You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLA+ specifications that formally verify and compare market mechanisms — CLOBs, batch auctions, AMMs, and privacy-preserving dark pools — across correctness, fairness, MEV resistance, and decentralizability.
An impossibility triangle between fairness, liquidity, and immediacy — no mechanism can provide all three
Batch auctions are safe to decentralize (OrderingIndependence); CLOBs are not (TLC counterexample: same orders → different trades at different nodes)
Sandwich attacks, front-running (ordering), and latency arbitrage are structurally impossible in batch auctions — formally verified, not just claimed; ZKDarkPool extends this to information-based front-running via sealed bids
Privacy (sealed bids + order destruction) is a mechanism design tool for MEV elimination, proven equivalent to batch clearing via refinement mapping
Asset-type privacy (ShieldedDEX) adds a 4th dimension to the impossibility triangle — privacy vs price discovery — but does NOT fix the original three-way tradeoff
AMMs provide always-available liquidity but are vulnerable to sandwich attacks, wash trading, and impermanent loss — all with TLC counterexamples
ShieldedDEX is the only mechanism to resist all 6 attack categories (6/6) — combining the strongest privacy with the least vulnerable clearing mechanism
ShieldedAtomicSwap enables fully P2P cross-chain settlement with unlinkability — observer cannot connect the two legs of a swap (no coordinator, no mempool, no hash linkage)