Chialisp Guide Pt 16: Bridging Assets with CAT Gateways

Cross-chain bridges unlock new possibilities for blockchain networks, but building secure bridges requires careful design. In Chialisp, CAT gateways provide a powerful framework for bridging assets between Chia and other blockchains while maintaining security through cryptographic verification.

This guide explores how Chialisp bridging assets with CAT gateways works, the role of TAIL programs in controlling token issuance, and real-world implementations like Warp.green’s USDC bridge that safely move value between chains.

Understanding CATs and Their Role in Bridging

Chia Asset Tokens (CATs) are fungible tokens on the Chia blockchain that follow a standardized format.² Unlike tokens on Ethereum that exist as balances in a central contract, CATs are individual coins in Chia’s UTXO-like coin set model.⁶ Each CAT coin carries its own state and can be spent independently, similar to how physical cash works.

This design makes CATs particularly well-suited for bridging. When you bridge assets to Chia, you create CAT coins that represent the locked assets on the source chain. When bridging away from Chia, you destroy (melt) those CAT coins to unlock the original assets. The security of this process relies on TAIL programs that strictly control when CATs can be created or destroyed.

The CAT2 Standard and Bridge Security

The current CAT2 standard emerged after security auditors at Trail of Bits discovered a vulnerability in the original CAT1 standard.¹ The vulnerability involved lineage validation—attackers could potentially exploit how CATs tracked their creation history to generate extra CAT value from nothing. This would be catastrophic for bridges, as attackers could mint bridged tokens without locking any real assets on the source chain.

Chia upgraded to CAT2 in July 2022 at block height 2,311,760, implementing stronger validation logic that prevents these lineage attacks.¹ This upgrade demonstrates why security audits and continuous improvement are essential for bridge infrastructure. While cross-chain bridges have been targeted in major exploits totaling over $2.8 billion since 2022 across the broader blockchain ecosystem,¹⁵ proper security measures including validator decentralization, comprehensive audits, and careful TAIL program design can create bridges that safely move value.

TAIL Programs: The Heart of CAT Gateways

TAIL (Token and Asset Issuance Limitations) programs are custom Chialisp code that defines the rules for a specific CAT.^2,6 Think of the TAIL as the “smart contract” for that token—it enforces when CATs can be minted or melted and under what conditions.

For bridging, the TAIL program is crucial because it prevents unauthorized token creation. A bridge TAIL typically requires cryptographic proof that real assets were locked on the foreign chain before allowing new CATs to be minted on Chia. Similarly, it requires proof that CATs were destroyed on Chia before authorizing asset unlocks on the foreign chain.

How Bridge TAILs Verify Cross-Chain Messages

A bridge TAIL receives messages from validators who monitor both chains.^5,12 These messages contain information like “User X locked 100 USDC on Ethereum at transaction hash 0xabc…” The TAIL verifies several critical properties:

Signature Verification: The TAIL checks that the message is signed by enough validators. For example, Warp.green operates with 11 validators requiring a 7-of-11 supermajority to approve transactions.¹⁴ This decentralized validator set includes established teams from the Chia ecosystem such as Spacescan, TibetSwap, and MIDL.DEV, ensuring no single party can authorize fraudulent mints.

Replay Protection: Each message includes a unique nonce that can only be used once.^6,10 Without this, an attacker could capture a legitimate “mint 100 tokens” message and replay it multiple times to create tokens from nothing.

Chain Verification: Messages specify which blockchain they came from using chain identifiers.^6,10 This prevents an attacker from taking a message meant for one chain and replaying it on another.

Amount Matching: The TAIL verifies that the number of CATs being minted exactly matches the amount locked on the source chain, preventing inflation attacks.⁶

Building a Basic Bridge TAIL

Let’s walk through the key components of a simplified bridge TAIL. While production bridges like Warp.green use more sophisticated implementations, this example illustrates the core concepts.

Message Structure and Validation

Cross-chain messages for bridges typically include these fields:

• Source chain identifier (e.g., “ethereum-mainnet”)
• Transaction hash proving the lock/unlock on the source chain
• Recipient address on the destination chain
• Amount of assets being transferred
• Unique nonce to prevent replay attacks
• Timestamp to prevent stale messages
• Validator signatures proving consensus

The TAIL program processes these messages and verifies each component before allowing any CAT minting or melting. In Chialisp, you implement this verification through puzzle assertions that must all pass for the transaction to be valid.

Validator Signature Aggregation

Rather than checking each validator signature individually, efficient bridge TAILs use BLS signature aggregation.⁶ BLS signatures can be combined into a single aggregate signature that proves multiple validators signed the same message. This saves blockchain space and makes verification faster.

Your TAIL maintains a list of authorized validator public keys. When receiving a mint request, it verifies that the aggregate signature corresponds to at least the minimum required number of validators (threshold signature). For the Warp.green bridge, this threshold is 7 out of 11 validators, providing strong security through decentralization while maintaining operational efficiency.¹⁴

The Lock-Mint-Burn-Unlock Cycle

Bridge operations follow a predictable pattern that your TAIL must enforce at each step.

Locking Assets on the Source Chain

When a user wants to bridge assets to Chia, they send tokens to a smart contract on the source chain (like Ethereum).^4,5 This contract locks the assets and emits an event containing all the transfer details. The contract must be non-upgradable or use secure upgrade patterns to prevent the bridge operator from stealing locked funds.^9,10

Minting CATs on Chia

Validators monitor the source chain for lock events.^5,12 When bridging from Base (an Ethereum Layer 2) to Chia, validators wait for 64 Base confirmation slots—approximately 13 minutes—to ensure the transaction won’t be reversed in a chain reorganization.^12,14 After sufficient confirmations, validators create signed messages authorizing CAT creation on Chia.

The bridge TAIL receives these validator messages and checks all signatures and message fields. If everything validates correctly, it allows new CAT coins to be created for the recipient’s Chia address.⁶ The minted CATs are cryptographically linked to the TAIL program, ensuring they follow all bridge rules for their entire lifetime.

Burning CATs to Bridge Back

To move assets from Chia back to the source chain, users destroy their CAT coins.^3,6 The TAIL program verifies that the burn is legitimate and creates a message that validators can use to authorize unlocking assets on the source chain. When bridging from Chia to other chains, validators wait for 32 Chia block confirmations—about 10 minutes—before processing the unlock.¹⁴ The entire bridging process takes 10-15 minutes depending on direction, though initial setup may take longer for new users.^5,12

This burn-then-unlock pattern ensures that CATs can never exist on Chia while the corresponding assets are also unlocked on the foreign chain. At every moment, the total supply of CATs should exactly equal the amount of assets locked in the bridge contract.

Security Considerations for Bridge TAILs

Building a secure bridge requires defending against numerous attack vectors. Here are the critical security considerations.

Validator Compromise and Decentralization

If an attacker compromises enough validators, they can create fraudulent mint messages and steal all bridge funds.^9,10 This is why validator decentralization is crucial. Using a large, geographically distributed set of validators with diverse infrastructure makes compromise much harder.

The Warp.green bridge underwent comprehensive security audits to address these risks. Hacken awarded a perfect 10/10 security score in May 2024 for the Ethereum-side smart contracts, while Chia Network Inc. engineers reviewed the Chialisp implementations.^14,16 These professional audits help identify potential vulnerabilities before they can be exploited in production.

Your TAIL should also implement emergency pause functionality that validators can trigger if they detect suspicious activity.^9,10 This gives time to investigate potential attacks before significant funds are lost.

Time-Based Attacks and Confirmation Depth

Blockchain reorganizations can invalidate transactions that initially appeared confirmed. If your bridge mints CATs based on a transaction that later gets reorged out of the chain, those CATs have no backing and represent stolen value.^9,10

The solution is requiring sufficient confirmation depth before acting on cross-chain messages. Ethereum’s finality happens after about 64 slots (~13 minutes), while Chia’s consensus makes reorgs very unlikely after 32 blocks (~10 minutes).^12,14 Your TAIL should reject messages about recent transactions and only accept events that have sufficient confirmations.

Message Expiration and Staleness

Old messages can be dangerous. If a validator signature from months ago leaks, an attacker might try to use it to mint tokens. Your TAIL should include timestamp checks that reject messages older than a reasonable window (e.g., 24 hours).^6,10

Additionally, each message should include a unique nonce that gets recorded when used. Before minting CATs, the TAIL checks that this nonce hasn’t been seen before. This prevents replay attacks even if an attacker obtains valid signatures.

Advanced Bridge Patterns and Architectures

Beyond basic lock-and-mint bridges, several advanced patterns offer different tradeoffs.

Liquidity Pool Bridges

Instead of locking assets, liquidity pool bridges use funds deposited by liquidity providers. When you want to bridge, you swap with the pool on each side. This can be faster since you don’t need to wait for cross-chain messages, but requires significant liquidity to handle large transfers.

Atomic Cross-Chain Swaps

Protocols like SATP (Secure Asset Transfer Protocol) enable atomic swaps where both chains either complete the transfer or both fail. This prevents situations where assets get locked on one side but fail to mint on the other. However, atomic protocols are more complex and may have higher latency.

Intent-Based Bridging

Newer bridges let users express their intent to move assets without specifying how it happens. Solvers compete to fulfill these intents using the most efficient path. This abstraction makes bridging simpler for users while allowing sophisticated routing behind the scenes.

Case Study: Bridging USDC from Base to Chia

Warp.green’s USDC bridge demonstrates real-world CAT gateway implementation.^5,12 When bridging USDC from Base (an Ethereum Layer 2) to Chia, users send USDC to a Base smart contract that locks the funds.^4,5 The contract emits an event with transfer details.

Warp.green’s 11 validators monitor Base for these events, with a 7-of-11 supermajority required to approve transactions.^5,12,14 After 64 Base confirmation slots (about 13 minutes), they create signed messages authorizing CAT minting on Chia.^12,14 The TAIL program verifies these signatures and creates wrapped USDC CATs for the user’s Chia address. The bridge charges a 0.3% fee for protocol usage, plus small network tolls (0.001 XCH or 0.00001 ETH depending on originating chain) to prevent spam.^5,17

The entire process completes in about 10-15 minutes including confirmation times, making it practical for users while maintaining security through sufficient confirmation depth.^12,14 Since launching on mainnet in May 2024, Warp.green has successfully processed thousands of transactions, demonstrating the viability of properly implemented CAT gateways.¹⁴

Conclusion: Building Secure CAT Gateways

CAT gateways unlock Chia’s potential by connecting it to the broader blockchain ecosystem.^3,5 By using TAIL programs to strictly control when CATs can be minted or melted, you create bridges that are both flexible and secure.^2,6

The key to successful bridge building is understanding that security comes from multiple layers.^9,10 Your TAIL enforces issuance rules, validators provide decentralized authority, and proper message verification prevents replay attacks.^6,10 When combined with lessons from CAT2’s security improvements and real-world implementations like Warp.green, you can build bridges that safely move value between chains.^1,3,5

Start by studying existing bridges and their TAIL implementations.^3,4,6 Build small test bridges on testnet before launching on mainnet. Invest in professional security audits like Warp.green’s Hacken review and monitor your bridge continuously after launch.^9,10,14 With careful design and constant vigilance, your CAT gateway can become trusted infrastructure that expands what’s possible in the Chia ecosystem.

Chialisp Bridging Assets With CAT Gateways FAQs

What is a CAT gateway in Chialisp?

A CAT gateway is a Chialisp-based bridge system that enables asset transfers between Chia and other blockchains by using TAIL programs to control when CATs can be minted or melted based on validator-verified messages proving assets were locked or unlocked on the foreign chain.^2,3,6

How do TAIL programs prevent unauthorized CAT minting in bridges?

TAIL programs prevent unauthorized CAT minting by requiring cryptographic proofs like validator signatures before allowing any supply changes, verifying that real assets were locked on the source chain, and including replay protection through unique nonces and chain identifiers that can only be used once.^6,7,10

Why did Chia upgrade from CAT1 to CAT2 for bridge security?

Chia upgraded from CAT1 to CAT2 after security auditors discovered a vulnerability that could let attackers exploit lineage validation to generate extra CAT value, potentially stealing funds from bridges and offers, prompting the development of CAT2 with stronger validation logic to prevent these attacks.¹

What makes Chialisp bridging assets with CAT gateways safer than other bridge designs?

Chialisp bridging with CAT gateways is safer because CATs are self-contained coins where you control your own assets rather than a central contract holding everyone’s balance, the TAIL enforces strict issuance rules through cryptographic proofs, and the upgraded CAT2 standard prevents lineage attacks that threaten other token systems.^1,2,6

How long does it take to bridge assets using CAT gateways?

Bridging assets using CAT gateways typically takes 10-15 minutes total, including about 13 minutes waiting for Base/Ethereum confirmation (64 slots) when bridging to Chia, or about 10 minutes waiting for Chia confirmation (32 blocks) when bridging from Chia to other chains, though initial setup may take longer for new users.^12,14

Chialisp Bridging Assets With CAT Gateways Citations

1. Chia Network. (2022). “Upgrading the CAT Standard.” Retrieved from https://www.chia.net/2022/07/25/upgrading-the-cat-standard/
2. Chia Network. (2021). “The CAT’s Out Of The Bag: Chia Releases the CAT1 Standard.” Retrieved from https://www.chia.net/2021/11/15/the-cats-out-of-the-bag-chia-releases-the-cat1-standard/
3. Warp.green Documentation. “CAT Bridge.” Retrieved from https://docs.warp.green/developers/cat-bridge
4. Warp.green Documentation. “ERC-20 Bridge.” Retrieved from https://docs.warp.green/developers/erc-20-bridge
5. Chia Network Documentation. “XCH Bridge Guide.” Retrieved from https://docs.chia.net/bridge-guide/
6. Chialisp Documentation. “CATs.” Retrieved from https://chialisp.com/cats/
7. Chia Network Documentation. “CAT Creation Tutorial.” Retrieved from https://docs.chia.net/guides/cat-creation-tutorial/
8. Chainlink Labs. (2024). “7 Cross-Chain Bridge Vulnerabilities Explained.” Retrieved from https://chain.link/education-hub/cross-chain-bridge-vulnerabilities
9. Hacken. “Cross-Chain Bridge Security.” Retrieved from https://hacken.io/discover/cross-chain-bridge-security/
10. Binance Academy. (2023). “What Are Common Bridge Security Vulnerabilities?” Retrieved from https://academy.binance.com/en/articles/what-are-common-bridge-security-vulnerabilities
11. Webisoft. (2025). “Blockchain Bridge Security: Risks, Hacks, and How to Protect.” Retrieved from https://webisoft.com/articles/blockchain-bridge-security/
12. XCH.today. (2024). “warp.green Updates: Bridge Sneak Peek and Developer Docs.” Retrieved from https://xch.today/2024/05/10/warp-green-updates-bridge-sneak-peek-and-developer-docs/
13. Hacken. (2024). “Warp.green Smart Contract Security Audit.” Retrieved from https://hacken.io/audits/warp-green/
14. XCH.today. (2024). “warp.green Launches Ethereum Bridge.” Retrieved from https://xch.today/2024/05/22/warp-green-launches-ethereum-bridge/
15. Officer’s Notes. (2025). “How Cross-Chain Bridges are Hacked?” Retrieved from https://officercia.medium.com/how-cross-chain-bridges-are-hacked-d6ddb448401e
16. ArXiv. (2025). “SoK: A Review of Cross-Chain Bridge Hacks in 2023.” Retrieved from https://arxiv.org/html/2501.03423v1
17. Warp.green Documentation. “FAQ.” Retrieved from https://docs.warp.green