imToken Labs: Explaining the Maker DAI Bridge

In an Optimistic Rollup, it is assumed that transactions are valid by default. Only in the event of a challenge are fraud proofs run. There is a dispute period during which anyone can publish a fraud proof to indicate whether the state transition is valid or not.

A transaction is only accepted as correct if no one disputes the state transition within a given dispute period.

However, this dispute period has become a drawback of Optimistic Rollup that affects the user experience: Having to wait for the dispute period for every withdrawal. Therefore, a new protocol with fast withdrawal has been proposed.

To achieve “fast withdrawal”, we need an intermediary or a liquidity provider to provide assets.

Since ‘Rollup Bridge’ could refer to the L1 <-> L2 Bridge provided by the Rollup itself, or to other bridges built on top of the L1 <-> L2 Bridge, let us clarify that we are talking about the second kind. The Maker DAI Bridge is built on top of Optimism’s Bridge and allows users to quickly claim assets back to L1.

Rollup Bridges

The security of the Rollup is anchored to the L1 where it is located (e.g. Optimism is anchored to Ethereum): A censorship-attack on L2 needs the same effort as on L1; if you want to re-org L2 and do a double-spend attack, it takes the same effort as if you want to re-org L1 too.

The Rollup Bridge is the L1 and L2 interaction protocol. When you send messages from L1 to L2 contracts or you deposit ETH to L2, you always need the Rollup Bridge to roll up messages. Bridge security and L2 transaction security are the same, security will not be reduced because the bridge is across the L1 and L2.

That means the Rollup Bridge provides a secure and decentralized way for L1 and L2 to interact and for L1 and L2 assets to be transferred to each other.

Note: The Rollup Bridge is not something that comes naturally, it does not automatically exist when creating a Rollup. You have to build your Rollup Bridge with your specific Rollup protocol.

If you use MPC to perform cross-chain transactions through a cross-chain bridge, you will need to trust the nodes involved in the MPC. But in a Rollup Bridge, there is no such role. Sending messages through Rollup Bridge is the same as sending Rollup transactions. The security and censorship are guaranteed by Rollup itself, which is why the Rollup Bridge is said to be decentralized.

Fast Withdrawal (From L2 to L1)

The Rollup’s dispute period duration is to ensure the security of the transaction, meaning anyone who wants to withdraw assets from L2 back to L1 will inevitably have to wait for the dispute period.

If a Bridge provider, however, believes that a rollup user’s withdrawal transaction is correct and credible, and a re-org is unlikely to happen, he can offer to send his own funds — minus a small fee — to the user upfront.

This way, the ‘fast withdrawal’ doesn’t mean the Rollup supporting an elaborate form of fast transfers, but rather being a liquidity provider providing assets in the middle.

As long as someone wants the money in L1 in one hour (instead of seven days) and is willing to be paid a fee, the deal is done.

The Usual Fast Withdrawal Process

The user first applies for fast withdrawal through a fast withdrawal contract at L2. The fast withdrawal contract uses the same normal withdrawal function, which takes seven days. At this time, the bridge sees this fast withdrawal transaction. And after confirming that this transaction is credible and difficult to re-org, the user applies for the advanced payment with the L1 fast withdrawal contract taking the ID of the L2 fast withdrawal transaction as an object.

Note: At this time, the L1 fast withdrawal contract itself is not yet aware of the existence of this L2 fast withdrawal transaction.

When the seven-day challenge period has passed, this L2 fast withdrawal transaction will be relayed to the L1 fast withdrawal contract.

If the bridge has already paid for this transaction, there will be a record in the contract, and the contract will directly transfer the assets withdrawn from this exchange to it. Else, the contract will follow the normal process to transfer the withdrawn assets to the original withdrawer.

Note: The amount the bridge pays in advance will be the amount that the user withdraws, minus the bridge’s handling fee.

Note: If there is no Rollup Bridge, there is no way to safely and reliably relay the fast withdrawal message to L1, and no one will dare to do the advance payment first. Therefore, a Rollup Bridge is one of the necessary conditions for fast withdrawal to exist. (Of course each Rollup team will definitely build a Rollup Bridge, because without one no one would want to use the Rollup anyways.)

The Maker DAI Bridge

The Maker DAI Bridge is roughly the fast withdrawal described above, except that the liquidity provider inside is not just some thirdparty, but the Maker’s treasury itself.

The bridge provider vouches to withdraw DAI (this voucher can only withdraw DAI after the dispute period), and the DAI treasury will mint DAI for it. When the dispute period is over, the bridge provider can repay the loan and take the collateral voucher to collect the DAI.

This minting feature is Maker DAI Bridge’s huge advantage in the fast withdrawal service competition because it takes the risk of capital utilization and asset exposure from users and liquidity providers. On top, theoretically, the liquidity of Maker DAI Bridge can be unlimited. Furthermore, since the staked and lent assets are DAI, liquidation is unlikely. Finally, unless the Rollup is compromised by an attack, these loans are guaranteed to be repaid on time.

Disadvantage of Maker’s approach

But the disadvantage is that Maker DAI Bridge relies on one Oracle service for security. The Maker Protocol has a centralized Oracle service for sending the real-world prices of tokens to the chain. The Maker Protocol relies on quotes from these Oracle’s to determine which loans are already in a liquidation state.

The DAI treasury itself cannot determine whether a withdrawal on L2 is valid, so a third party is needed to simulate the execution of the transaction off-chain to confirm the validity of the withdrawal. Just like nodes of an Optimistic Rollup do not need to wait for the operator to upload the latest state, they can get the correct state by simulating the execution of the transaction.

It means that Maker Bridge will directly follow the original established and battle-tested Oracle service to act as this third party.

The Process Behind Maker’s Bridge

First, the user deposits DAI to the L1 Maker Bridge, and the L2 Maker Bridge will mint the oDAI for the user to use. When the user wants to withdraw back to L1, they need to pull a request to L2 Maker Bridge to withdraw and destroy the oDAI. When the L2 withdrawal transaction is put into the transaction log of the L1 Rollup contract, the Oracle can execute and judge the validity of the L2 withdrawal transaction. If it is valid, the Oracle will approve it on the L1 Maker Bridge, and the L1 Maker Bridge will mint the fDAI to the user. Users can take the fDAI to the DAI treasury and stake it for DAI.

Finally, when the challenge period of the L2 withdrawal transaction ends, users can repay the loan, withdraw the fDAI, and use the fDAI to withdraw the DAI. The fDAI will be in the form of NFT, because each withdrawal will be unlocked at a different time and it is non-fungible.

If there was no fDAI, the L1 Maker Bridge would unlock the DAI directly to the user after Oracle approves it. In that case, if the Oracle was evil, it would cause the DAI of L1 Maker Bridge to be unlocked and taken away. If then the L1 DAI on Maker Bridge would be less than the L2 oDAI, some people in L2 would lose their oDAI.

That’s why Maker Bridge uses fDAI collateralized borrowing to transfer the risk to the DAI treasury which is the holder of Maker tokens. If the Oracle does something bad, the result will be a new bad debt to the DAI treasury, but the L1 DAI and L2 oDAI on Maker Bridge will still maintain a 1:1 mapping.

Note: There will be a design that gives the user the incentive to repay the loan, to claim the DAI with their fDAI. Otherwise users have no incentive to complete the withdrawal, and leave the vault open leaving the Maker protocol to bear the cost itself. As a solution, the fDAI collateral could only be lent at X% (X < 100), or users could be partially refunded when withdrawing the collateral. We’ll see more details when the Maker Bridge is released.

Note

  • Currently, Maker only supports Optimistic Rollup (or more precisely, Optimism only), because most of the current ZK Rollups do not support L1 <-> L2 interaction (which, as mentioned, is a necessary feature). The dispute period of ZK Rollup is much shorter than that of Optimistic Rollup, therefore fast asset withdrawal will not be a much needed feature for ZK Rollup users.
  • The Maker Optimism DAI Bridge is still in production.
  • The same design can be used for other Optimistic Rollups, such as Arbitrum with modifications to Arbitrum’s Rollup Bridge.