Why Economic Security is Irreconcilable with Permissionless Cross-Chain Calls

Every bridge is a price oracle for its own attestations. A permissionless network of relayers creates a coordination game where the cheapest validator set dictates security. This leads to predictable race-to-the-bottom dynamics seen in networks like LayerZero and Axelar.

• Security Cost: Securing $1B in TVL requires $1B+ in slashable stake for byzantine fault tolerance.
• Market Reality: Relay incentives are often <$0.01 per message, making staking irrational.

For a state proof to be trust-minimized, the destination chain must fully verify the source chain's consensus. This requires embedded light clients, which are prohibitively expensive for general-purpose execution (e.g., a ZK-EVM verifying another ZK-EVM). Projects like Succinct and Polygon zkBridge push the envelope but face O(n) gas cost scaling with transaction volume.

• Throughput Limit: ~100-1,000 trust-minimized messages/day per chain pair.
• Latency Penalty: Finality delays from 15 minutes (Ethereum) to hours (ZK-proving).

In a permissionless system, liveness (messages delivered) is measurable and fee-generating; correctness (messages valid) is not. This misalignment guarantees that optimistic or fraud-proof systems (e.g., Nomad, Across) will be exploited. The 7-day challenge period is a market failure—no rational actor monitors for fraud for free.

• Economic Attack Cost: Often <10% of the stolen funds.
• Historical Proof: $200M+ lost in bridge hacks are primarily optimistic design failures.

Chains like Cosmos and Polkadot solve intra-ecosystem security with shared validator sets, but this recreates a permissioned coalition. True permissionlessness requires any chain to connect to any other, which fragments security budgets. The Inter-Blockchain Communication (IBC) protocol is secure because it operates within a curated set of Byzantine Fault Tolerant chains.

• Ecosystem Lock-in: Security is not portable to external chains like Ethereum or Solana.
• Validator Overlap: ~30-50% commonality needed for security, creating centralization pressure.

Solutions like UniswapX, CowSwap, and Across use fillers to solve liveness by making execution permissioned, but they outsource security to economic reputation. This creates a market-maker oligopoly where cross-chain MEV is captured by a few entities. The system is secure only as long as filler collateral exceeds the profit from a malicious fill.

• Capital Efficiency: 10-100x better than staking models.
• Centralization Risk: ~5-10 major fillers control >80% of volume.

The end-state is a two-tiered system: 1) Expensive, slow, trust-minimized bridges for sovereign asset transfers (using ZK or light clients). 2) Cheap, fast, economically secured pathways for general messaging & intents. Protocols will route based on value-at-risk. Chainlink CCIP and LayerZero's Oracle/Relayer split are early examples of this hybrid reality.

• Value Threshold: ~$10k+ for trust-minimized routes.
• Market Share: >90% of volume will flow through economic security layers.

Each chain's canonical bridge is the most secure for its own assets, but creates liquidity silos. This forces users into a fragmented, multi-hop experience.

• Security: Inherits L1's consensus, but only for its own vault.
• Capital: Billions locked in isolated, non-composable pools.
• Flaw: No native path for cross-chain smart contract calls or generalized messages.

Uses a canonical bridge as a settlement layer, with a liquidity pool on the destination chain. Optimizes for capital efficiency and composability.

• Mechanism: Swaps are atomic; liquidity is rebalanced via arbitrage.
• Capital: ~$1B TVL networks achieve high utilization.
• Flaw: Security is bounded by the underlying canonical bridges. A bridge hack compromises the entire liquidity network.

Introduces a third-party attestation layer of oracles and relayers to pass generalized messages. Maximizes for generalizability and developer experience.

• Mechanism: Independent oracle/relayer sets attest to events; security is probabilistic.
• Scale: Supports any payload, enabling full smart contract composability.
• Flaw: Economic security is not native. It's an off-chain social consensus backed by slashing stakes, which can be corrupted or circumvented.

The cryptographic ideal: verify the source chain's state directly on the destination chain via light client proofs. Theoretically achieves full trustlessness and generalizability.

• Mechanism: Zero-knowledge proofs (ZK-SNARKs) verify consensus headers.
• Security: Inherits cryptographic guarantees of the source chain.
• Flaw: Prohibitively expensive for high-throughput chains. Ethereum → Gnosis proof costs ~$100+ in gas, making it capital-inefficient for small transactions.

Enforces shared security and standardized communication protocols. Chains must conform to a specific consensus and client architecture.

• Mechanism: Light clients are cheap because chains share similar BFT consensus.
• Security: Native and constant, with ~$2B+ in staked economic security.
• Flaw: Not permissionless. Requires chain sovereignty to be subjugated to the hub's governance and technical standards. A walled garden.

Acknowledges the trilemma and routes around it. Users declare a desired outcome (intent); a network of solvers competes to fulfill it using the best available infrastructure.

• Mechanism: Solvers can use any bridge (Liquidity Network, Verifier, Native) in combination.
• Optimization: Achieves best execution by dynamically selecting the securest/cheapest path.
• Flaw: Does not solve base-layer security; merely abstracts the complexity and risk to a competing solver market, which can centralize.

UniswapX and CowSwap solve for permissionless routing by making the user the lynchpin of security. The protocol doesn't guarantee execution; it facilitates intent matching.

• User assumes slippage and MEV risk via signed orders.
• Fillers compete on a permissionless network, creating a market for execution.
• No protocol-level economic security is required, enabling true permissionless entry for solvers.

LayerZero, Wormhole, and Axelar provide a universal messaging layer by concentrating security in a small, permissioned set of off-chain verifiers (Oracles/Relayers).

• Security is not permissionless; it's delegated to known entities with bonded stakes.
• Economic security scales with the verifier set's stake, not the chain's validators.
• You trade decentralization for liveness, creating a trusted bridge-like security model wrapped in a permissionless UI.

EigenLayer and Babylon attempt to reconcile the dilemma by re-hypothecating the economic security of Ethereum (or Bitcoin) to secure other systems, like cross-chain bridges.

• Security is borrowed, not native, creating systemic risk contagion.
• Slashing must be objectively verifiable, limiting use-cases to simple consensus faults.
• You are betting on a single, massive security pool, creating a potential single point of failure for the entire ecosystem.

StarkEx's L2-to-L1 validity-proof bridge and dYdX's migration show the nuclear option: avoid asynchronous cross-chain calls entirely. Force all critical state transitions to settle on a single security base (Ethereum).

• Cross-chain is a UX illusion; finality is always on the settlement layer.
• Composability is limited to the L2/L3 silo, sacrificing interoperability for security.
• The solution is to not have the problem, making it the only model with L1-grade security guarantees.