Layer 0 Wars: LayerZero vs Chainlink's CCIP
Who comes out on top?
Welcome to the alpha please newsletter. We curate alpha for you. That’s it; that’s the newsletter.
Thanks for reading alpha please! Lots of work goes into writing these newsletters, so please subscribe below.
Pickle here again.
Following the release of the Stargate Finance token bridge built on top of LayerZero, there has been fiery discussion on Twitter both for and against LayerZero’s implementation of their cross-chain communication protocol.
Consequently, my broader article (to include IBC, Axelar and Thorchain) has been put on hold to address a lot of the misinformation, misunderstanding and lack of objectivity which is leading non-tech savvy crypto people (such as myself) to get more confused, or simply led astray.
The purpose of this article is to analyse and distil available information from both protocols, from source (whitepapers and quotes from respective teams on various social media platforms) to provide you, alpha please readers, with the wheat from the chaff, and avoid too much conjecture.
This is not a code review.
The objective of this article is not to throw shade around or attack individuals or the aforementioned protocols.
I will give my opinions mainly at the end, but this is my opinion only, and not fact.
Where I’m unsure or applying my own interpretation, I will say. If there are any inaccuracies after release, we will post addendums.
What’s to come?
Introduction: What is a Layer 0?
New layer on the block: LayerZero
How does LayerZero work?
So, who does come out on top?
The term ‘layer 0’ can be interpreted in several ways, a reasonable catch all definition is:
‘A communication protocol, enabling smart contract execution across multiple chains, with one transaction from any one source chain enabling cross-chain functionality for dApps and (native) token bridging’.
Why is this important? For any DeFi users across multiple chains, it should be self evident, even more so for the multi-chainooooors.
LayerZero is just the latest attempt at this extremely important infrastructure development.
The two other well known cross-chain protocols include the Polkadot and Kusama ecosystems, each respectively built with their own network of blockchains, and IBC (Inter-Blockchain Communication Protocol) which currently operates only in the Cosmos Ecosystem. I have huge appreciation of IBC, and think it has the potential to be the dominant layer 0, but development to include non-Cosmos chains (zones) is far off and won’t be discussed in this article today. Axelar, which is in the midst of releasing it’s mainnet, is another new cross-chain protocol, also in the Cosmos ecosystem, and will be discussed another time.
New Kid on the block: LayerZero
LayerZero is the child of Primo and Ryan Zarick with input from well known ex-Sushi developer (and Tokemak advisor) 0xMaki. Lifting from their whitepaper below:
LayerZero, the first trustless omnichain interoperability protocol, which provides a powerful, low level communication primitive upon which a diverse set of cross-chain applications can be built. Using this new primitive, developers can implement seamless inter-chain applications like a cross-chain DEX or multi-chain yield aggregator without having to rely on a trusted custodian or intermediate transactions.
‘Trustless’ here implies that a user does not have to trust a individual or party to act honestly, that the smart contracts and code as part of the protocol will ensure executed transactions won’t be able to be exploited by bad actors to do something other than your initial aim. More on this later.
LayerZero is not a blockchain, it is a protocol, largely operating off chain with ‘ultralight client end points’ which are smart contracts built on chains it is aiming to connect. Chains will include L2s, as well as L1s; and later non-EVM, as well as EVM.
The first and easiest use case for LayerZero to go after is bridging. Bridges are a nightmare, and involve reasonable risk, LayerZero bridging infrastructure (being used by Stargate) aims to reduce this.
Bridging is not a nice experience - going from one EVM chain (say Ethereum) to another (say Fantom) can be a struggle. Current bridges suffer from stuck transactions, lack of liquidity, slippage and high fees, not to mention smart contract risk or hacks. Alternatives include going via CEXs on occasion, but that’s not always possible and is obviously less secure (‘not your keys, not your coins’).
Stargate Finance’s recent release on top of LayerZero has really put the spotlight on this area of blockchain development.
existing DEX implementations involve converting the user token into a protocol-specific token that transits their intermediate consensus layer to achieve transaction consensus. This intermediate consensus layer, though usually implemented in a secure manner, does require the user to trust a side chain to facilitate the token transfer.
Examples of existing bridges which essentially have their own blockchain and a intermediate token include popular implementations like Synapse (n<token> pools e.g. nETH-ETH nUSD-stablecoins), Thorchain (RUNE pairs), AnySwap/Multichain etc. This indeed is an additional level of complexity open to being exploited.
Existing DEX solutions are not ideal because they involve two intermediate transactions—one to convert the sender’s token to an intermediary token and one to convert the intermediary token to the desired “real” token on the recipient chain. In addition to this, it is necessary for the user to fully trust the intermediate consensus layer that confirms the transaction on the source chain and conveys intent to mint the token to the destination chain. While existing exchanges do enable cross-chain token transfer, they do so at the cost of unnecessary complexity and cost.
What’s the work around? One alternative has been wrapped assets. Good examples of such bridges are Avalanche’s native token bridge from Ethereum to Avalanche. The user experience is exceptionally quick, there’s no slippage or high fees, and very low gas costs. What’s the catch? The assets you transfer from ETH to AVAX are wrapped - the native assets are held in a smart contract on the ETH side and wrapped versions issued on the AVAX side. e.g. USDC → USDC.e.
Now imagine the smart contract controlling the assets on ETH is hacked and the funds stolen. Now the wrapped assets on AVAX (USDC.e) are worthless. For this reason, Avalanche seem to now be encouraging transfer of native assets to their blockchain over wrapped, where possible.
This is more or less what happened with the Solana Wormhole Bridge hack of 120,000 ETH
Native asset bridging (where possible, not all assets are native on all chains, especially not between EVM and non-EVM chains) is preferable for this reason.
Stargate is achieving this goal with a soft roll out of native USDC and USDT bridging across some EVM chains, with aims to do more later.
How does Layer Zero work?
LayerZero Endpoint exists on each (supported) chain, and any chain with a LayerZero Endpoint can conduct cross-chain transactions involving any other chain with a LayerZero Endpoint. In essence, this creates a fully connected network where every node has a direct connection to every other node. With minor boilerplate code, any blockchain is supported.
LayerZero refer to their light onchain clients as ‘LayerZero Endpoints’. They are made up of smart contracts which have three main functions:
For simplification, I’m going to refer to all of the above as ‘endpoint’ and run a simple example.
Cross-chain action committed on chain A (e.g. against a deposited asset in a lending protocol on ETH, borrow USDC from the same lending protocol on Polygon) and sent to the endpoint.
The endpoint sends information to the Relayer and Oracle - both separate entities and both off chain.
The Oracle confirms the block header (the Oracle on testnet was Chainlink).
The Relayer confirms the transaction on chain A (it’s function is similar to an Oracle but looking for a different bit of data).
Presuming everything is in order, the rest of the action stated on chain A is committed on chain B (USDC is received in wallet on Polygon).
If there is any contention between the Relayer or Oracle as to information being passed on, the smart contract is paused and not committed to chain B.
To ensure valid delivery, the only requirement is that for any given message sent using the LayerZero protocol, the Oracle and Relayer must be independent of each other. The protocol itself does not require any specific implementation of a Relayer, and in theory the users of LayerZero could even implement their own Relayer service. This design allows users to be sure that the Relayer cannot collude with the Oracle, and this independence is what allows us to implement trustless validated delivery.
I will return to the above quote and trustlessness assumptions in the later discussion.
There will be multiple programmable and modifiable parameters for each dApp. They could theoretically just use the LayerZero endpoints but a different Relayer to the stock LayerZero ones, and a different Oracle to Chainlink.
Quoting Primo from the discord
dApps could specify their own number of confirmations required on chain A before sending information to chain B (thereby increasing security/getting closer to ‘finality’ but slowing the cross-chain action).
There is a presumption that LayerZero will eventually tokenise. The protocol will likely have a staking element to its operations with potential slashing (loss of staked ZRO tokens) for bad actors/malicious behaviour from the Relayers. This is all conjecture, as there has been no confirmation from the team.
Chainlink CCIP: Cross-Chain Interoperability Protocol
CCIP was announced in August 2021 during the now annual Chainlink SmartCon event by the CEO and co-founder Sergey Nazarov. In addition to this, the primary source of information is the official Chainlink site.
Additionally, Aylo produced a fantastic thread on twitter which summarises CCIP and the value proposition nicely.
CCIP will fit into the wider off-chain middleware infrastructure that Chainlink have been building since 2017 and will take advantage of pre-existing innovations including off-chain reporting (OCR) and Decentralised Oracle Networks (DONS) to enable high throughput off-chain computations, beyond simple Oracle functions.
Much of what we know of CCIP thus far is discussed by Ben Chan in the video below, and also provides foundational knowledge regarding the current Chainlink infrastructure relating to this.
Cross-Chain Interoperability Protocol (CCIP) provides a universal, open standard for developers to build secure services and applications that can send messages, transfer tokens, and initiate actions across multiple networks.
CCIP will include all the functions discussed above in relation to LayerZero, including a programmable token bridge to allow similar dApps to Stargate Finance to be built out.
The additional innovation with CCIP, as mentioned in the YouTube links above, is the creation of ‘Hybrid Smart Contracts’ which will enable both on-chain and off-chain smart contracts to work together, in conjunction with cross-chain execution.
The CCIP equivalent to LayerZero endpoints are called ‘messaging router smart contracts’ which from here on I will refer to as MRSCs.
In CCIP there is not a significant differentiation between Relayer and Oracle functions. Both are done by the Chainlink DONS which must agree information matches and is accurate, before passing information on from chain A (through MRSCs) to chain B (through MRSCs). In my humble opinion, this is no less secure, and in fact potentially more secure than the LayerZero design, as things stand, and I will discuss this later.
In addition to the functions which are similar to LayerZero, CCIP will have the Anti-Fraud Network, as discussed by Ben in the above presentation. This will be a separate set of nodes to those processing cross-chain transactions which will monitor for discrepancies and pause the smart contract function if something inconsistent is detected between executed transaction messages and the state of chain A in a transaction.
This can be considered an additional layer of security on top of what is comparable on LayerZero.
Unfortunately beyond what I’ve stated, the rest would be inference and conjecture as CCIP is yet to go live and documents regarding its implementation are not yet available. The presumption is that the Anti-Fraud Network nodes will have similarly high levels of decentralisation to current DONs/the DONs acting as the traditional Oracle and Relayer for the cross-chain transactions.
The other major presumption within the community is that explicit staking will go live alongside/very near the time of CCIPs release. It would strengthen economic incentives for the node operators to work correctly and potentially institute slashing for bad actors.
All of this is yet to be clarified or corroborated officially by the team, who are notorious for playing their cards close to their chest and dropping releases out of nowhere.
Following the release of Stargate, there has been controversy on Twitter and Discord servers regarding the implementation of LayerZero, the potential vulnerabilities and risks associated with it. A lot was clearly misinformation (intentional or not) and given the subject, it’s been hard to fact-check some statements.
Firstly, and most importantly, the issue has been raised that the Oracle currently on chain is not Chainlink.
The current Oracle provision is not currently decentralised or battle-tested, which does mean there is a higher chance of exploitation or hacks.
Good news; Primo has confirmed, as with their testnet, the primary Oracle available will be soon be Chainlink. Until then, the increased risk is baked into LayerZero. Primo stated this to me in a direct chat days before this came up as an issue on social media. This was not a quick response to allay fears, but their long-term plan already.
Next issue; The Relayer.
The Relayer being an independent/separate entity from the Oracle is noted to allow for trustless and more secure transactions in the whitepaper, but I think this needs further exploration.
Firstly, it may well be difficult to ensure that they are independent entities.
By allowing dApps to choose their own Oracle and Relayer (permissionless), malicious attacks could be permissible whereby both the chosen Oracle and Relayer collude to, for example, pretend an asset is being bridged, resulting in minting of assets on chain B, while retaining them on chain A as well. Collusion is very possible.
Realistically, this is the same risk as any dApp has and should be fairly transparent when dApps are planning to act in a malicious way from published smart contracts on chain, before any funds are stolen.
Also, it’s almost certain every serious dApp would use Chainlink for the Oracle portion of their dApp. If the Relayer acts maliciously/is hacked/doesn’t work as intended, the Chainlink Oracle will disagree with the outcome and prevent any significant losses beyond gas for execution on the originating chain.
Are there potential benefits to an ‘independent’ Relayer from the Oracle (read: run by a separate entity)? Yes.
To quote Primo again from a brief chat with him:
Some assumptions have to be made here for this to be an effective and realistic alternative to just using Chainlink for both actions:
Chainlink nodes are fallable (no system is perfect, but the battle-hardened protocol has only had one notable mistake, which was not an Oracle issue but a human error of mispricing silver with gold price for on-chain feeds in February 2020, and the small amount of lost funds were replaced by the team).
Chainlink nodes do not have sufficient incentives to prevent malicious actors from providing wrong Oracle data (the DONs system would mean the majority of nodes, in a large collection, would have to collude together, against their own interests, whilst also all being KYC’d and well established participants who would have massive reputational damage from such actions). This has not yet happened for any aspect of Chainlink Oracle functions.
A separate Relayer system to the Oracle system (which will inevitably be Chainlink, for obvious reasons, in all serious dApps moving significant value) can be more trusted (or ‘trustless’) in comparison to Chainlink nodes.
For 3. to be true, the proposed Relayers from LayerZero would need to be more decentralised with better economic (and future staking) incentives compared to Chainlink nodes, with back-up systems in place were they to fail, of similar calibre to Chainlink DONs.
Relayers being optionally created and run by dApps directly seems to be unrealistic for most protocols, for similar reasons to why most dApps choose to use Chainlink instead of their own Oracle for price feeds these days - it’s another piece of infrastructure they’d rather not build, secure or maintain themselves, and they’d unlikely be able to produce something better or more decentralised than what already exists. Therefore, I suspect most would opt for LayerZero’s own Relayers, or request Chainlink to perform both functions.
Ultimately, the Relayers used would have to be comparable to Chainlink DONs to make it worthwhile separating this function from the Oracle.
I think a separate Relayer function was partially instituted to reduce dependence on Chainlink, not necessarily from a security or safety perspective alone, but potentially to differentiate it from CCIP and provide more value to LayerZero (this is just me waxing lyrical).
So…who does come out on top?
This is a very subjective answer, and you can come to own conclusions. To reiterate, CCIP docs are yet to be released, and so much of what is known is based on talks and the Chainlink CCIP webpage relating to it.
Based on my discussion above, I think having a Relayer and Oracle separated is not important, and potentially a hinderance unless done very very well. At that point LayerZero is at the very least comparable, if not better, due to sharded security.
For the sake of argument, let’s presume LayerZero and CCIP off-chain handling of Relayers and Oracle functions are equally good. What’s left to differentiate things?
On-chain smart contracts enabling their functions (LayerZero endpoints vs CCIP MRSCs)
CCIP’s Anti-Fraud Network
For both 1. and 2., we do not yet have any more detailed specifics, but given Chainlink’s history, I would expect mainnet production of both to be highly tested and audited and likely to function well. Assuming on-chain smart contracts are comparable between both protocols, then it comes down to whether the Anti-Fraud network would provide an additional layer of security (and not just complexity) to CCIP. If this is the case, then CCIP would be a better protocol for both dApps and users.
For 3. Chainlink has a longer history and reputation for delivering safe and secure middleware infrastructure. LayerZero is new, but headed by a group of clearly intelligent and innovative developers. Time will tell how their reputation develops.
We could also add that CCIP is being developed by Christian Catalini and Dan Boneh. It isn’t an exaggeration to say that they are two of the finest minds when it comes to cryptoeconomics and cryptography.
Being better doesn’t mean being more successful
Despite what I’ve said above, which leans towards favouring CCIP, that does not mean CCIP will be more successful. Adoption of technology often comes down to being first to market, having better publicity and having better network effects, whilst being ‘good enough’. An apt comparison proving this is VHS vs Betamax.
Even then, the space may not be truly ready for cross-chain dApps, and something entirely different, further down the line, may win out. IBC is a real contender, especially with greater finality, which is interpreted differently by LayerZero and CCIP.
There have been murmurings for some time of certain DeFi 1.0 lending protocols on Ethereum using CCIP once it is ready. I think certain DeFi protocols will be ‘kingmakers’ in the layer 0 wars, and likely lead to other dApps following their lead. If they go for LayerZero, it will certainly be hard for CCIP to overcome.
Bridges, whilst highly important, have no real moat of technology on the dApp level as things stand. They are as forkable as DEXs and would require some novel technology or network effects for a long period to ensure their long-term success. Both LayerZero and CCIP have/will have the basic token bridge infrastructure to allow for multiple bridges, and I suspect there may be a ‘race to the bottom’ for lowest fees to encourage adoption, whilst incentivising both liquidity and holding of their token (akin to vePTP or veCRV or veJOE models). This is a small warning to those fully and completely invested in Stargate Finance’s (STG) future.
To summarise, I think Chainlink and LayerZero are both good for each other. CCIP has been in the shadows for nine months, in development, and LayerZero’s release may well push the Chainlink team to get it out sooner. CCIP in turn encourages LayerZero to keep innovating and improving to ensure the head start it’s gained is maintained.
Competition is good, progress is good. Twitter makes everything seem PvP but I think most blockchain developers, certainly my impression of these two groups, is that they are here to move us forward and that’s good for all of us.
As always, thanks to Aylo for helping with research and for creating great artwork, and Samuel for autistically editing, proof-reading and refining.
Thanks to Primo for taking time out to talk to me. He provided extensive, helpful replies and I’m sure he’s an extremely busy guy right now.
Thanks to ChainlinkGod and RTJ with helping answer Chainlink related questions to the best of their knowledge.
I’m happy to discuss things in further detail and open to clarification. I realise I am not a technical writer, and am always willing to learn.
Please follow me on Twitter here if you enjoyed this article for more frequent updates not included on the alpha please substack.
Remember to join our discord led by Samuel for in-depth discussions and alpha.
And that’s your alpha.
Thanks for reading alpha please! Subscribe for free to receive new posts and support our work.
The Discord will be going invite only very soon
Our discord has become a thriving community of alpha sharers with great discussion. To make sure it remains a valuable space, we will make making it invite only shortly. You can still click the image to join for free.
Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Do your own research.