaction, you can bridge and swap.
So that's something that we're really excited about and we think that major swaps and not just major swaps,
major use cases.
For example, say I have a game on Solana and to play the game, you have to pay the game,
you have to pay the gas fee in Seoul.
Well, one of the things you can enable is actually I want to spend my ETH.
I can create a wrapper contract around the game or however I want to implement it.
But I pay an ETH.
The ETH gets transferred, converted to Seoul, and then pays for the gas cost for the play button on the game.
And so this way I can pay for the gas cost for the application on Solon.
even though I'm sending money from a foreign chain like Ethereum.
I see. Yeah, that sounds super promising and kind of brings back that composability that is probably needed to really create a user experience that is like mass adoption ready. So that that's really cool.
I think, you know, we mentioned a bit that how relayers basically earn money in terms of like just the
the fees that are attached to these payloads.
Is there what if there is there something like how it works for guardians or how
why do guardians do it or if you can talk about it like are the plans for this and how
might it work or even if there's nothing clear yet could you talk about what some of the options
maybe are that that could exist in such a in this network?
Yeah.
So like the business model for wormhole is really not really a.
business model. Whirl is a public infrastructure. So the way Jump looks at wormhole is that it's
public infrastructure. The reason Jump has core contributors that work on wormhole is that there's a
belief that there needs to exist applications on top of wormhole that are super useful, that are
investable, that are businesses. But to build those businesses requires this public infrastructure.
So one of the reasons the guardians and Trump and other interested stakeholders are building on top of wormhole or contributing to wormhole is that if this public infrastructure exists, then there's a pathway to building businesses that can have bigger business models on top of wormhole.
Does that make sense?
Yeah. Thanks. That's super helpful.
just like you need like an electric grid to exist before you can build like computers and you know all of these other things so there's a belief that the future applications that are monetizable that are going to be super interesting to use and so on require this kind of public infrastructure to exist okay so but then they would still at some point have to pay for this infrastructure potentially these applications once it's more
let's say ingrained in the system or is that something that could happen or how do you see that play out?
Yeah.
So there's definitely talks about, you know, how can wormhole be self-sustainable and so on.
Again, all of this is in the design phase.
So I don't want to mention any specific thing because in case the guardians reject it, like
wormhole core contributors might say, hey, this is like a thing you could do.
And the guardians might say, no, that's not actually what we want to do.
Or the guardians might say, hey, we want to actually implement this.
And I just don't know about it or things like that.
So there are a lot of plans that are being shaped about how to build Wormwell's self-sustainability.
But that's currently a lower priority than making sure that that infrastructure exists in the first place.
All right.
Makes sense.
Thanks for expanding on that.
I think that surely is interesting for a lot of users.
and the guardians and everyone, including me even.
So that's cool.
And I guess maybe to get back a little bit to kind of the security assumptions or like just in general bridges.
So I think, you know, maybe for context or for our listeners, there's definitely, you know, a lot of concerns around these bridges.
Since it's like very complex technology, a lot of the hacks that actually have happened in the past year have been kind of related.
to bridges. I think if you looked at the wrecked leaderboard, there is a lot of bridges,
a lot of value that has been kind of lost in the bridges. Of course, unfortunately,
Wormhole was also part of this. Now, maybe you can talk a little bit about, you know,
why, I guess, first of all, why is it that bridges seem to have like more of these
kind of issues, if that's true. And then I guess also like what wormhole learned from this specific
incident and kind of like what specifically changed in the approach to building wormhole or actually
like really in the code that that maybe kind of makes these kind of incidents less likely.
Yeah. So let's first of all just talk about the wormhole hack and specifically what happened.
Just so everyone has the same context and that way everyone's on the same.
So the wormhole hack happened actually the third day when I was a core contributor for wormhole.
So I just joined on and the third day this hack happened.
But one of the things that happened was a bug in our Solana code.
And so you can read the whole write-up on our medium.
It goes into detail about exactly how it happened.
But basically one of the signature verification programs that the wormhole core code called in,
was spoofed. And instead of actually checking signatures, it just returned valid for whatever
signatures. So how that happened and all of the other read means you can go and read that. Now,
one of the reasons that Bridges specifically are such a big honeypot for hackers is this concept of
their large vaults of locked up cryptocurrency. They take in large amounts of cryptocurrency on the
cryptocurrencies on any given chain and they lock it up.
And so they have this massive reserves.
And on the other side, they create IOUs that can be used and redeemed wherever
possible.
So one of the reasons that hackers specifically like this is if they break a bridge, they
get everything that's in the large vault of the locked up currencies.
This is kind of, you know, this is, as a hacker, it's a pretty low, like a low attack vector for a large, you know, reward.
Now, what's being done to kind of mitigate this risk is after the hack happened, a couple of things that the wormhole core contributors started looking into was how can we mitigate attacks such that if something happens on one chain.
So there's always going to be smart contract risk.
If you're going to create open source software, there's always going to be smart contract risk because all of the contracts are open source.
Anyone can look at them and they can run attacks on them all day long until they find a zero day and then use it.
So how can we actually mitigate this risk?
One of the things is something that we call accounting.
And that's basically to deploy a middle layer between all the chains that actually keeps track of how much is money is moving in.
and out of any given chain.
And what that allows us to do, or allows a wormhole to do,
is actually limit attacks when an attack happens on one chain.
When portal gets, if portal gets attacked on one chain,
that attack limit is the size of the chain itself.
So if like Ethereum goes down, then we have a bigger problem
because Ethereum has a large number of locked assets.
But if one of the smaller chains goes down,
it's less of a, you know,
It doesn't affect the entire locked worth, locked net worth.
Secondly, a huge, huge, huge help that's, you know,
we really have been proud of is the wormhole bug bounty program.
We launched with, I think, one of the largest bug bounties in the space,
$10 million.
We've had a couple of really good submissions that have helped us find bugs
right before they happen.
So that's been really, really, really exciting that people have responded to that.
And we've been able to secure and help build security in the bridge.
And then a couple of other things that we're working on are things like Worm Chain.
So Worm Chain you might have heard of mentioned a couple of times.
You can go read about it in our design docs on the GitHub.
But basically, Worm Chain is this middle layer between all the chains that we can kind of use to do accounting and other things.
Another thing that we're working on is limits.
We call it governor.
So, for example, this actually went live, I think, two weeks ago, which if you're transacting large amounts between portal from one chain to another, all the guardians actually have to approve certain limits on each chain.
So, for example, you might not be able to, and this is just a random number, I don't know, the exact governor limits, you can look them up on the GitHub.
But like if you're moving from Ethereum to Solana, you might not be able to move more than like $100 million in a day.
And you might have to wait until the next day.
So these kinds of governor limits also help mitigate risk.
And we're working on a number of other features.
There's a research team that's dedicated to coming up with kind of security tools and security best practices.
and we're not doing this alone.
Bridge, just as you mentioned, bridges are one of the most vulnerable pieces of technology
in the ecosystem because they're honeypots and these, you know, they're large vaults
that lock up large amounts of cryptocurrencies.
And so we're actually working with, you know, other bridges and trying to work with,
trying to understand.
Are there ways that we can do better in terms of security?
across the board.
Yeah, thanks.
That's super insightful.
I think also we'll link to all these,
or like try to link to most of these documents or things that we mentioned,
especially I guess the bug bounty program, the write-up and maybe things about
Warren Chain in the show notes.
So if you're listening to this, hopefully the links will be there.
If not, hit us up and we'll send them to you hopefully or Google it.
So, right, I think the security question,
obviously is like a pretty big one.
We mentioned already earlier a little bit around zero knowledge proofs.
I guess is this another kind of venue that might make it more secure?
Is it more just like around scalability or what are the benefits of using that?
Again, maybe for for Wormhole.
And then maybe you can also talk a little bit about how exactly or like not exactly
but how do you plan to incorporate this technology into warm hole?
What might it bring in terms of benefits?
Yeah, at a high level, the way the Bridges plan on using zero knowledge proves
is basically to attest the state of an entire chain just as a roll-up does.
Basically, attest the state of an entire chain using block headers onto another chain.
So basically you say, oh, Solana has the past 100 blocks.
We're going to roll them up with all the block headers.
We're going to submit a zero knowledge proof.
And then any time a change is made to the, you know, made to this next block,
the new zero knowledge proof must be computed such that it still listens to the old zero
knowledge or it still complies with the old zero knowledge proof.
And then you can you can validate that.
And you can keep submitting those proofs.
And then you can run a.
set of, you know, the guardians basically just go around validating the zero knowledge
proofs and making sure that, you know, that no invalid proofs are submitted.
But, again, a lot of this is still in the design phase because there's a certain number
of requirements to this, depending on different chains or different ecosystems, this gets
really complex.
People are used to zero knowledge proofs in the EVM ecosystem.
But validating proofs on, for example, Solana is a lot harder.
than EVM because of like compute limits and so on.
And no native support for like, you know,
Grot 16 Verifier or any of these things.
So when we talk with zero notch proofs,
one of the challenges is that we don't have uniformity
across different ecosystems.
And so, you know, one of John's research teams,
what they're working on is really just finding
that uniform validation ground between different
ecosystems that we can use this across all the chains that Whirlpool connects to.
Right.
Yeah, that makes sense.
I think also even Ethereum, right, a lot of these, because that's a very fast-moving, like,
space where a lot of the new cryptographic curves and stuff has been coming out only
like recently.
And I guess many of the chains didn't have in mind that they might want to use this.
and it might have to be added in hindsight or later or even can't maybe be added so i have i know i've
seen like a bunch of you know even like in ethereum right i think adding bLS signatures was was
like a whole process that that took forever so definitely very exciting space and i think yeah should
should be able to to add a lot to the to the user experience and the security of um of using uh bridges
so thanks for expanding and cool to hear that jump i guess is also contributing a bunch in this space
um so maybe like switching again a bit to a different topic like more application level stuff
i think you know one of the very interesting things i mean wormhole it's been super successful
i think for a while maybe the biggest bridge or or at least in the very top it's still in the top three
probably and but if I look at the TVL right it was like I think almost five billion for for a
moment and then obviously the market crashed but there was also another event that that like brought
this down a lot which is the terra collapse so obviously terra was a big kind of driver of usage of
wormhole because people wanted to bring assets to anchor or kind of integrate that so like one of
the things that anchor was supporting just for context for listeners was also staked eith from
lydo and there was the anchor eth so that went through wormhole also the solana if the same thing so
obviously that that collapsed maybe i guess there is a pretty close relationship based on that
was there with terra from from warm hall maybe you can talk a little bit about you know how
that impacted the warm hole like ecosystem and what what was the situation like in that moment
on a on a personal note um trump was actually hosting a terra hacker house uh during the terra collapse
so when that was happening you know the the mood is very somber i was there everyone was there
I'm just watching the price go up and down.
So that was quite a place to be in.
But when that happened, it was actually very, I don't want to say calm.
It wasn't calm.
But from the wormhole side, there wasn't a big upset.
Because even though we were losing one of our partners, and this was definitely a sad day.
nothing really changed technically, right?
There was an exploit on the wormhole side.
There was no massive change.
The worst thing that wormhole core contributors had to deal with
was just a customer support of all of the people
who were trying to use portal for the first time or the second time
and trying to bridge their tokens back from Terra to anywhere else.
And so this actually really really,
goes to show the decentralization nature of Wormhole, where Wormhole wasn't so closely tied
to any one chain, even one as big as TARA, even one that was such a big contributor to the TBL for
Wormhole, that like, wormhole basically took that hit and was like, yeah, we just move tokens back
and forth, or we just send messages back and forth, and that's okay. And, you know, the Guardians had to
figure out, the big thing that happened technically was,
on the Guardian side.
The Warmal Core contributors didn't really have to do much.
The Guardians had to halt Terra because, like when Terra halted, they had to halt Tara.
And during the time the Terra was halted, there was a number of customer support requests.
Why can't I get my tokens out?
Well, the chain isn't live, so that's why.
And then when the chain was restarted, it was a matter of getting, you know, are the Guardians going to restart the chain?
some guardians wanted to some guardians didn't and so you know that was a whole conversation but again
from the whirlpool core contributor side because it's decentralized you know the core contributors were like
well whatever the guardians want to do that's great like there's there's no extra code to be written
terror didn't change its code base right it was just a matter of guardians deciding yeah we want to support
the new terra network or we don't or we want to halt it or we don't and all of these things
Yeah, right. I think it overall in this incident, like most of the technical infrastructure actually has performed very well. I think even like on the terror side itself, right? Like 10-Mint and the smart contract code that kind of made the, that made up the system worked very well and under this high load. And I don't think anything happened on that. And like most of the problems were more around like on the terror side around, you know, there being so.
much lunar minted that some attack would have become likely and then all these these things that had to be done because of that.
But generally, I think like a very interesting kind of stress test and a real environment, of course.
Of course, like, unfortunately, a lot of people lost money, including all these organizations or lost business and really like a huge low up, of course.
But I guess it also kind of proved that some of these infrastructure is actually ready for really big,
kind of uses, which is maybe not necessarily true even for like centralized system sometimes where things might fall apart more than what we've seen there.
So yeah, thanks for that.
I think one of the big things that also in this event happened, I guess is because of the price disparity on different networks there and Luna price crashing fast.
and people trying to arbitrage it and stuff like this.
So there's a lot of like this MEV, I guess, essentially, on, in that moment, especially,
which makes up, I think, a lot of the overall MEV in some of these networks, like these,
these tailored events, how from the warmhole perspective, was there anything like notable
from that you, is there, is there anything that, that warmhole, like, I guess that impacted it or that facilitated it or that you saw?
Yeah, yeah. So one kind of problem, not problem, one of the, one of the, one of the challenges with bridging is that inherently because you're going from one infrastructure to another, if you have, for example, a market of, if you have a liquid market of a token on two different infrastructure providers, you're going to have price disparity. And this is actually not even a blockchain problem. This is just a markets problem. And if you have two markets, the two markets are going to have different prices, right? Whether that's,
to centralize two marketplaces or decentralized marketplaces, it doesn't really matter by the
virtue of them being different marketplaces, they're going to have different prices.
And so, when people bridging tokens back and forth between portal, you know, they often were doing
so to try to take advantage of price disparity on one market, say on Solana and Syram or another
on you swap on Ethereum and so on. But again, that doesn't really have anything to do with
Warmole technical, it was just, it was something that we could enable,
Wormwell could enable, with people taking advantage.
And I don't actually think that's a negative thing, because that's basically how we
normalize price, right?
If there was no way for people to be able to bridge currencies from one infrastructure
to another, then you would have even higher price disparity because you wouldn't be able
to normalize that price.
But because people could bridge that currency back and forth between two infrastructure,
providers, there's a much more easier path to normalization of that price.
Yeah, I think I agree there.
I guess also like, yeah, if you don't have that, maybe the only way or like people that
can do it are more there where there is like some centralized component that is able to like
trade on both sides or just like allows you to bridge like, I guess like just a centralized
exchange.
So definitely this is, I guess, better by nature of just being accessible to everyone and not
including everyone.
So I think that that's really cool.
I mean, that really goes to show how important that this infrastructure also is.
In a sense, this Terra applications and everything was like some of the most used stuff on wormhole.
And maybe you can talk a little bit about what right now, what are like exciting applications.
I think we also touched upon a little bit in the course of this interview.
but maybe you can also talk a little bit more about like what's some exciting things that are being built on wormhole right now that that you're seeing or maybe also that you're not seeing and you want to see stuff like a lot of stuff that is being built is a lot of defy stuff which is very exciting you know token swaps and things like that nature things that I wish where more people were building on top of wormhole would be things of the like cross chain governance or cross chain
games and using VA's as identity modules and all of these.
There are some advanced things that you can do with Wormhole that people haven't really tapped
into yet because, again, the current Zyke guests has been around tokens, which makes sense,
right?
Token, everyone loves tokens.
But as a personal note, I think there's a lot of really cool non-token use cases that I'm
excited for people to really tap into and build on, such as a personal note, I think there's a lot of really cool non-token use cases that I'm excited for people to really tap into
and build on, such as cross-chain governance.
Right.
Makes sense.
I think, yeah, right, your job, I guess also, like, maybe let's talk a little bit around that,
like I guess developer relations, right?
So from the developer perspective, maybe just the question as in general, again, I guess,
how would developers interact with Wormhole, actually?
What's the best way?
Is there also like a plug-in?
if I say like I'm a dab that I can kind of somehow have wormhole being plugged in into my
dab or how does it look in practice? And maybe also like what are you working on to make that
even easier? Yeah. So integrating with wormhole is a spectrum. On the very easy side, you can
just integrate with wormhole by just accepting wormhole assets, right? Like just accepting portal assets
natively. So if you just do that, you have done a very easy integration. On the more advanced
side, you can do integrations with Wormhole by sending messages back and forth using the Wormhole core layer, which is a much more advanced integration.
So you can learn all about the different types of integrations and how to get started with doing all of this at book.wurmhole.com.
This is our documentation for developers. And we're working on a number of sample projects.
That documentation isn't live yet. I'm working on it. But there's a lot.
There's going to be a number of sample projects that actually show you how to make use of things going back and forth and being able to launch in production.
So, right, like we talk about this.
I think if you're, I guess there's also like other things you're working on to, you mentioned a hacker house that Jump was hosting.
I guess in general, what kind of initiatives do you have to, I guess, recruit.
developers are like help them or yeah get this ecosystem going yeah so there's we're working on right
now x-hack which is jump jump crypto's premier event is a cross-chain chain agnostic hackthon starting
monday of this week which i don't know when this podcast will go live but it'll be september 26th
you know and it'll go for four weeks um so we're working with developers in all different
ecosystems and challenging them to like get started with working on working on wormhole stuff.
So that's that's one of the big avenues right now that, you know, all of us are heads
down trying to get that, get that going.
Yeah, that sounds pretty exciting.
And I hope we're not releasing this way too late that no one can look into this.
But if we do, then hopefully there's also like some exciting use cases come out of that that
that you can look at and maybe expand on.
I think that's all the questions I had.
Dev, thanks so much for coming on,
for talking to us about Wormhole and giving us a bit of better view.
Since I think, you know, a lot of the mystery,
maybe sometimes around it,
if you're not like in this ecosystem,
I think our listeners that will also have learned a lot today.
So I really appreciate it.
If there's anything else, you want to shout out,
or like talk about now's time.
But yeah, thanks so much for joining me today.
And best of luck.
Thank you, Felix.
Thank you for joining us on this week's episode.
We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud,
or wherever you listen to podcasts.
And if you have a Google Home or Alexa device,
you can tell it to listen to the latest episode of the Epicenter podcast.
Go to epicenter.com.
TV slash subscribe for a full list of places where you can watch and listen.
And while you're there, be sure to sign up for the newsletter, so you get new episodes in your
inbox as they're released.
If you want to interact with us, guests, or other podcast listeners, you can follow us on
Twitter.
And please leave us a review on iTunes.
It helps people find the show, and we're always happy to read them.
So thanks so much, and we look forward to being back next week.