Cross-Chain Settlement Without Bridges
Why cross-chain value transfer does not require cross-chain asset movement. Bilateral netting, off-chain verification, and native chain finality.
§0The Core Finding
Every cross-chain settlement mechanism in production today moves assets between chains. Bridges lock tokens on one chain and mint representations on another. The locked assets sit in a contract, a pool, or a validator set — a persistent custody surface that holds assets between settlements and scales its attack surface with total value locked.
Over $2 billion has been lost to bridge exploits since 2021. This is not a bug count. It is an architectural indictment.
Cross-chain settlement does not require cross-chain asset movement. It requires two parties on different chains with opposing intent, a shared cryptographic commitment, and a verification layer that proves both sides honoured the agreement. Each side settles natively on their own chain. Nothing crosses. Nothing bridges. Nothing is held.
§1The Bridge Assumption
Three models exist for cross-chain movement. All three create a custody surface. The mechanism varies — smart contract, validator set, liquidity pool — but the pattern is identical. Assets leave the user's control and sit in infrastructure that can be exploited.
⨯ PERSISTENT TVL · ⨯ SYSTEMIC FAILURE
⨯ VALIDATOR SET IS TARGET · ⨯ KEY COMPROMISE
⨯ LP POOL IS CUSTODY · ⨯ REBALANCING RISK
✓ NO CUSTODY TRANSFER · ✓ NO PERSISTENT RISK · ✓ BILATERAL ONLY · ✓ STATELESS
| Bridge | Date | Loss | Vector |
|---|---|---|---|
| Poly Network | Aug 2021 | $612M | Access control exploit |
| Wormhole | Feb 2022 | $320–326M | Signature verification bypass |
| Ronin | Mar 2022 | $624M | Validator key compromise |
| Harmony | Jun 2022 | $100M | 2-of-5 multisig compromise |
| BNB Bridge | Oct 2022 | $568M | Proof verifier bug |
| Nomad | Aug 2022 | $190M | Trusted root misconfiguration |
| Multichain | Jul 2023 | ≈$130M | CEO-linked key compromise |
Sources: CertiK [5], Mandiant/Google Cloud [6], incident post-mortems [1–4]. Figures approximate — pricing varies by source.
§2Netting: A Proven Mechanism
Netting is not novel. CLS Bank — designated a systemically important financial market utility by the U.S. Federal Reserve — settles over $7.9 trillion daily in foreign exchange through multilateral netting across 18 currencies. On a single peak day in June 2024, CLS settled $19.1 trillion in payment instructions requiring approximately $72 billion in actual funding. That is a 96%+ netting efficiency, with total funding reduction (including in/out swap mechanisms) reaching 99.6%.
Self-reported data from Everclear (formerly Connext) suggests that over 80% of cross-chain transfer flows have natural counterparts and are nettable. This figure is from sponsored research and has not been independently verified — but the underlying logic is sound. For every user moving assets from Chain A to Chain B, there is often a user seeking the reverse. The question is whether matching infrastructure can capture this symmetry efficiently.
CLS performs netting at the settlement layer — gross obligations are compressed to net obligations. The protocol in this paper does not compress obligations. Both parties escrow the full notional. The "netting" operates at the flow-matching layer: opposing intents are matched so neither party needs bridge infrastructure. This eliminates the bridge, not the gross settlement. The CLS analogy is instructive for the matching principle, but the settlement mechanics differ.
| Property | Bridge | CLS Netting | Bilateral (This Paper) |
|---|---|---|---|
| Movement | Full gross crosses | Net amount only | No movement — native settlement |
| Custody surface | Contract holds TVL | CLS holds during window | Escrow on native chain only |
| Persistent risk | TVL at risk 24/7 | During settlement window | No residual risk after settlement |
| Intermediary | Bridge protocol | CLS (regulated SIFMU) | None — bilateral |
| Efficiency | 0% (gross) | 96–99.6% (reported) | Depends on match availability |
| Failure mode | Systemic (all users) | Systemic (all members) | Bilateral (two parties only) |
| Cold-start | None | Requires member network | Requires counterparty matching |
§3Native Chain Escrow Primitives
Bilateral settlement requires each party to lock assets under conditions that enable atomic release. Several chains provide native or near-native primitives — with important differences.
XLS-85 · Feb 2026 · All issued tokens
✓ SELF-CUSTODY · ✓ NO CONTRACT RISK
✓ WELL-UNDERSTOOD · ✓ MINIMAL CONTRACT RISK
⨯ CONTRACT IS CUSTODY · ⨯ MEV EXPOSURE
Prior to February 2026, XRPL escrow supported only XRP. The XLS-85 amendment, activated February 12, 2026 with 88%+ validator support, extended escrow to all Trustline-based tokens (IOUs) and Multi-Purpose Tokens (MPTs). Stablecoins like RLUSD, tokenized RWAs, and any issued token can now be escrowed natively with PREIMAGE-SHA-256 conditions. Token issuers retain control through issuer-level flags, preserving compliance structures.
This means settlement assets can be escrowed directly — no intermediate AMM conversion, no deploy-side slippage, simpler transaction sequence.
| Property | XRPL | Bitcoin | EVM |
|---|---|---|---|
| Implementation | Native ledger object | Script-level | Deployed contract |
| Custody | Creator retains ownership | Locked in script output | Held by contract address |
| Hash-lock | PREIMAGE-SHA-256 | OP_SHA256 / OP_HASH160 | Solidity function |
| Time-lock | FinishAfter / CancelAfter | CLTV / CSV | block.timestamp |
| Asset support | XRP + all issued tokens | BTC (native) | Any ERC-20 |
| Confirmation | 3–5 seconds | ≈60 min (6 conf) | 12–15 sec (1 conf)* |
| Cost | ≈$0.00001 | $0.50–$5+ | $1–$50+ |
| Contract risk | None | Minimal | Code-dependent |
*Ethereum achieves Casper FFG finality in ≈12.8 min (two epochs), not after a single slot.
§4The Settlement Protocol
This is a direct application of the HTLC-based atomic swap protocol (Nolan 2013, Herlihy 2018). The contribution is not the protocol itself but its framing as settlement infrastructure, the verification layer, and the risk analysis relative to bridges.
Both chains must use the same hash function. If Bitcoin uses OP_HASH160, the escrow must use OP_SHA256 instead to ensure the same preimage satisfies both locks.
s and computes h = SHA-256(s). The hash is shared with Party B. The secret is retained by Party A.h and timeout T₁. Party B creates an escrow on Chain 2 designating Party A, locked with h and T₂ < T₁.s by finishing the escrow on Chain 1. Party B observes s on-chain and uses it to finish the escrow on Chain 2. Both settle natively.s is not revealed before T₂, Party B's escrow refunds. Party A's escrow refunds after T₁. No assets lost. The worst case is a failed settlement, not a loss of funds.The buffer between T₂ and T₁ must account for: (a) time for Party B to observe the preimage reveal on Chain 1, (b) time to construct, sign, and confirm the claim on Chain 2, and (c) a safety margin. For XRPL-to-Bitcoin, the buffer should be 2–4 hours, accounting for Bitcoin's ≈60-minute confirmation time. Formal derivation of minimum safe buffers per chain pair is an open research problem.
Between Lock and Settlement, Party A holds a free American-style option: they can observe market conditions and choose whether to complete or abandon at no cost beyond the time-value of locked capital. Identified by Robinson (2019), analysed by Dziembowski et al. (2018).
Partially mitigated by: shorter timeout windows, non-refundable upfront fees, and reputation consequences visible in the verification layer's settlement history. None fully eliminate the optionality. Implementations must account for this cost when pricing settlements.
Xue and Herlihy (2021): a party may force a timeout — even at the cost of their own locked capital — to prevent the counterparty from profiting. The cost is bounded (time-value of locked capital) but non-zero. Mitigation: shorter timeouts, reputation penalties, credible threat of future non-cooperation. Formal game-theoretic analysis is an area for future work.
§5Threat Model
The protocol guarantees safety (no party loses assets) under any adversary behaviour. It guarantees liveness (settlement completes) only under cooperative behaviour.
Both chains must be live for the duration. If either halts, timeouts may not execute as expected. Shared dependency with bridges and all cross-chain protocols.
Party A's secret s must remain unknown to Party B until revealed on-chain. Compromise before Lock completes would allow premature claim. Standard key management practices apply.
Party B must observe the preimage reveal on Chain 1 in time to claim on Chain 2 before T₂ expires. A sustained DoS on Party B's observation could prevent claiming — resulting in timeout on both sides (no loss, failed settlement).
SHA-256 must be computationally infeasible to invert. A break would undermine this protocol — and also Bitcoin and most existing cryptographic infrastructure.
The protocol tolerates non-cooperative behaviour. Free option and sore loser attacks (§4.4, §4.5) result in timeout and refund, not loss. The adversary model does not assume rationality — it guarantees safety regardless.
§6The Verification Layer
The gap between two independent escrows and a working settlement system is verification. Both parties need assurance that terms were agreed, escrows were created correctly, and the history is auditable. The architecture draws on well-established verifiable data structures, including certificate transparency logs.
The verification layer is operated by settlement participants. If both collude to fabricate records, it cannot prevent this. For critical third-party auditability, an independent observer could provide additional assurance at the cost of introducing a third participant.
§7Stateless vs Permanent Risk
A bridge exists between settlements — holding assets, requiring maintenance, presenting an attack surface continuously. Bilateral settlement is stateless. When it's done, there's nothing left.
These are informal risk characterisations intended to highlight the structural difference: bridge risk is pooled and persistent; bilateral risk is isolated and transient.
§8Fiat Integration
The model extends to fiat — but with significant caveats. The crypto leg uses native escrow. The fiat leg settles through banking rails. The verification layer records both.
The fiat leg introduces a trust assumption the crypto leg does not have. Party A must honestly confirm receipt of the bank transfer before revealing the preimage. If Party A claims non-receipt — truthfully or not — the settlement times out and Party A retains both the escrowed crypto and the fiat payment. This is a fundamental asymmetry: the crypto leg is verifiable on-chain; the fiat leg is not.
Fiat attestation services (bank confirms independently), payment rails with cryptographic receipts, escrow agents for the fiat leg, reputation consequences. None fully resolve the problem. Fiat integration remains an area where the trust model is weaker than pure crypto-to-crypto.
Slower execution (hours to days), reversibility (chargebacks), opacity (not independently verifiable), jurisdictional compliance (KYC, AML). The bilateral model provides a framework where these can be satisfied by each party independently, without a central intermediary processing both sides.
§9Pools of Willingness
Bilateral netting requires counterparties with opposing intent. CLS achieves this within regulated membership — vetted institutions with legal obligations, regulatory oversight from 23 central banks, known identities, deep liquid markets. An open intent pool lacks this scaffolding. The CLS analogy should not imply CLS-scale outcomes transfer to a pseudonymous, volatile-asset environment.
The proposed mechanism is an intent pool: a registry of willingness to settle on a particular chain pair. Not a liquidity pool — no assets deposited, no custody. A registry of: chain pair, direction, notional range, duration, fee tolerance.
Not stars. Not scores. A queryable history: completed settlements, average time to settlement, discrepancy rate, forced timeout frequency. Every data point is verifiable from the Merkle-anchored record. Credit decisions become evidence-based. This does not eliminate counterparty risk, but it makes that risk assessable from auditable data.
Bridges pool liquidity — any user can access the full pool. Bilateral settlement fragments it across individual pairs. In early markets with thin flow, this could make bilateral settlement impractical even when the architecture is sound. Standardised contract sizes or tiered notional ranges could mitigate this, at reduced flexibility.
§10Open Gaps & Opportunities
Every unsolved problem below is also a protocol, a research programme, or a commercial service waiting to be built.
§11Conclusion
Cross-chain settlement does not require cross-chain asset movement. It requires matched intent, native chain escrow, a shared cryptographic commitment, and a verification layer. The netting principle is proven at $7 trillion daily. The escrow primitives exist on multiple chains.
The bridge model persists because it was the first architecture, not because it is the correct one. The bilateral model offers no persistent custody surface, no systemic failure mode, and risk bounded per settlement. These properties are not strictly superior in all dimensions — bilateral matching is harder, the cold-start is real, the free option costs must be priced.
This is a theoretical architecture. No simulation, prototype, or historical flow analysis has been conducted. The claims await empirical validation. The open gaps are the demand signal for a new class of settlement infrastructure. The primitives are ready. What remains is to build, to test, and to measure.
Research conducted and architecture developed by Shane Calder, April 2026. Developed in collaborative reasoning with Anthropic Claude. AI tools were used throughout the research, drafting, and review process. All claims, references, and architectural decisions were verified by the author.
Free to read and share. Not to reproduce without written permission.
© 2026 Shane Calder · 132 Engineering · 132eng.dev