Recently, I've been reviewing materials on IBC and various "messaging/bridges." The more I look, the more I feel that a cross-chain transfer essentially boils down to asking: who do I trust? The consensus of the blockchain itself is of course one layer, but more often you're trusting whether the light client is running correctly, or whether the validator set updates have been manipulated; if it's a relay, then a relay going offline is usually just slow, but if it's a multi-signature/committee/oracle type bridge, then it becomes "are these people/machines malicious or hacked?" Many cross-chain incidents aren't because the chain itself failed, but because the trust boundaries are drawn too optimistically.

By the way, I also thought about the recent NFT royalty disputes, which are quite similar: on one side, people want protocols to automatically settle royalties for creators; on the other, they worry it might hurt secondary liquidity. The same applies to cross-chain: if you want smoother operations, you need to pay a higher trust cost; if you want less trust, you can only accept slower, more complicated processes, or even certain paths that aren't supported. Anyway, when I take notes now, I first write "who do I need to trust," then consider whether I can use it.

What I’ve learned isn’t techniques, but rather breaking down trust components layer by layer and clarifying them—this reduces a lot of noise.