ArchitectureSecurity
Bridge and Cross-Chain Security
DALP's position on bridge architecture, cross-chain settlement, external liquidity networks, and the security ownership model for EVM-only multi-chain deployments.
DALP is an EVM-only digital asset lifecycle platform. It can operate on multiple configured EVM networks, but it does not provide a proprietary bridge, validator set, message relay, or liquidity network.
Use this page when assessing whether a DALP deployment introduces bridge risk, who owns that risk, and which cross-chain pattern fits a regulated asset workflow.
Position
| Area | DALP position |
|---|---|
| Bridge operation | DALP does not provide a proprietary bridge protocol, bridge validator set, or lock-and-mint network. |
| Network support | DALP works with EVM-compatible networks configured for the deployment. Each network has its own chain ID, RPC configuration, contract addresses, and indexing state. |
| Cross-chain settlement | DALP can coordinate XvP settlement workflows that use hashlock coordination. Local legs execute on the current chain; external legs are coordinated, not bridged. |
| Route selection | The issuer, operator, or integrating party chooses the bridge, native network path, exchange route, or redemption path under its risk policy. |
| External-chain risk | DALP can make the split explicit and enforce local asset controls. It cannot make an external bridge, relay, exchange, or chain safe. |
What DALP provides
DALP provides the asset lifecycle, compliance, custody-routing, transaction execution, and indexing layers for configured EVM networks.
For cross-chain scenarios, DALP can provide:
- Network configuration for each enabled EVM chain: chain ID, RPC endpoints, contract addresses, finality settings, and monitoring context.
- Per-chain asset controls through SMART Protocol contracts, identity-based compliance, role-based administration, and custody-provider signing policy.
- XvP settlement coordination for workflows that need local atomic execution and optional hashlock coordination with external-chain legs.
- Operational visibility into DALP managed transactions, chain indexing, transaction status, and configured network health.
- API and event surfaces that external systems can use for reconciliation, redemption, distribution, and operator review.
What DALP does not provide
DALP does not provide:
- A proprietary bridge protocol.
- A bridge validator, sequencer, oracle, or message-relay network.
- A lock-and-mint contract set that mints wrapped assets on another chain.
- A liquidity network, market maker, exchange, or routing service.
- A guarantee that an external chain, bridge, exchange, custodian, or liquidity venue will execute correctly.
- Legal, insolvency, reserve, or redemption guarantees for assets moved or represented outside the DALP-controlled contracts.
These exclusions are intentional. Bridge security depends on the selected network, bridge design, validator set, message verification model, admin controls, liquidity venue, and operating process. Those decisions belong in the deployment's risk assessment.
Pattern selection
| Pattern | When it fits | What DALP covers | What stays outside DALP |
|---|---|---|---|
| Single-chain issuance and transfer | Asset issuance, servicing, and holder transfers stay on one configured EVM network. | Token lifecycle, compliance checks, custody-routed signing, indexing, and transaction status. | Chain consensus, RPC provider behaviour, and custody-provider control-plane decisions. |
| Native network bridge | The selected L1 or L2 provides an official deposit, withdrawal, or canonical bridge path. | The DALP-side token, compliance, and transaction workflow on the configured network. | Native bridge contracts, proof system, challenge period, sequencer behaviour, and withdrawal finality. |
| Third-party bridge | An external bridge or liquidity network moves value or messages between chains. | DALP integration points, local asset controls, and reconciliation data for the DALP managed network. | Bridge validator set, relayers, message verification, liquidity depth, routing, fees, and incident response. |
| Wrapped asset model | A representation of an asset exists on another chain through lock-and-mint or custodial issuance. | The original DALP managed asset lifecycle when the source asset is inside DALP. | Wrapper contract security, mint/burn authority, reserves, redemption process, and destination-chain controls. |
| Exchange or distribution route | An exchange, broker, custodian, or treasury process distributes exposure outside the DALP workflow. | Asset records, holder events, transaction records, and API data needed for reconciliation. | Exchange custody, off-chain matching, settlement timing, fees, liquidity, sanctions screening, and disputes. |
| XvP hashlock coordination | Two or more parties need coordinated exchange across local and external-chain legs. | Local settlement contract, local approvals, local atomic execution, hashlock reveal gate. | Matching external HTLC or settlement workflow, external token movement, timelock design, and chain finality. |
| Redemption path | A holder exits on one chain and receives value through off-chain payment, reserve release, or reissue. | DALP-side burn, transfer, role, compliance, and event records when configured in the asset workflow. | Payment rail, reserve account, off-chain ledger, external issuance, operational approvals, and legal process. |
Cross-chain settlement split
XvP settlement can coordinate cross-chain workflows without turning separate chains into one transaction.
Rendering diagram...
The local DALP settlement can require approvals, enforce local token transfers atomically, and wait for the correct hashlock secret. It does not execute the external leg. The party operating the external leg must lock, release, bridge, redeem, or distribute value through the selected external process.
Who owns what
| Control or decision | DALP platform | Issuer or operator | Bridge or external network | Custody provider | Notes |
|---|---|---|---|---|---|
| EVM network enablement | Accountable | Consulted | Responsible for chain | Consulted | DALP needs chain ID, RPC, contracts, and finality configuration for each enabled network. |
| Asset compliance configuration | Accountable | Accountable | Not involved | Consulted | Compliance rules apply to DALP managed token contracts on the configured network. |
| Bridge or liquidity provider selection | Not provided | Accountable | Accountable | Consulted | Selection must be governed by the deployment's risk policy and approval process. |
| Bridge validator or relay security | Not owned | Accountable | Accountable | Not involved | DALP cannot attest to a third-party validator set, multisig, oracle, or relay network. |
| Wrapped asset mint, burn, and reserve model | Not owned | Accountable | Accountable | Consulted | Wrapper authority and reserve controls must be reviewed outside the DALP token contract. |
| Local XvP settlement execution | Accountable | Accountable | Not involved | Responsible | DALP executes local flows atomically after local approvals and hashlock conditions are met. |
| External-chain HTLC or settlement execution | Not owned | Accountable | Accountable | Consulted | External contracts, timelocks, and finality rules are selected and operated outside DALP. |
| Redemption and off-chain payment | Integration | Accountable | Optional | Optional | DALP can expose records and workflow actions; the payment or reserve process is external. |
| Incident response for bridge failure | Supports data | Accountable | Accountable | Consulted | DALP can help isolate DALP-side activity, but bridge remediation belongs to the bridge path. |
Risk register
| Risk | Why it matters | What DALP covers | Required operating control |
|---|---|---|---|
| Validator or bridge quorum compromise | A compromised bridge signer or validator set can release assets or messages incorrectly. | DALP does not run the bridge quorum. Local DALP contracts still enforce their own roles and rules. | Review validator model, quorum design, upgrade authority, insurance position, and emergency controls. |
| Trusted-root or admin compromise | A bridge admin, proxy owner, or trusted root can change verification logic or recovery authority. | DALP owns DALP contract roles; external admin keys stay outside DALP. | Require admin-key inventory, multisig or custody policy, change control, and recovery procedure. |
| Oracle or message-relay failure | Cross-chain messages can be delayed, censored, replayed, or falsely accepted by an external protocol. | DALP does not verify external bridge messages unless a selected integration is built for that path. | Define message finality, replay protection, failure handling, and manual halt criteria. |
| Liquidity shortfall or routing failure | Liquidity networks and exchanges can fail to fill, delay settlement, or route through unexpected paths. | DALP records DALP-side asset events; external liquidity execution is outside the platform. | Approve liquidity venues, limits, slippage policy, reconciliation cadence, and exception handling. |
| Wrapped asset reserve mismatch | A wrapped token can diverge from backing reserves or redemption capacity. | DALP does not guarantee the backing of third-party wrapped assets. | Reconcile mint, burn, reserve, and redemption records; assign reserve attestation ownership. |
| Replay or reorg risk | Chains differ in finality and can reorganize blocks or replay transactions across domains. | DALP uses configured finality and transaction tracking for each EVM network it operates. | Set confirmation depth, finality tags, chain-specific replay controls, and operational wait periods. |
| Timelock mismatch in HTLC workflows | Incorrect expiry ordering can let one side claim while the other side times out. | DALP enforces the local settlement expiration; external timelocks are outside the local contract. | Design staggered timelocks, pre-approve cutoffs, and rehearse expiry handling before production settlement. |
| Operational monitoring gap | Operators can miss bridge pauses, chain stalls, stuck withdrawals, or delayed external finality. | DALP monitors configured network and DALP transaction state, not every external bridge condition. | Monitor bridge status, chain health, liquidity venue status, custody approvals, and reconciliation breaks. |
Review checklist
Before a deployment depends on a bridge, external liquidity network, wrapped asset, or redemption path, confirm:
- The deployment remains on a DALP-supported EVM network.
- The selected external route has an accountable owner, risk approval, and incident-response path.
- DALP managed token contracts and external representations have separate role, upgrade, and reserve reviews.
- Finality, confirmation depth, withdrawal timing, and replay protection are documented for every chain involved.
- XvP or HTLC workflows have staggered timelocks and tested secret-reveal procedures.
- Reconciliation can connect DALP events, bridge events, custody approvals, and off-chain payment or reserve records.
- The operating model states which party can pause, unwind, redeem, or escalate when the external path fails.
Where to go next
- Supported networks for EVM network configuration and finality settings
- XvP settlement for local settlement contracts, hashlocks, roles, and failure modes
- XvP settlement flow for the step-by-step local and external-leg coordination flow
- Custody providers for signing controls and custody-provider policy ownership
- Operational integration patterns for reconciliation, event, ledger, and self-hosted operations
Wallet Verification
Wallet verification gates blockchain write operations as a second security layer beyond session authentication, using PIN, TOTP, or backup-code checks.
Overview
Architecture-level operational posture for the DALP platform covering observability infrastructure, database architecture, and failure mode analysis for enterprise deployments.