Multi-Chain Stablecoins: Security, Risks and Best Practices

A multi-chain stablecoin is defined by the fact that the asset is available to users on multiple blockchains. There are a couple of different ways that this can be implemented, including:

• Native Issuance: Natively issued stablecoins are directly deployed on multiple different blockchains by the stablecoin issuer. For example, USDC is a multi-chain stablecoin pegged to the USD that is issued on Avalanche, Ethereum, and Solana.

  
  

• Wrapped and Bridged Assets: Wrapped and bridged stablecoins are created when stablecoins created on one blockchain are transferred over to another. This could be implemented either via a cross-chain bridge — where assets are locked on one chain and equivalent, wrapped assets are issued on another — or via interoperability protocols. USDT is an example of a stablecoin that is commonly transferred to other chains and wrapped.

 A stablecoin may have a presence on multiple chains due to a combination of these as well. For example, USDC, which is natively issued on several chains, can also be bridged to others.

Multi-chain stablecoins are complex systems that span multiple blockchains and the systems that link them together. This introduces a variety of different risks, ranging from the potential for cross-chain bridges to be exploited by an attacker to the risk that a protocol might spread itself and its assets too thin.

Historically, cross-chain bridges have been the source of some of the biggest and most expensive DeFi hacks to date. Often, this involves tricking the bridge into releasing assets on one chain without a corresponding input on another chain. This could occur due to a signature validation issue, a centralized approval structure, a logical bug, or a reentrancy vulnerability.

Another risk with cross-chain bridges is the potential for double issuance or inflation. This occurs when a wrapped asset is minted without a corresponding stablecoin being locked up. This can cause inflation or a loss of a stablecoin’s peg or its valuation as equal to a fiat asset.

Stablecoins often work by having the issuer hold assets equal in value to the number of stablecoins issued. This could be the fiat asset that the stablecoin is pegged to or a collection of assets that are used to maintain an algorithmic peg to the target value.

Since these holdings can include digital assets, this approach runs the risk that the issuer’s on-chain account might be hacked or that the issuer might abuse their power. If, for example, a stablecoin issuer doesn’t use a multi-sig wallet for these assets, an attacker only needs to access a single private key to drain the protocol’s reserves.

Stablecoin protocols need to maintain a certain level of liquidity to support their users. If a user attempts to convert a stablecoin into the underlying asset, the protocol should have sufficient reserves on hand to do so.

This becomes more difficult with multi-chain stablecoins because liquidity may be distributed across multiple chains. This can negatively impact asset pricing, arbitrage, and the ability to settle large transactions on a particular chain.

Stablecoins often have simpler compliance requirements than traditional cryptocurrencies since they are pegged to a fiat asset. This reduces the potential risk of crashes and clarifies its role from a regulatory perspective.

Multi-chain stablecoins are more distributed than traditional stablecoins, hosted on more platforms and exposed to additional users. This can complicate compliance, especially from the perspective of adhering to Know Your Customer/Anti-Money Laundering (KYC/AML) regulations.

Multi-chain stablecoins face a variety of potential risks. Some best practices to help ensure the security, stability, and compliance of these projects include the following:

• Secure Bridge Design: Cross-chain bridge vulnerabilities are a leading security threat with significant potential impacts for multi-chain stablecoin security. Stablecoins should perform strict audits of all deployed code and use multi-sig wallets to manage governance and transaction validation.

  
  

• Code Audits: Vulnerabilities in the code of stablecoin smart contracts could result in token losses, inflation, or a stablecoin losing its peg. All code should be audited and undergo ongoing monitoring for anomalous transactions and newly discovered security threats.

  
  

• Secure Custody: Stablecoin issuers should implement strong security controls for the reserves backing their stablecoins. This includes decentralized management and governance, and the use of cold storage and multi-sig wallets to protect these reserve assets.

  
  

• Multi-Chain Governance: With stablecoins hosted on multiple chains, governance is more complex, and risks to one chain can also impact the others. Implementing robust, decentralized governance can help ensure that upgrades, security incidents, and other events are handled smoothly.

  
  

• Incident Response Planning: If a hack does occur on a stablecoin protocol, rapid response is essential to minimize the potential losses and damage to the protocol. Having monitoring systems and incident response plans in place ensures that team members can quickly implement freezes and other controls in the event of a security incident.

Implementing resilient stablecoins is a complex endeavor due to the potential security, financial, and compliance risks involved. Expanding these stablecoins to multiple smart contract platforms exacerbates this problem as each platform has its own security nuances, and the protocol needs to consider and secure the interactions between each of them.

Halborn’s advisory services support DeFi projects at every stage of the process, from initial design to pre-deployment code audits. To learn more about implementing your project in accordance with security best practices and reducing your risk exposure, get in touch.