Cross-chain bridges constitute the single largest vector of systemic risk in Decentralized Finance (DeFi), accounting for over \$2.8 billion in losses since 2021. The fundamental vulnerability lies in the binary nature of existing bridge security models: a bridge is either fully operational or catastrophically compromised, with no intermediate state to contain partial failures. We present ASAS-BridgeAMM, a bridge-coupled automated market maker that introduces Contained Degradation: a formally specified operational state where the system gracefully degrades functionality in response to adversarial signals. By treating cross-chain message latency as a quantifiable execution risk, the protocol dynamically adjusts collateral haircuts, slippage bounds, and withdrawal limits. Across 18 months of historical replay on Ethereum and two auxiliary chains, ASAS-BridgeAMM reduces worst-case bridge-induced insolvency by 73% relative to baseline mint-and-burn architectures, while preserving 104.5% of transaction volume during stress periods. In rigorous adversarial simulations involving delayed finality, oracle manipulation, and liquidity griefing, the protocol maintains solvency with probability $>0.9999$ and bounds per-epoch bad debt to $<0.2%$ of total collateral. We provide a reference implementation in Solidity and formally prove safety (bounded debt), liveness (settlement completion), and manipulation resistance under a Byzantine relayer model.
翻译:跨链桥构成了去中心化金融(DeFi)中系统性风险的最大单一载体,自2021年以来已造成超过28亿美元的损失。其根本性脆弱点在于现有桥安全模型的二元性质:桥要么完全正常运行,要么灾难性地被攻破,缺乏能够隔离局部故障的中间状态。本文提出ASAS-BridgeAMM,一种与桥耦合的自动做市商,它引入了“受控降级”——一种形式化规范的操作状态,系统可根据对抗性信号优雅地降级功能。该协议将跨链消息延迟视为可量化的执行风险,从而动态调整抵押品折减率、滑点边界和提款限额。在以太坊及两条辅助链上进行的18个月历史数据回放测试中,相较于基础的铸币-销毁架构,ASAS-BridgeAMM将最坏情况下由桥引发的资不抵债风险降低了73%,同时在压力时期保留了104.5%的交易量。在涉及延迟最终性、预言机操纵和流动性干扰的严格对抗性模拟中,该协议保持偿付能力的概率大于$0.9999$,并将每周期坏账限制在总抵押品的$<0.2%$以内。我们提供了Solidity语言的参考实现,并在拜占庭中继者模型下形式化证明了其安全性(债务有界)、活性(结算完成)以及抗操纵性。