Penalty Adjudication for Cross-chain Transactions (PACT)
Summary
PACTs are a foundational mechanism for high security, low cost, cross-chain transactions.
PACTs are optimized for short- and medium term cross chain state machines with defined value at risk (VaR), while also being excellent for certain longer time state machines (for example non-custodial staking)
PACTs are simultaneously more secure, and more capital efficient than collateralized bridges.
A state machine can be seen as a is a set of steps that must be taken across two or more blockchains such that when they are done, the system reaches a "final" settled state.
Developers code up a specific PACT that Actors enter into. The actors, execute actions according to the rules of the PACT, and then reaches a final state for the PACT.
A PACT is a collateralized mechanism. Capital use is highly efficient, it is only required during the active period of the state machine. Also any number of PACTs with isolated collateral can be active such that each collateral is tailored to the requirements of the PACT.
In order to unlock the capital efficiency of PACTs, there should be an upper limit to the value at risk for the state machine.
- PACTs work for cross-chain transactions on any blockchain, including Bitcoin
- PACTs coordinate behavior for short and medium time state machines
- PACTs are highly capital efficient when value at risk (VaR) is defined
- Any number of PACTs can be active at one time
- PACT collateral is tailored to a use-case
- Adjudication of the PACT is fully consistent and cannot fail due to reorgs or chain failures
- PACTs can be used on a single chain as an alternative to certain smart contracts
- For infinite state machines, PACTs can be combined with other mechanisms :::
Capital use
The capital efficiency of PACTs for short- and medium term cross chain state machines lies in the ability to record when the state machine has finished.
When it is finished, any collateral associated with the PACT is released, reducing the overall bound capital that earns yield.
Even though the capital efficiency of PACT is excellent, for Coinweb native dApps, it is possible to bridge tokens to underlying blockchain networks with no collateral, making the capital efficiency even better.
The reason for this is that a Coinweb native dApp can access state machines evaluated by Coinweb directly and thus know the validity of tokens at the underlying blockchain networks directly.
See multi-chain market asset token for a description of this approach.
Consistent Penalty Adjudication
PACTs can be used by untrusted individuals because the penalty adjudication is consistent. What this means is that what the PACT will observe happening is always what is actually happening, so the adjudication is fair and just.
This is why PACTs can be used both when the actors are individual untrusted persons, but also be used for collateral management for more complex actors that have their own internal security setup, such as multi-sig actors and more.
Common multi-sig bridge designs derive their security from the continued use of the bridge. As long as people trust the bridge, they will use the bridge, fees will accrue, and this gives incentives for the parties to continue being honest.
The problem with this setup is that there are no gentle failures like for a PACT. For example, a multi-sig bridge can have a failure mode where a majority votes on something that is objectively not true. This will typically come in the form of a bridge hack with loss of collateral as a consequence.
In such a bridge failure, the collateral is typically awarded the attacker, with complete loss of confidence in the bridge as a result, while in a PACT the collateral is awarded the wronged party, with little to no loss of conficende in the bridge as a result.
The PACT's consistent penalty adjudication further drives down the collateral requirements and opens up for a actors to compete on quality vs price.
Mechanism
A PACT is an approach for observing state machines operating across multiple block chains. The PACT can be implemented in many ways, but it will include at least one Penalty Adjudicator (PA), and one or more Chain Transaction Sentinels (CTS).
PACTs = (PA)+(CTS)
Chain Transaction Sentinel
The sentinels watch individual blockchain state transitions. They act as independent observers, gathering proof on what is happening on a given blockchain network.
The sentinels are implemented as reactive smart contracts (RCSs) which are long running smart contracts that can block on events happening on a blockchain network.
Coinweb state automatically unwinds and is re-computed in the case where the blockchain network goes through a reorganization. This means that the sentinel will always report the true state of the blockchain network according to its consensus rules.
In a cross-chain PACT, one CTS will observe each blockchain network involved in the PACT. The relevant observations are then sent to the penalty adjudicator for further analysis.
Penalty Adjudicator
The penalty adjudicator has the role of gathering the sentinel data, i.e. proofs of state transitions, and evaluating whether the pact the parties entered into was followed or not.
We can think of the penalty adjudicator as a component that has a valid state machine for the pact, and based on the sentinel data, it matches whether what is actually happening on the blockchain networks, matches valid transitions in this state machine.
If the sentinel data does not match the pact's valid state machine, then it is the job of the penalty adjudicator to assign blame and to release collateral to the wronged party.
External Actors
Neither the PA nor the CTS actively modify the underlying blockchain networks. This is instead done by external actors.
The external actors can be anything from end users doing manual p2p swaps in a dApp, to advanced multi-sig decentralized protocols or bridges.
The external actors enter into the PACTs by issuing transactions that trigger the instantiation or activation of a PACT.
Developers
The developers of a PACT are responsible for defining its cross-chain state machine, setting up the CTS contracts, and the PA.
They should also create a dApp which has a user-interface that can be used by end users, but a PACT system can also have its primary users be other smart contracts in the Coinweb eco-system or smart contracts on participating blockchain networks.
PACT Attacks
Attacking the Required Collateral Calculation
PACT assumes the ability to calculate an upper value of the transaction.
An attack vector is thus to affect systems that use PACT such that they miscalculate the required collateral. This is an attack on the assumption in PACT that you can set an upper value on the transaction.
Note that assessing the value of a transaction is relevant not only for swaps, but also for derivatives. In a perpetual swap for example, you can force liquidations by flash dumps or pumps, and this is why the last executed trade is not used as the reference price, but rather the mark price which has protections against price manipulations. Time-weighted average price (TWAP) can be used and other approaches.
However, notice that PACT does not need to set the value of the transaction per se, it needs to set an upper value on the transaction. Thus, calculating appropriate collateral for a PACT is possible to do securely.
An attacker can try manipulating the collateral requirements for a PACT in two ways: An attacker can try to artificially increase the collateral requirements or try to artificially decrease the collateral requirements.
In the case where the collateral requirements are increased, this means the cost of capital for the holder of the collateral increases which makes the PACT less (capital) efficient, but it does not affect its security.
In the case where the collateral requirements are decreased beyond the value of the asset, it is a breach of the security properties, but because increasing the collateral is safe, protecting against, for example, a flash crash affecting collateral is relatively simple. Instead of using EMA, TWAP, VWAP or similar that follows price, you can use exponentially-weighted moving maximum, or moving maximum with low smoothing factors that follows the upper bound on the price instead.
In addition to tracking the upper bound, an additional level of collateral should always be added on top of any such algorithm to provide adequate compensation to the wronged party.
PACT use-cases
This is an non-exhaustive list of PACT use-cases that utilizes short or medium term state machines.
Use-case | VaR defined | Collateral base |
---|---|---|
Bitcoin cross-chain payment | Yes | Payment value |
Cross-chain Bitcoin inscriptions sale | Yes | Payment value |
Cross-chain NFT sale | Yes | Payment value |
Cross-chain payment | Yes | Payment value |
Token swaps | Yes | Token value |
OTC trading | Yes | Trade value |
Stable token swaps | Yes | Token value |
NFT swaps | Upper bound must be defined | NFT value |
Cross-chain staking | 0 | Can start at 0 |
There is some overlap in the list in order to make certain use-cases clear, especially those that might be surprising to the reader.
Cross-chain swap
A typical use-case showcasing a PACT is a cross-chain swap between independent counterparties, such as swapping 1 BTC for 1 WBTC, 1 BTC for some ETH, or stable tokens between networks.
The state machine for such a swap is that when 1 BTC is transferred to a given address on the Bitcoin network, then within a certain time window, 1 WBTC must be transferred to an address on the Ethereum network.
This swap is ideally implemented using a PACT as it has the following properties:
- The state machine has a defined end state where the swap can be said to have been done or not done.
- It is easy to derive the value at risk for this state machine as the value of the transaction is known. A reasonable collateral could be 2 BTC.
Assuming an 8% interest rate, a swap PACT taking 1 minute to execute, using 2x overcollateralization, will have a lower bound capital cost of ~30 sats, or 2 BTC held for 1 minute, which today is a fraction of a cent.
A simplified PACT between Alice abd Bob for swaps between BTC and WBTC could look like the following. The diagram is simplified.
Cross-chain p2p swap market
A cross-chain p2p swap market for NFTs can operate both with individual end users being responsible for sending their NFTs to the buyer within a time window, or let NFTs be held in custody by a decentralized multi-sig transaction system run by the marketplace.
Both of these can be collateralized by a PACT, making the swaps safe from failures of the multi-sig transaction system or a non-responsive individual. At the same time this allows for different price-points for the swap as the individual option does not need to pay for incentivising honest behavior among the participants in the multi-sig transaction system.