Mid-August 2021 saw one of the largest cryptocurrency heists in the industry's brief existence. Hackers stole over $600 million in various cryptocurrencies, exploiting a smart contract bug within the Poly Network.

The hackers returned their stolen funds just two days later after claiming to be “Mr. White Hat,” or a hacker that attempts to do good by finding network bugs and bringing them to the project's attention. But, such an attack leads one to wonder how it could even occur in the first place.

Poly Network’s fatal flaw

Essentially, the hackers prey on Poly's smart contract code. As a project looking to build the most extensive network of interoperability between blockchains, users can swap one cryptocurrency on one blockchain with another via a simple smart contract. For that smart contract transaction to go through, it needs validation by one of Poly's bookkeepers — users who sign transactions to verify their authenticity.

Due to the Poly Network's smart contract bug, however, the hackers took power from other bookkeepers and made it so that only they could verify its authenticity. From there, the hackers created millions of dollars worth of swaps on different blockchains, sending the transactions to the bookkeeper and then confirming it themselves.

Poly's weakness here was due to its more centralized point of authority. There are only a limited number of bookkeepers on the Poly Network, which effectively centralizes the transaction verification process and leaves verification up to a small few. The hackers took advantage of this centralization and removed other bookkeepers' power via smart contract commands. Considering that decentralization is the key strength of blockchains, that centralized weakness presents a significant bottleneck.

The MAP Protocol

As more and more blockchains come to fruition, the barriers between chains are becoming more and more bothersome. Yet, features of different blockchains can be quite diverse, making connecting all chains extremely hard, if not impossible. Thus, MAP Protocol introduces the MAP blockchain network, making the whole ecosystem easily extensible. With a dedicated blockchain, the protocol can extend itself to “talk” to any blockchain that might come up. 

There is no privileged admin inside MAP Protocol, especially for fund-related operations. In this way, MAP Protocol can become a solid freeway for fund circulation where anyone can use it without FUD. This is achieved within the MAP blockchain, as well as the two layers built on top of it: the MAP assets layer and the decentralized application (DApp) layer.

The dedicated MAP blockchain maintains all kinds of light clients for all interested blockchains. Incentive relayers monitor the state change of each connected blockchain and submit the information to the MAP blockchain to keep the light clients updated. Each light client is designed to contain just enough information to verify the state update according to the corresponding consensus protocol. 

The MAP assets layer is composed of bulletproof smart contracts guarding users' funds and dealing with cross-chain transfers. Asset-related operations such as minting, burning and more can only be triggered with a cross-chain message backed up by valid cryptographic proof, e.g., a Merkle proof. Note that light client contains newer blockchain headers, where a verified Merkle root can be used to check the validation of a Merkle proof. 

With cross-chain communication enabled by the MAP blockchain and cross-chain transfers enabled by the MAP assets layer, cross-chain decentralized finance (DeFi) applications can be easily built on the MAP chain, aka, the DApp layer. Furthermore, as all cross-chain messages will be relayed by incentive relayers, developers are freed from the burden of monitoring each blockchain. 

MAP vs. Poly

Even though MAP Protocol is still in its early stages compared to Poly, its long-term plan has been designed by learning from the recent hacks targeting cross-chain protocols. MAP is coming out with a testnet in Q3 to start testing cross-chain transactions with EVM-compatible blockchains. At this time, users can test what it's like to be a node or a relayer before the mainnet launches.

From there, MAP will gradually connect all sorts of decentralized projects. Integrations will be relatively limited to start, but the blockchains selected for initial access will be of the highest quality. MAP plans to expand its services even to blockchains where smart contract capabilities are currently unavailable.

However, there is no such thing as a free lunch. Centralized cross-chain interoperability can be quickly built, but all users' funds are at risk due to the blind trust on a few selected parties, as well as the extended attack possibilities introduced as demonstrated by the Poly network hack. Yet, the construction of decentralized cross-chain interoperate protocols can be challenging on the engineering side, but users are released from the aforementioned FUD. That is the reason behind the technical strategy of MAP protocol. Let the team take the engineering challenges as well as the burden, but let our users feel a sense of relief and enjoy a safe and borderless cryptocurrency realm. Stay tuned.