Table of Contents
Fetching ...

ASAS-BridgeAMM: Trust-Minimized Cross-Chain Bridge AMM with Failure Containment

Shengwei You, Aditya Joshi, Andrey Kuehlkamp, Jarek Nabrzyski

TL;DR

ASAS-BridgeAMM introduces Contained Degradation, a risk-aware bridge mechanism that treats cross-chain message latency as an operational signal. By coupling a Latency-aware AMM with a three-state governance model (Normal, Restricted, Halted), it bounds potential losses, preserves liquidity, and delivers strong liveness guarantees even under Byzantine relayer conditions. The approach is formally specified, with proofs of Safety (bounded debt), Liveness (settlement completion), and Manipulation Resistance, and is validated through 18 months of historical replay and 100,000 Monte Carlo simulations, achieving a solvency probability above $0.9999$ and a per-epoch bad debt cap below $0.2\%$. Empirically, ASAS reduces worst-case insolvency by $73\%$ while attaining $104.5\%$ of baseline volume during stress, underscoring that graduated, risk-aware security can be both safer and economically viable for cross-chain liquidity.

Abstract

Cross-chain bridges constitute the single largest vector of systemic risk in Decentralized Finance (DeFi), accounting for over \$2.8 billion in losses since 2021. The fundamental vulnerability lies in the binary nature of existing bridge security models: a bridge is either fully operational or catastrophically compromised, with no intermediate state to contain partial failures. We present ASAS-BridgeAMM, a bridge-coupled automated market maker that introduces Contained Degradation: a formally specified operational state where the system gracefully degrades functionality in response to adversarial signals. By treating cross-chain message latency as a quantifiable execution risk, the protocol dynamically adjusts collateral haircuts, slippage bounds, and withdrawal limits. Across 18 months of historical replay on Ethereum and two auxiliary chains, ASAS-BridgeAMM reduces worst-case bridge-induced insolvency by 73% relative to baseline mint-and-burn architectures, while preserving 104.5% of transaction volume during stress periods. In rigorous adversarial simulations involving delayed finality, oracle manipulation, and liquidity griefing, the protocol maintains solvency with probability $>0.9999$ and bounds per-epoch bad debt to $<0.2%$ of total collateral. We provide a reference implementation in Solidity and formally prove safety (bounded debt), liveness (settlement completion), and manipulation resistance under a Byzantine relayer model.

ASAS-BridgeAMM: Trust-Minimized Cross-Chain Bridge AMM with Failure Containment

TL;DR

ASAS-BridgeAMM introduces Contained Degradation, a risk-aware bridge mechanism that treats cross-chain message latency as an operational signal. By coupling a Latency-aware AMM with a three-state governance model (Normal, Restricted, Halted), it bounds potential losses, preserves liquidity, and delivers strong liveness guarantees even under Byzantine relayer conditions. The approach is formally specified, with proofs of Safety (bounded debt), Liveness (settlement completion), and Manipulation Resistance, and is validated through 18 months of historical replay and 100,000 Monte Carlo simulations, achieving a solvency probability above and a per-epoch bad debt cap below . Empirically, ASAS reduces worst-case insolvency by while attaining of baseline volume during stress, underscoring that graduated, risk-aware security can be both safer and economically viable for cross-chain liquidity.

Abstract

Cross-chain bridges constitute the single largest vector of systemic risk in Decentralized Finance (DeFi), accounting for over \>0.9999<0.2%$ of total collateral. We provide a reference implementation in Solidity and formally prove safety (bounded debt), liveness (settlement completion), and manipulation resistance under a Byzantine relayer model.
Paper Structure (45 sections, 3 theorems, 19 equations, 5 figures, 7 tables)

This paper contains 45 sections, 3 theorems, 19 equations, 5 figures, 7 tables.

Key Result

Theorem 1

Under the Contained Degradation Invariant, the maximum bad debt incurred by the protocol in any single settlement epoch is upper-bounded by $h_{\max} \cdot C_{total}$.

Figures (5)

  • Figure 1: ASAS-BridgeAMM architecture showing the relationship between latency and dynamic haircut adjustments. The latency signal $\tau$ flows from source to destination, triggering graduated protective responses: haircuts scale linearly from $h_{min}=0.3\%$ at zero latency to $h_{max}=5\%$ at $\tau_{max}=30$ minutes.
  • Figure 2: Health index timeline over 547 days. ASAS (blue) maintains health above the critical threshold (dashed line) through automated circuit breaker interventions during stress periods. Circuit breaker triggers are shown in the middle panel.
  • Figure 3: Cumulative distribution of per-epoch bad debt from 100,000 Monte Carlo iterations. The 99th percentile (0.189%) remains below the 0.2% threshold, validating the bounded loss property.
  • Figure 4: Volume retention during stress periods. ASAS maintains 104.5% of baseline volume due to the "flight to safety" effect: LP confidence in the floor mechanism keeps liquidity sticky during volatility.
  • Figure 5: Attack vector validation results. Of 10 tested scenarios, 8 triggered protection (circuit breaker or slippage revert), while 2 succeeded with maintained solvency.

Theorems & Definitions (7)

  • Definition 1: Byzantine Relayer
  • Theorem 1: Bounded Bad Debt
  • Theorem 2: Settlement Liveness
  • Theorem 3: Manipulation Resistance
  • proof
  • proof
  • proof