Skip to main content
Bolt is built with security-first principles. Archway deployments are protected by multiple independent security layers that work together to prevent exploitation, mitigate market volatility, and ensure transaction finality.
Bolt is in Alpha. Liquidity provision is currently permissioned. Do not provide liquidity through unauthorized channels.

Security Architecture

Bolt’s security model comprises four core protective layers:
1

Oracle Validation

The Price Oracle is the primary trust boundary. Oracle prices are validated for freshness, with expiration windows preventing the use of stale data. Prices older than configured thresholds are rejected, defending against delayed-price attack vectors.
2

Deviation Limits

Deviation limits act as circuit breakers during extreme volatility. When market prices move beyond configured thresholds relative to the oracle feed, swap execution is halted. This protects the execution layer from pricing anomalies and cascading liquidations.
3

Swap Minimums

Minimum swap values mitigate DDoS-style attacks and economic inefficiencies. Transactions below the minimum threshold are rejected, preventing spam attacks that would drain liquidity provider reserves through repeated tiny swaps.
4

Adaptive Velocity Oracle (AVO)

The AVO ensures prices reflect best-available market rates by ingesting real-time order books from multiple centralized exchanges, applying an adaptive velocity model to predict where price is heading, and sizing spreads using Avellaneda-Stoikov market-making theory. The on-chain price cannot deviate meaningfully from real-time market consensus, and every fill is scored for flow toxicity.

Security Layers

Contract-level protections embedded in the Bolt Outpost and Pool contracts.

Access Control

Outpost functions enforce role-based access control. Only authorized signers can execute administrative functions like emergency pauses or parameter updates. Pool operations are restricted to the Outpost to prevent direct manipulation.

Reentrancy Protection

CosmWasm message execution prevents cross-contract reentrancy by default through its actor model. Bolt contracts maintain additional state guards to detect and reject recursive calls.

Integer Overflow Protection

Rust’s type system and overflow-checking arithmetic prevent integer overflow vulnerabilities. All arithmetic operations use checked methods that fail safely on overflow.

Input Validation

All external inputs are validated on contract entry. Asset denominations, amounts, and addresses are checked against whitelist and range constraints before processing.

Adaptive Velocity Oracle (AVO) Verification

The AVO provides verifiable proof that the oracle delivered the most efficient prices available at execution time. The AVO pipeline includes: multi-venue composite pricing (depth-weighted mid-prices across Gate.io, Binance, OKX, Bybit, Crypto.com), adaptive velocity prediction (6-step EMA model), Avellaneda-Stoikov reservation pricing adjusted by net inventory, optimal spread sizing adapted to volatility regime, and per-tick clamping to a maximum 0.7% deviation. Every fill is scored for flow toxicity within 100 to 500ms, informed flow is hedged aggressively via taker orders, and circuit breakers halt quoting if price jumps exceed 1.5%, fewer than 2 venues are live, or the hedge-venue basis exceeds 5x.

Additional Security Resources

Bolt’s Archway deployment is undergoing rigorous security audits from leading blockchain security firms. Audits cover contract logic, oracle integration, access control, and economic security.Audits are currently in progress and will be published as they complete. For audit status updates and preliminary reports, contact the Bolt team directly.
Bolt will launch a comprehensive bug bounty program in the coming weeks. The program will reward responsible disclosure of security vulnerabilities across all layers: smart contracts, oracle systems, and operational infrastructure.Program details including scope, reward tiers, and submission process will be published shortly. Subscribe to Bolt announcements to be notified when the program launches.
Bolt is implemented in multiple languages optimized for each deployment target:
  • CosmWasm Rust: Archway deployments use Rust compiled to WebAssembly. Rust’s type system provides compile-time guarantees against memory safety vulnerabilities. CosmWasm’s runtime adds additional sandboxing.
  • Move: Sui deployments use the Move language, which provides linear type guarantees and prevents use-after-free bugs at the language level.
All implementations follow identical security principles and threat models, with language-specific optimizations for each blockchain.

Contract Math

Understand pricing algorithms and slippage calculations

Pool State Indexing

Index and monitor real-time pool state for analysis