Protection Against Blockchain Reorganization

Nakamoto consensus¹ only reaches eventual finality, meaning that blocks (and the transactions within them) can be rolled back. These “reorganizations” can affect the final blocks in a chain.

When transferring tokens from blockchains that only achieve eventual finality, the Kima liquidity pools are at risk since a deposit transaction on the source chain could be reorganized out of the chain after the corresponding withdrawal on the destination chain was finalized.

Reorgs, by themselves, are not a problem. If an honest user’s deposit was reorganized out of the source chain, the same deposit transaction could be included in a later block. The core problem is that malicious users can take advantage of a reorg to execute a double-spend attack by emptying their accounts before the deposit to the Kima pool is eventually confirmed on the newly confirmed blockchain. In extreme cases, malicious users could attempt to initiate a reorg to execute double-spend attacks. Successful double-spend attacks have been perpetrated on small chains (like Ethereum Classic²), but no double-spend attacks have ever been recorded on Bitcoin or Ethereum³.

Note that transferring tokens to blockchains that only achieve eventual finality does not pose a risk to Kima. If Kima wardens release tokens on the destination chain, and that transaction is reorged out, the wardens can simply resend the transaction.

The risk of reorgs on the source chain will always be a risk when transferring tokens from a chain that only has eventual finality (e.g., Bitcoin or Ethereum) – there is no way to eliminate it completely. The risk of reorgs can be reduced by waiting for additional confirmations on the source chain, but excessive waiting degrades the user experience.

Although the risk of reorgs cannot be completely eliminated, it can be partitioned and managed, and Kima has taken the following steps to mitigate the risk posed by reorgs:

1. Variable confirmation thresholds: To minimize risk without degrading the user experience, Kima wardens use variable confirmation thresholds when deciding whether a transaction on the source chain is finalized. For example, low-value deposits can be accepted with fewer confirmations than high-value transactions. Similarly, deposits from known and trusted entities can be finalized with a lower threshold of confirmations than deposits from unknown or untrusted sources.

2. Warden stake: All Kima wardens maintain a stake. If wardens finalize a transaction that is eventually reverted on the source chain, the warden stake can be slashed to reimburse liquidity providers whose funds were lost. This slashing mechanism provides a tool for allocating risk between wardens and liquidity providers and can be tuned by on-chain governance.

3. Insurance: Setting an insurance pool can protect traders and liquidity providers against the risk of double-spend attacks in the same way it protects against other forms of protocol risk.

¹Satoshi Nakamoto. Bitcoin whitepaper.https://bitcoin.org/bitcoin.pdf, 2008.

²https://www.coindesk.com/markets/2020/08/07/ethereum-classic-attacker-successfully-double-spends-168m-in-second-attack-report/

³https://www.gemini.com/cryptopedia/double-spend-attacks-bitcoin