Table of contents

Problem statement

There’s no way to swap between Bitcoin and Ethereum reliably without delegating your funds to a multisig.

Schemes like Ronin, Wormhole, Thorchain et al delegate your funds to a series of validators who own a n/m threshold signature or multi sig across a vault of liquidity pools. This has a number of drawbacks, the obvious ones being:

1. Your funds can be lost in the transition between entering the cross chain protocol and exiting into your wallet on the other side. There is an inherent weakness in models that rely on TSS or multi sigs to transmit funds.
2. Validator operators are essentially colluding to operate an unlicensed exchange. The network is only as resilient as it’s operator distribution. The Nakomoto coefficient of many such chains is either unknown or some n between a small number of founders and early VCs. This is both not decentralised, but also existentially risky as the operation of such exchanges is only a marginal improvement on the CEX. Even assuming all operators are independent parties, they are still liable to follow their local laws according to their own risk appetite. Thus: existential censorship risk.
3. There is a gap in incentives between liquidity providers and node operators. LPs must simply trust that the “Economic incentives” that underpin the multisig/threshold signature are sufficient to keep the validators from rugging. There is almost certainly a time in the network where this will become untrue and these incentives are subject to asset volatility, etc. It is an issue that the liquidity providers do not necessarily themselves own a fragment of the multisig.
4. Multisigs get hacked and LPs get rugged. This is a common failure mode.

Looking at the rekt.news leaderboard, billions of dollars of funds have been lost for LPs due to cross chain bridges and exchanges. Almost all (Ronin, thorchain, wormhole, Harmony) are multisig based bridges with the exception of Nomad who erred by deploying an unaudited upgrade to one of their key contracts. The failure mode for many is with the underlying multisig, where the threshold is too low, a key is leaked or a critical threshold of sigs are compromised.

Relying on the security guarantees of a questionably elected cartel is not a meaningful step up from just using a centralised exchange. It is at best a risky arb around AML/CTF for the operators and at worst a questionably and/or recursively collateralised multisig or just a multisig between friends

Proposed solution

Gauloi is a proposed peer to peer marketplace for cross chain atomic swaps. Using Atomic swaps as a primitive solves a number of the above problems:

1. Liquidity providers themselves are responsible for their own funds. In fact, there is no “liquidity” concept, just a coincidence of wants similar to an orderbook exchange
   1. This could be improved in the future as larger operators or via automating trades, liquidity could be “provided” the same way that liquidity on an exchange is provided or trades are automated
2. There are no intermediaries. Through atomic swaps, you can trade in a trust minimised with your counter party. You have the same security guarantees of the underlying chains you are trading between.
3. Trades are atomic, they are either processed or not. There is no need for complicated refund procedures, slippage, etc. The agreed price is the price.

Here is a basic architecture diagramme of a simple atomic swap between two parties: