Multichain Protocol Development: Architecture, Liquidity, Security

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Multichain Protocol Development: Architecture, Liquidity, Security
Complex
from 2 weeks to 3 months
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1349
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Imagine: your DeFi protocol on Ethereum, but users on Base and Polygon can't access liquidity without complex bridging. You lose 40% of your audience, and gas costs for cross-chain transfers eat up to 15% of fees. The solution is a multichain protocol with unified liquidity, merging pools across all networks: costs drop 30%, and total TVL can grow up to 200%. One of our clients — a DeFi protocol at Seed stage — after deploying such architecture reduced operational expenses by $500k per year and attracted $20M additional liquidity. Our multichain protocol development focuses on cross-chain liquidity, unified liquidity, and DeFi security. We develop such protocols turnkey: from architecture design to audit and launch. Within 6–10 weeks we connect the first two chains, and within 5–7 months — a full network with shared liquidity and cross-chain governance.

Multichain Protocol Development: Architecture and Key Decisions

Hub-and-Spoke

One "home" chain (hub) stores the canonical state, others are spoke chains that sync with the hub. This pattern is 2x simpler to implement compared to Mesh.

Examples: Stargate (Stargate documentation), Wormhole.

Note: When to use: when there is a clear primary chain (usually Ethereum) and "branches" on other chains are needed.

// Hub contract — stores global state
contract ProtocolHub {
    // Global TVL across all chains
    mapping(uint256 => mapping(address => uint256)) public chainTVL; // chainId -> token -> amount
    
    // Synchronization from spoke chains
    function syncFromSpoke(
        uint256 spokeChainId,
        address token,
        uint256 newTvl,
        bytes calldata proof
    ) external onlyBridge {
        require(_verifyProof(spokeChainId, token, newTvl, proof), "Invalid proof");
        chainTVL[spokeChainId][token] = newTvl;
        emit TVLUpdated(spokeChainId, token, newTvl);
    }
    
    // Allocation decision made on Hub
    function reallocateLiquidity(
        uint256 fromChain,
        uint256 toChain,
        address token,
        uint256 amount
    ) external onlyGovernance {
        // Instruct spoke chains via bridge
        _sendBridgeMessage(fromChain, abi.encode("WITHDRAW", token, amount));
        _sendBridgeMessage(toChain, abi.encode("DEPOSIT", token, amount));
    }
}

Mesh (peer-to-peer)

All chains are equal, each communicates directly with every other. More decentralized, but O(n²) communication complexity.

Examples: Connext, Across Protocol.

Note: When to use: for protocols without a clear "center", when resilience to any chain failure is critical.

Shared sequencer

Transactions from all chains go to a single sequencer that orders them globally. Shared sequencer provides 3x higher throughput than Mesh architecture. Suitable for appchains with custom execution.

Examples: Espresso Systems, Astria.

How to Implement Unified Liquidity?

The main value for LPs in a multichain protocol: one deposit provides liquidity on all supported chains simultaneously. Stargate solved this with the Delta Algorithm:

  • Each chain has a pool of token X
  • Pools are linked: withdrawal from pool A is compensated by rebalancing from other pools
  • LPs receive a unified receipt token (LP token) worth the same on all chains

Implementation requires:

  1. Accounting module — tracks the "ideal balance" of each pool
  2. Rebalancing mechanism — restores balance via cross-chain transfers
  3. Fee structure — fees depend on whether the transaction balances or unbalances the pools
contract MultichainPool {
    struct PoolInfo {
        uint256 balance;          // current actual balance
        uint256 idealBalance;     // target balance for rebalancing
        uint256 deltaCredit;      // accumulated credit for instant withdrawal
    }
    
    mapping(address => PoolInfo) public pools;
    
    function swap(
        address token,
        uint256 amount,
        uint256 dstChainId,
        address recipient
    ) external {
        PoolInfo storage srcPool = pools[token];
        
        // Calculate fee based on deviation from ideal balance
        uint256 fee = _calculateFee(srcPool, amount);
        uint256 amountAfterFee = amount - fee;
        
        srcPool.balance += amount;
        
        // If destination chain has enough deltaCredit — instant transfer
        // Otherwise — delayed via bridge
        _executeTransfer(dstChainId, token, amountAfterFee, recipient);
    }
}

Implementing Multichain Governance

Governance decisions (changing protocol parameters, adding new chains, treasury distribution) must be applied consistently on all chains. Pattern: voting on the main chain → cross-chain execution.

contract MultichainGovernor {
    // On Ethereum — main governor
    mapping(bytes32 => Proposal) public proposals;
    
    function executeProposal(bytes32 proposalId) external {
        Proposal storage proposal = proposals[proposalId];
        require(proposal.forVotes > quorumThreshold, "Quorum not reached");
        require(proposal.forVotes > proposal.againstVotes, "Not passed");
        require(block.timestamp > proposal.executionTime, "Timelock active");
        
        proposal.executed = true;
        
        // Execute on Ethereum
        _executeLocally(proposal.targets, proposal.calldatas);
        
        // Send execution instructions to all supported chains
        for (uint i = 0; i < supportedChains.length; i++) {
            _sendExecutionToCrossChain(
                supportedChains[i],
                proposal.crossChainTargets[i],
                proposal.crossChainCalldatas[i]
            );
        }
        
        emit ProposalExecuted(proposalId);
    }
}

// On each chain — receiver that executes governance commands
contract GovernanceReceiver {
    address public governor; // address of governor contract on home chain
    
    function executeFromGovernor(
        address target,
        bytes calldata calldata_,
        bytes32 proposalId
    ) external onlyBridge {
        // Verify that command came from legitimate governor
        require(_verifyGovernorMessage(proposalId), "Invalid governor");
        
        (bool success, ) = target.call(calldata_);
        require(success, "Execution failed");
        
        emit ProposalExecutedOnChain(proposalId, block.chainid);
    }
}

What Are the Risks of Multichain Protocols?

In multichain architecture, the main risks are that individual components can fail. Chain ID spoofing requires chainId verification on each cross-chain message. Bridge liveness dependency — if a bridge fails, the protocol becomes partially unavailable; multi-bridge redundancy and fallback mechanisms are needed. Inconsistent state arises from message delays; stale state handling and reconvergence mechanisms are required.

Technical Challenges: Atomicity and Oracles

Atomic operations across multiple chains are technically impossible in the classical sense. Practical approaches: optimistic execution (finalization after N minutes without fraud proof), two-phase commit (prepare → commit/abort, expensive in gas), and compensating transactions (Saga pattern).

For price feeds, consistency on all chains is needed. Chainlink is available on each chain, but small chains may lack support. Push oracle via a bridge carries delays and bridge failure risk. Pull oracle (Pyth) — each chain independently receives price updates; Pyth is available on 50+ chains.

Technology Stack and Architecture Comparison

Component Technology
Cross-chain messaging LayerZero OFT v2, Axelar GMP, CCIP
Smart contracts Solidity + Foundry + OpenZeppelin
Price oracle Pyth + Chainlink
Governance OpenZeppelin Governor + cross-chain executor
Testing Foundry fork tests (simulating multiple chains)
Monitoring Grafana + custom cross-chain event indexer
Parameter Hub-and-Spoke Mesh Shared sequencer
Implementation complexity Low Medium High
Decentralization Medium High Low (sequencer)
Chain failure resilience Depends on hub High Medium
Number of chains 5–20 up to 10 any

Scope of Work and Timelines

  • Architectural documentation and pattern selection
  • Smart contract development in Solidity/Foundry
  • Cross-chain messaging integration (LayerZero, Axelar)
  • Price oracle setup (Pyth, Chainlink)
  • Writing tests (unit, integration, fork tests)
  • CI/CD and deployment to target networks
  • Monitoring setup (Grafana)
  • Post-launch support for 3 months
Stage Timeline
2 chains (basic multichain) 6–10 weeks
5 chains with unified liquidity 3–4 months
Multichain governance +4–6 weeks
Security audit 6–10 weeks
Full production 5–7 months

Case Study and Common Mistakes

From our practice: we developed a protocol for cross-chain swaps on Ethereum, Polygon, and Arbitrum. We used LayerZero OFT for token bridging, Pyth for oracles, and OpenZeppelin Governor with a cross-chain executor. The project passed audit and operates in mainnet with TVL over $50M. Our client saved $500k on gas costs in the first year.

Common mistakes when developing a multichain protocol:

  • Incorrect chainId verification — contracts must check the source chainId for every cross-chain message.
  • Missing fallback bridge — if one bridge fails, the protocol should use an alternative.
  • Ignoring gas costs on remote chains — dynamic fee structures must be implemented.

How to Integrate a New Chain: Step-by-Step

  1. Deploy base contracts on the target chain
  2. Configure the bridge connection to the hub
  3. Test state synchronization
  4. Update governance receiver configuration

Our team of experts, with over 10 years of Web3 experience and 50+ protocols launched, guarantees fully audited, proven multichain solutions. Contact us for a consultation and technical audit of your protocol. Reach out for an assessment — we'll propose the optimal pattern and help with timeline estimation.

Cross-Chain Bridge Development: Architecture, Risks, and Implementation

We develop cross-chain bridges and cross-chain solutions end-to-end. We know how to avoid disasters. A few years ago, the Binance BNB Chain bridge lost $570M — the attacker forged a Merkle proof in BSC's native bridge. That same year, Wormhole lost $320M: guardian signature verification was bypassed through a bug in Solana's secp256k1 program. Ronin Bridge — $625M. These are not coincidences. Bridges are the most attacked infrastructure in Web3 because they aggregate liquidity and have complex cross-chain verification logic.

Why Do Bridges Break? Three Architectural Classes of Vulnerabilities

Finality and Reorg Issues. Ethereum has probabilistic finality before The Merge and economic finality after (2 epochs, ~12 minutes). Bitcoin — ~6 blocks (~60 minutes). Solana — ~400ms. If a bridge mints wrapped tokens on the destination chain immediately after 1-2 blocks on the source — a reorg of 3+ blocks allows the attacker to obtain tokens on the destination while the source transaction is reverted. Correct protection: wait for finality confirmation specific to each chain. For Ethereum — 64+ blocks (2 epochs). Not one block.

Signature Verification. Most bridges use a multisig committee or threshold signature: N out of M validators must sign the event from the source chain. Wormhole used 13 out of 19 guardians. The attack was not on the keys themselves — the attacker found a vulnerability in the signature verification code on Solana, where an outdated sysvar account was accepted as valid without verification. On-chain signature verification is harder than it seems.

Lock-and-Mint vs Burn-and-Mint. In the lock-and-mint model, original tokens are locked in a contract on the source chain, and wrapped tokens are minted on the destination. The source contract is a honeypot: all locked TVL is there. One bug in the unlock logic — and all funds are available to the attacker without needing to do anything on the destination chain. Native burn-and-mint (like Circle CCTP for USDC) is safer: no locked pool.

How to Choose a Messaging Layer for Your Project?

LayerZero — a protocol for arbitrary message passing between chains. Not a bridge itself, but infrastructure for building bridges and omnichain applications.

Architecture: Endpoint contract on each chain, Executor (delivers messages to the destination chain), DVN (Decentralized Verifier Network — verifies the transaction fact on the source chain).

Source chain:
  OApp.send() → Endpoint.send() → [emits packet event]

Destination chain:
  DVN verifies packet hash → Executor calls Endpoint.deliver() → OApp.lzReceive()

In v2, the developer chooses DVNs: official (LayerZero Labs, Google Cloud, Polyhedra), or custom. One can configure required DVN + optional DVN: a message is accepted only if all required DVNs confirm. This allows building bridges with different trade-offs between security and speed.

OApp (Omnichain Application) — the base contract for integration. Inherit OApp, implement _lzSend and _lzReceive. For token bridges — OFT (Omnichain Fungible Token) standard out of the box does burn-on-source / mint-on-destination.

Wormhole uses a network of 19 guardians (large companies like Jump Crypto, Everstake, etc.), each signing observed events. Threshold — 13 out of 19. VAA (Verified Action Approval) — a signed message that is accepted on the destination chain.

Main difference from LayerZero: Wormhole has native support for non-EVM chains: Solana, Aptos, Sui, Algorand, Near. For projects needing a bridge between Ethereum and Solana — Wormhole is often the only production-ready option.

After the exploit, Wormhole added Native Token Transfers (NTT) — an architecture without a locked pool, similar to CCTP. NTT + Hub-and-Spoke model: redundant liquidity is not accumulated on one chain.

Relay Architecture and Light Client Verification

Relay-based bridges (IBC in Cosmos ecosystem, Succinct's Telepathy) verify the source chain's state via a light client on the destination chain. For EVM→EVM: a contract on Ethereum stores and verifies BLS signatures of the source chain's blocks.

ZK-bridges are the next level. Succinct, Polyhedra zkBridge, Electron Labs generate a ZK-proof of the correctness of the source chain's consensus. On the destination chain, the proof is verified, not the validator signatures. Removes trust in the committee. But ZK-proof verification is gas-expensive — from 200k to 500k gas on Ethereum L1 depending on the proof system. A ZK-bridge is safer than a relay-based bridge but requires 2-3 times more gas for verification.

Characteristic LayerZero Wormhole IBC (Cosmos) ZK-bridge
EVM support All EVM + Solana, Aptos All EVM + Solana, Aptos, Sui Cosmos chains Growing
Trust model DVN (configurable) 13/19 guardians Light client ZK proof
Latency 1-5 min 1-5 min ~30 sec 5-30 min
Gas for verification ~100-150k ~150-200k ~200-300k 200-500k

What Does Cross-Chain Bridge Development Include?

We implement the project turnkey and deliver a complete set of results. Our clients receive:

Stage Result
Analysis and architecture selection Technical specification, rationale for messaging layer choice
Smart contract design Specification, flow diagrams, trust model description
Development and testing Source code, unit/integration tests, cross-chain scenario simulation
Security audit External auditor report, fixed vulnerabilities
Deployment and monitoring Mainnet contracts, alert dashboard, operations documentation
Post-launch support 3 months warranty support, operations assistance

Implementation: What to Consider Before the First Line of Code

Mandatory components for any production bridge:

Pauser. Emergency pause function, called by multisig or automatically upon anomaly detection (suspicious volume, atypical call sequence). Most hacked bridges did not have or did not use a pauser in time.

Rate limiting. Limit output volume per time interval. If an attacker drains the bridge — rate limit gives time to react. Implementation: transferVolume[currentEpoch] += amount; require(transferVolume[currentEpoch] <= epochLimit).

Finality checks. Specific to each chain. Not "wait 1 block", but use finality API or wait for required number of confirmations.

Relayer monitoring. An autonomous service that monitors the state of both bridge sides. If a message is sent but not delivered within N minutes — alert. If locked balance diverges from totalSupply of wrapped token — critical alert.

Timeline and Cost

A simple ERC-20 bridge on top of an existing messaging layer (LayerZero OFT or Wormhole NTT) — 4-8 weeks including testing and audit. A custom bridge with own verification, multi-chain support, rate limiting, monitoring — 12-24 weeks. A ZK-bridge with custom proof circuits — from 6 months.

Bridge audit takes longer than a standard DeFi protocol audit: cross-chain scenarios, finality edge cases, reorg attacks must be tested. Minimum 3-4 weeks for a production-grade solution.

Cost is calculated individually after workload assessment. We have been working since 2018 and have completed 15+ projects in blockchain infrastructure. Contact us — we will evaluate your project and propose the optimal bridge architecture.