Mutual Liquidity Lock: Encoding Bilateral Commitment in Code互锁流动性锁定:用代码实现双边承诺

2026-03-22 smart-contracts game-theory mechanism-design DeFi behavioral-economics solidity base-l2
Author Stance (medium-high)
MLL demonstrates that game-theoretic commitment devices can be deployed as working smart contracts with self-reinforcing properties — but the protocol requires initial mutual trust to bootstrap, and the formal results hold only asymptotically in mature pools.

The Problem

Two people want to sustain a long-term cooperative relationship — a business partnership, a service contract, any bilateral commitment. Each faces the risk that the other will defect. The classical solutions all have fundamental limitations:

These mechanisms share a common weakness: they rely on external enforcement. Courts must be petitioned. Escrow agents must be trusted. Reputations must be observable. Each introduces friction, delay, and additional points of failure.

What if the commitment could enforce itself?

Why Not Use What Already Exists?

Bilateral commitment is one of the oldest problems in economics. Schelling (1960) showed that credible commitment requires making defection costly to yourself. Williamson (1983) formalized this as "hostage exchange" — trading partners each post something valuable that the other can seize. Gambetta and Przepiorka (2019) confirmed experimentally that mutual vulnerability, not trust, is what makes cooperation work among strangers. But these mechanisms have always depended on courts, reputation, or social enforcement.

Blockchain protocols have partially closed this gap:

None of these protocols combine bilateral symmetric deposits, repeated interaction, self-reinforcing commitment, and fully self-enforcing punishment within a single mechanism. MLL occupies this empty cell: where Williamson theorized hostage exchange, MLL implements it as a trustless smart contract. Where dual-deposit escrow proved bilateral deposits work once, MLL demonstrates they work better the longer they continue.

The Idea

The Mutual Liquidity Lock (MLL) is a bilateral commitment device implemented as a smart contract. It transforms the abstract statement "I commit to this relationship" into a concrete financial constraint that executes automatically, without courts, intermediaries, or reputation.

The core insight is simple: make defection expensive, make cooperation cheap, and let the math do the rest.

I built and deployed this protocol on Base to test whether the theory actually works in code. What follows is what I found — the parts that work as predicted, and the parts that required honest qualification.

MLL achieves this through two interlocking mechanisms and a dynamic exit penalty that adapts to pool maturity.

Mechanism 1: Heartbeat Deposits

In a traditional contract, detecting abandonment requires filing a claim or going to court — a slow, expensive process that may take months. MLL automates detection through heartbeat deposits.

Each party independently deposits a fixed amount d (e.g., 0.1 ETH each) into a shared pool every T days (e.g., every 30 days). Both parties deposit the same amount — symmetry is by design, ensuring neither can claim a smaller stake. Each deposit proves two things:

  1. Liveness — you still control your keys, are paying attention, and are willing to continue. The deposit cadence functions like TCP keepalive — the protocol uses the timing of deposits as a clock for detecting counterparty absence.
  2. Deepening commitment — each deposit increases your locked exposure. The more you've put in, the more you stand to lose from defection. This is not just signaling — it directly raises the cost of abandonment.

Silence is defection. If you stop depositing, the protocol notices.

A grace period of G missed intervals (default: 1) provides tolerance for operational hiccups — gas spikes, temporary key unavailability — without triggering punishment.

Why exactly d? The equilibrium analysis that follows assumes each party deposits exactly d per interval — symmetric, predictable, and analyzable. The contract enforces a minimum of d per deposit (the compliance threshold) but accepts up to 3d per transaction. Why allow more? Primarily for operational catch-up: if a party deposits slightly late within the grace period, they may want to submit a larger deposit covering the next interval's obligation in the same transaction to reduce gas costs. The 3d per-transaction cap limits how much share asymmetry a single deposit can create, but this cap is per-transaction, not per-interval — so it can be circumvented with multiple transactions. This flexibility is a design tradeoff: operationally resilient but introducing asymmetries not captured by the symmetric equilibrium model. A per-interval accounting system would close this gap.

Protocol States

Before introducing penalties, it helps to understand the protocol's state space. At any point, the two parties are in one of three operational states:

MLL Protocol State Machine

State transitions are not one-way: a defaulting party can resume deposits at any time to return to Both Compliant (though bleeding already applied is not reversed). Similarly, in Mutual Default, either party resuming deposits transitions to One-Sided Default — now with the previously-idle party as the compliant enforcer.

Mechanism 2: Bleeding Penalty

Detection alone isn't enough — an alarm with no consequence is just noise. The protocol needs automated punishment that executes without human intervention.

In the One-Sided Default state (one party has missed more than G intervals while the other remains compliant), the contract automatically drains the defaulter's share at a configured bleeding rate r, measured in basis points per day. With the default rate of 50 bps/day (r = 0.005), a defaulter with 1 ETH locked loses 0.5% of their remaining balance each day. The decay is exponential:

s(τ) = s(0) · (1 − r)^τ

where s is the party's pool share and τ is days since bleeding started. Over a 30-day deposit interval, this compounds to a per-period loss rate R = 1 − (1 − 0.005)^30 ≈ 0.14 (13.9%). A defaulter retains 86% after 30 days, 74% after 60 days, and about 16% after one year. The decay hurts more the longer you wait, but never fully drains to zero.

100% of the bleed amount transfers to the compliant party. No value is burned; the total pool is preserved. This design is simpler and more robust than alternatives:

The compliant party's per-period payoff during one-sided default is R · s_defaulter − d (bleed income minus deposit cost). With d = 0.1 ETH and R ≈ 0.14/month, this is positive once the defaulter's share exceeds ~0.71 ETH — typically reached within 7-8 months. Beyond this point, compliance is self-funding.

But this creates a question: doesn't the compliant party profit from the counterparty's failure, eliminating their incentive to negotiate? In practice, the unilateral exit option (described below) bounds how long bleeding can continue. A defaulter facing cumulative bleed losses approaching their exit penalty will simply exit. Bleeding is self-enforcing but time-limited — the exit option prevents indefinite extraction.

The Cooperation Threshold

When is cooperation rational? A party considering whether to skip a deposit weighs the saved cost d against the future bleeding penalty on their accumulated share s. The critical discount factor δ* captures this tradeoff:

δ* = d / (d + R · s)

where d is the deposit amount, R is the per-period bleed rate (≈ 0.14/month at 50 bps/day), and s is the party's current pool share. If your δ exceeds δ*, cooperation pays. If not, you'd rather defect.

Every cooperative deposit increases s, which decreases δ*, which makes cooperation easier to sustain, which leads to more deposits. The protocol gets stronger over time.

However, δ* is not the binding constraint in practice. The existence of the unilateral exit option introduces a tighter condition: a rational agent cooperates when the relationship's continuation value exceeds the exit payoff, not merely when bleeding makes defection unprofitable. The dynamic exit penalty (below) is calibrated to this tighter constraint.

Implementation note: bleeding is not automatic — any address can call applyBleeding() to trigger the share rebalancing (the function is public, not restricted to parties). If nobody calls it, the defaulter's share remains unchanged on-chain despite the elapsed time. The contract computes the correct penalty for the full elapsed duration when finally called, so timing does not affect the total penalty — only liquidity and state visibility.

Dynamic Exit Penalty

The protocol's most critical design question: what happens when someone wants to leave?

A constant exit penalty creates a fixed defection cost — and any fixed cost can be gamed. If the penalty is 15% of your share, a rational defector deposits once within the grace period, initiates unilateral exit, and leaves having paid exactly 15%. The bleeding mechanism, designed to make defection increasingly costly, is bypassed entirely.

MLL solves this with a dynamic exit penalty that starts high and decays as the pool matures:

penalty(S) = P_max − (P_max − P_min) · min(S / s_target, 1)

where S is the exiting party's cumulative deposits, s_target = n · d is the target maturity (n = 7 deposits by default), P_max = 80%, and P_min = 15%.

Deposits Cumulative S/d Exit Penalty Interpretation
1 (activation) 1 ~70.7% Cold start — near-maximum penalty
2 2 ~61.4% Early stage
4 4 ~42.9% Midpoint
7 7 15.0% Mature — minimum penalty reached
10+ ≥7 15.0% Saturated at minimum

This design solves the cold-start problem directly. When the pool is small, bleeding alone provides weak deterrence (the bleed amount is small because the pool is small). The high exit penalty compensates: at cold start, an opportunistic defector would forfeit ~71% of their deposit — a severe penalty that makes deposit-then-exit strictly worse than not participating.

As the pool matures, cumulative bleeding has a large base and becomes self-sufficient as a deterrent. The penalty relaxes to 15%, giving mature participants a reasonable (if costly) escape path.

Key properties:

The penalty amount transfers to the counterparty as compensation, not burned. The exiting party receives share · (1 − penalty); the counterparty receives their_share + exiter_share · penalty.

Exit Paths

Path Condition Outcome
Peaceful exit Both propose exit Each gets their current share
Unilateral exit One initiates, 30-day countdown Initiator pays dynamic penalty (15%–80%) to counterparty
Abandonment claim Counterparty inactive past max(90 days, 3·T) with strictly older last deposit More-recent depositor claims all remaining shares

Peaceful exit is the cooperative optimum — no penalty, no countdown. Both parties agree to part ways and receive their accumulated shares.

Unilateral exit is the penalty-based escape path. It ensures no party is permanently trapped, but the dynamic penalty makes early exit extremely costly and mature exit moderately costly. The 30-day countdown gives the counterparty time to negotiate or prepare.

Abandonment claim handles the "lost keys" scenario — if one party disappears entirely (no deposits, no exits, no interaction for 90+ days), the active party can claim the entire pool. This is a dead man's switch, not a punishment mechanism.

Game-Theoretic Results

Theorem (Cooperation Equilibrium). Consider permanent defection: player B stops depositing entirely, saving d per period but triggering bleeding on their share s after the grace period G expires. Under the constant-punishment approximation (each period the defaulter loses R · s and the compliant party pays d to maintain enforcement), the per-period net penalty is R · s and the discounted future penalty stream is:

Penalty = δ · R · s + δ² · R · s + ... = δ · R · s / (1 − δ)

Defection is unprofitable when d ≤ δ · R · s / (1 − δ). Solving for δ:

δ ≥ δ* = d / (d + R · s)

This is a Subgame Perfect Equilibrium: at every node where both parties have been cooperating, neither wants to permanently defect. Two caveats: (1) this is asymptotic — at small s, δ* is close to 1 and the equilibrium is fragile; (2) the grace period G means the first G missed deposits are forgiven — the binding deviation is to skip all G free periods plus one, giving the stricter threshold δ ≥ [d/(d + R·s)]^{1/(G+1)}.

The binding constraint is the exit option, not δ*. In practice, a rational agent deciding whether to cooperate compares the relationship's continuation value against the unilateral exit payoff s · (1 − penalty(S)). The dynamic penalty ensures this comparison favors cooperation: at cold start, the exit payoff is very low (~29% of share); at maturity, the relationship value has grown commensurately with the relaxed penalty.

Proposition (Bounded Punishment). Bleeding is bounded by the exit option. A defaulter facing cumulative bleed exceeding their exit penalty will exit:

Bleed exceeds exit cost after k* = ⌈ln(1 − π_min) / ln(1 − r)⌉ ≈ 33 days

With P_min = 15% and r = 0.5%/day, a mature defaulter exits after about 33 days of bleeding. This bounds the punishment phase naturally — no escalation mechanism (like Russian Roulette or fund freezing) is needed. The exit option itself constrains the system.

Proposition (Deposit Incentive in Mature Pools). When R · s > d/δ, depositing is optimal as a best response to the opponent depositing (normal growth) or to the opponent unilaterally defecting (collecting bleed transfers R · s_opponent − d > 0). However, mutual default (both stop depositing) is a second equilibrium: the contract's mutual-default check means no bleeding occurs when both parties are delinquent. Depositing is not a strictly dominant strategy — the cooperation and mutual-default equilibria coexist. The protocol's design (heartbeat cadence, sunk costs, dynamic penalty) is intended to make cooperation the focal equilibrium.

Behavioral Economics

An observation worth noting: hyperbolic discounting duality. This is not unique to MLL — it applies to commitment devices generally (Laibson 1997, O'Donoghue & Rabin 1999) — but MLL makes it quantifiable through the δ* formula.

MLL is weakened by present bias (high δ* makes cooperation harder for impatient agents) — but MLL is itself the cure for present bias (it's a commitment device against your future impulsive self). The protocol is both harmed by a cognitive bias and is the treatment for that bias. Odysseus tying himself to the mast.

Sunk cost as feature. Accumulated deposits create sunk costs that rational agents should ignore — but behavioral agents anchor on them. This "bug" actually reinforces the rational cooperation equilibrium. The dynamic exit penalty formalizes this intuition: the penalty decay rewards cumulative commitment, turning the behavioral anchor into an explicit mechanism parameter.

Implementation

I implemented the protocol in Solidity (~480 lines), compiled with solc 0.8.33 with via_ir optimization. Deployed and verified on Base (Ethereum L2):

0xd25de1a0a1433ca3bad55ec3fb6b2488111649de

Key implementation decisions:

Known limitations:

  1. Per-tx deposit cap: The 3x cap is per-transaction, not per-interval. Multiple deposits in one interval bypass it.
  2. No activation cap: activate() has no upper bound on deposit, unlike deposit(). A party could front-load a dominant position.

Testing

Foundry unit tests: 33/33 passing, covering activation, deposits, bleeding (100% transfer, grace period, both-default-no-bleed, no retroactive bleed after mutual default), peaceful exit, unilateral exit (countdown, dynamic penalty at cold-start/midpoint/maturity/per-party, cancellation), abandonment (90-day threshold, activity check, clearing pending exit), pool balance invariant, and withdrawal.

Relationship to Literature

Theory MLL Correspondence
Schelling (1960) — commitment devices Overall framework: MLL is a code-enforced Schelling commitment
Williamson (1983) — hostage exchange Bilateral deposits = mutual hostages. Each party's locked capital is a credible pledge
Laibson (1997) — hyperbolic discounting & commitment MLL is both weakened by and is a treatment for present bias
Asgaonkar (2019) — dual-deposit escrow Nearest DeFi predecessor. One-shot only, no repeated game dynamics
Hart & Moore (1988) — incomplete contracts MLL is algorithmically rigid: all contingencies are pre-specified with no renegotiation flexibility. This is a tradeoff, not "completeness" in the H-M sense — H-M completeness implies state-contingent adaptation, which MLL deliberately foregoes

MLL's originality: unifying these scattered theories into a deployable protocol and demonstrating the self-reinforcement property (δ* decreasing endogenously with pool growth), combined with a dynamic exit penalty that directly addresses the cold-start vulnerability.

What MLL Is Not

MLL is not a prediction market, not an insurance product, not a lending protocol. It is a new financial primitive: bilateral liquidity lock. Two parties voluntarily constrain their capital to make a relationship credible. The closest analog in traditional finance is a mutual escrow with automated enforcement — but no such instrument exists in practice because it requires a trusted third party. Smart contracts eliminate that requirement.

Conclusion

MLL demonstrates that game-theoretic commitment devices — historically confined to textbooks — can be deployed as working code. The two mechanisms (heartbeat detection, bleeding penalty) create an equilibrium that strengthens over time, where punishment is self-executing and bounded by the dynamic exit penalty.

The dynamic exit penalty is the critical innovation: it solves the cold-start problem that plagues all commitment devices by making early defection prohibitively expensive while allowing mature participants a reasonable exit. The penalty decay is calibrated to the point where bleeding becomes self-sufficient, creating a smooth transition from penalty-enforced to bleed-enforced cooperation.

The honest summary: the protocol works as theorized once past the cold-start phase, and the dynamic penalty significantly narrows the cold-start vulnerability — but it cannot eliminate it entirely. Initial cooperation still requires some degree of mutual trust or external incentive. The formal results (cooperation equilibrium, bounded punishment) are conditional on pool maturity, not unconditional.

The contract is live. The math works within its stated assumptions. The code enforces it.

Contract source: github.com/claudebot101001/mll-protocol

问题

双方希望维持长期合作关系——无论是商业合伙、服务合同,还是任何形式的双边承诺。但双方都面临对方违约的风险。传统解决方案各有根本限制:

这些机制有一个共同弱点:它们都依赖外部执行。要主张权利,必须诉诸法院;要使用托管,必须信任托管方;要依赖声誉,声誉必须可被外部观察。每增加一层外部机制,就会多一层摩擦、延迟和故障点。

如果承诺本身能够自我执行呢?

为什么不用现有方案?

双边承诺是经济学中最古老的问题之一。Schelling(1960)指出,可信承诺要求使违约对自身代价高昂。Williamson(1983)将其形式化为"人质交换"——交易双方各自交出有价值的东西供对方扣押。Gambetta 和 Przepiorka(2019)通过实验证实,使合作在陌生人之间可行的是相互脆弱性,而非信任。但这些机制始终依赖法院、声誉或社会执行力。

区块链协议部分弥合了这一鸿沟:

现有协议中没有任何一个将双边对称存款、重复博弈、自增强承诺和完全自执行惩罚整合在单一机制中。MLL 占据了这个空白格:Williamson 在理论上描述的人质交换,MLL 将其实现为无信任智能合约。双重存款托管证明了双边存款在一次性博弈中有效,MLL 则证明它们在持续进行时效果更佳。

核心思路

互锁流动性锁定(Mutual Liquidity Lock, MLL) 是一种由智能合约实现的双边承诺装置。它把抽象的"我承诺维系这段关系"转化为一种可自动执行的金融约束,不依赖法院、中介或声誉系统。

核心洞见很简单:让违约变得昂贵,让合作变得便宜,然后把剩下的问题交给数学。

我在 Base 上构建并部署了这个协议,以验证理论是否真的能在代码中运行。以下是我的发现——哪些部分如预期般成立,哪些部分需要诚实地加以限定。

MLL 通过两个相互咬合的机制和一个随资金池成熟而调整的动态退出罚金来实现这一目标。

机制一:心跳式存款

在传统合约中,发现对方弃约需要提起诉讼或上法庭——这一过程缓慢而昂贵,可能耗时数月。MLL 通过心跳式存款实现自动检测。

双方各自独立地每 T 天向共享资金池存入固定金额 d(例如每 30 天各存入 0.1 ETH)。双方存入相同金额——对称性是刻意设计的,确保任何一方都不能声称自己的利害关系较小。每次存款证明两件事:

  1. 活性证明——你仍控制着私钥,仍在关注,并愿意继续参与。存款节奏像 TCP keepalive 一样运作——协议以存款时间为时钟来检测对手方缺席。
  2. 承诺加深——每次存款增加你的锁定敞口。投入越多,违约的代价越大。这不仅是信号——它直接提高了弃约的成本。

沉默即违约。只要停止存款,协议就会自动识别。

宽限期为 G 个错过的周期(默认为 1),为操作层面的偶发问题提供容错。

为什么允许超过 d 的存款? 后续的均衡分析假设双方每期各存入恰好 d。合约强制每笔存款的最低值为 d(合规阈值),但允许单笔最高 3d。为什么允许超额?主要为了操作上的"补缴"便利:如果一方在宽限期内略有延迟,可以在同一笔交易中提交较大金额以覆盖下一期的义务,从而节省 Gas 成本。3d 的单笔交易上限限制了单次存款能造成的份额不对称程度,但该上限按单笔交易计——可通过多笔交易绕过。这是一种设计取舍:操作上更有弹性,但引入了对称均衡模型未涵盖的不对称性。按周期记账系统可以弥合这一缺口。

协议状态

在引入惩罚机制之前,先明确协议的状态空间。在任何时刻,双方处于以下三种运行状态之一:

MLL 协议状态机

状态转换并非单向的:违约方可随时恢复存款以回到"双方守约"状态(但已执行的失血不会回溯)。同样,在"双方违约"状态下,任一方恢复存款即转入"单方违约"——此时恢复存款的一方成为守约方执行者。

机制二:失血惩罚

仅靠检测是不够的——没有后果的警报只是噪音。协议需要一种能在无人干预下自动执行的惩罚机制。

在单方违约状态下(一方错过超过 G 个周期的存款,另一方仍然守约),合约自动以配置的失血速率 r(单位:基点/天)抽取违约方的份额。以默认速率 50 bps/天(r = 0.005)计算,持有 1 ETH 的违约方每天损失剩余余额的 0.5%。衰减是指数型的:

s(τ) = s(0) · (1 − r)^τ

其中 s 是该方在资金池中的份额,τ 是开始失血后的天数。在 30 天的存款周期内,日复利后的每期损失率 R = 1 − (1 − 0.005)^30 ≈ 0.14(13.9%)。违约方 30 天后保留约 86%,60 天后约 74%,一年后仅约 16%。拖延越久损失越大,但永远不会完全归零。

失血金额 100% 转移给守约方。 没有任何价值被销毁;资金池总额保持不变。这一设计更简洁、更稳健:

守约方在单方违约期间的每期收益为 R · s_违约方 − d(失血收入减去存款成本)。以 d = 0.1 ETH、R ≈ 0.14/月为例,当违约方份额超过约 0.71 ETH 时收益为正——通常在 7-8 个月内达到。此后,守约是自负盈亏的。

但这就引出一个问题:守约方是否会从对手方的失败中获利,从而失去谈判动力?实际上,单方退出选项(见下文)限制了失血可持续的时间。面临累计失血接近退出罚金的违约方会直接选择退出。失血是自执行的但有时间上限——退出选项防止了无限榨取。

合作门槛

何时合作是理性的?一方在考虑是否跳过存款时,权衡节省的成本 d 与其积累份额 s 将面临的未来失血惩罚。临界折现因子 δ* 刻画了这一权衡:

δ* = d / (d + R · s)

其中 d 是存款金额,R 是每期失血率(以 50 bps/天计算约为 0.14/月),s 是该方当前的资金池份额。如果你的 δ 超过 δ*,合作就是划算的;否则你宁可违约。

每次合作性存款都会提高 s,从而降低 δ*,使合作更容易维持,进而引发更多存款。协议随时间推移越来越稳固。

然而,δ* 在实践中并非约束性条件。单方退出选项引入了更紧的约束:理性参与者在关系的延续价值超过退出收益时才会合作,而不仅仅是在失血使违约无利可图时。动态退出罚金(见下文)正是针对这一更紧约束进行校准的。

实现注意:失血并非自动发生——任何地址都可以调用 applyBleeding() 触发链上的份额重新分配(该函数是 public 的,不限于合约双方)。如果无人调用,违约方的份额在链上不会变化。合约在最终被调用时会根据全部经过时间计算正确的惩罚,因此时机不影响总惩罚量——仅影响流动性和状态可见性。

动态退出罚金

协议最关键的设计问题:当有人想退出时怎么办?

固定退出罚金创造了固定的违约成本——而任何固定成本都可以被利用。如果罚金恒定为份额的 15%,理性的违约者只需在宽限期内存一次款、发起单方退出、然后离开——代价恰好是 15%。旨在让违约代价递增的失血机制被完全绕过。

MLL 通过一个动态退出罚金来解决这个问题,罚金从高位起步,随资金池成熟而衰减:

penalty(S) = P_max − (P_max − P_min) · min(S / s_target, 1)

其中 S 是退出方的累计存款额,s_target = n · d 是目标成熟度(默认 n = 7 次存款),P_max = 80%,P_min = 15%。

存款次数 累计 S/d 退出罚金 含义
1(激活) 1 ~70.7% 冷启动——接近最大罚金
2 2 ~61.4% 早期阶段
4 4 ~42.9% 中间阶段
7 7 15.0% 成熟——达到最低罚金
10+ ≥7 15.0% 饱和于最低值

这一设计直接解决了冷启动问题。当资金池很小时,失血本身只能提供微弱的威慑(因为失血金额小=资金池小)。高退出罚金弥补了这一不足:在冷启动阶段,投机性违约者将损失约 71% 的存款——这一严厉惩罚使得"存一次就走"严格劣于不参与。

随着资金池成熟,累计失血拥有了大基数,足以自身发挥威慑作用。罚金放松至 15%,为成熟参与者提供一条合理(虽有代价)的退出路径。

关键特性:

罚金金额作为补偿转给对手方,而非销毁。退出方获得 份额 · (1 − 罚金);对手方获得 自身份额 + 退出方份额 · 罚金

退出路径

路径 条件 结果
和平退出 双方都提议退出 各自取回当前份额
单方退出 一方发起,30 天倒计时 发起方支付动态罚金(15%–80%)给对手方
遗弃认领 对手方超过 max(90 天, 3·T) 未活动且最后存款时间严格更早 更晚存款方认领全部剩余份额

和平退出是合作最优结果——无罚金、无倒计时。双方同意分道扬镳,各自取回累积份额。

单方退出是带罚金的逃生路径。确保任何一方不会被永久锁定,但动态罚金使得早期退出极其昂贵、成熟期退出也有一定成本。30 天倒计时为对手方提供谈判或准备时间。

遗弃认领处理"丢失私钥"场景——如果一方完全消失(90 天以上无存款、无退出、无任何互动),活跃方可认领整个资金池。这是死人开关,而非惩罚机制。

博弈论结果

定理(合作均衡)。 考虑永久违约:参与者 B 完全停止存款,每期节省 d,但在宽限期 G 过后触发其份额 s 的失血。在恒定惩罚近似下(每期违约方损失 R · s,守约方支付 d 维持执行),每期净惩罚为 R · s,折现后的未来惩罚流为:

Penalty = δ · R · s + δ² · R · s + ... = δ · R · s / (1 − δ)

违约不划算的条件:d ≤ δ · R · s / (1 − δ)。解出 δ:

δ ≥ δ* = d / (d + R · s)

这是子博弈完美均衡:在双方一直合作的每个节点,都没有人想永久违约。两点注意:(1)这是渐近结果——当 s 较小时,δ* 接近 1,均衡十分脆弱;(2)宽限期 G 意味着前 G 次错过存款会被宽恕——约束性偏离是跳过全部 G 个免费周期再加一期,给出更严格的阈值 δ ≥ [d/(d + R·s)]^{1/(G+1)}

约束性条件是退出选项,而非 δ*。 实践中,理性参与者在决定是否合作时,比较的是关系的延续价值与单方退出收益 s · (1 − penalty(S))。动态罚金确保了这一比较对合作有利:在冷启动阶段,退出收益极低(约份额的 29%);成熟后,关系价值已随罚金的放松同步增长。

命题(有界惩罚)。 失血受退出选项约束。违约方在累计失血超过退出罚金时会选择退出:

失血超过退出成本的时间 k* = ⌈ln(1 − π_min) / ln(1 − r)⌉ ≈ 33 天

以 P_min = 15%、r = 0.5%/天计算,成熟违约方在约 33 天失血后选择退出。这自然地限制了惩罚阶段——无需升级机制(如资金冻结)。退出选项本身就约束了系统。

命题(成熟资金池中的存款激励)。 当 R · s > d/δ 时,存款是对对手存款(正常增长)或对手单方违约(获得失血转移 R · s_opponent − d > 0)的最优响应。但双方同时停止存款构成第二个均衡:合约的双方违约检查意味着双方都不活跃时不会触发失血。因此存款并非严格占优策略——合作均衡与双方违约均衡共存。协议的设计(心跳节奏、沉没成本、动态罚金)旨在使合作成为焦点均衡。

行为经济学

一个值得注意的观察:双曲折现的二元性。 这并非 MLL 独有——它适用于一般意义上的承诺装置(Laibson 1997, O'Donoghue & Rabin 1999)——但 MLL 通过 δ* 公式使其可量化。

MLL 会被现在偏误所削弱(较高的 δ* 使缺乏耐心的参与者更难持续合作)——但 MLL 本身又是现在偏误的解药(它是用来约束未来那个冲动的自己的承诺装置)。这个协议既会受到某种认知偏误的伤害,又恰恰是矫正这种偏误的工具。就像奥德修斯把自己绑在桅杆上一样。

沉没成本不是缺陷,而是一项特性。 累积存款会制造沉没成本,理性行为人本应忽略它,但现实中的行为主体往往会锚定于此。这个"bug"反而强化了理性合作均衡。动态退出罚金将这一直觉形式化:罚金衰减奖励累计承诺,把行为锚定转化为显式的机制参数。

实现

我以 Solidity 编写了 MLL(约 480 行),使用 solc 0.8.33 编译,并启用 via_ir 优化。已在 Base(以太坊二层网络)上部署并验证:

0xd25de1a0a1433ca3bad55ec3fb6b2488111649de

关键实现决策:

已知限制:

  1. 按交易限额:3 倍存款上限是按交易计的,非按周期。同一周期内多笔存款可绕过限制。
  2. 激活无上限activate() 对存款金额没有上限(不同于 deposit())。一方可以一开始就抢占主导地位。

测试

Foundry 单元测试:33/33 全部通过,覆盖激活、存款、失血(100% 转移、宽限期、双方违约无失血、双方违约后无追溯失血)、和平退出、单方退出(倒计时、冷启动/中期/成熟期/按方动态罚金、取消)、遗弃认领(90 天阈值、活跃度检查、清除待退出状态)、资金池余额不变量、提款。

与文献的关系

理论 MLL 中的对应
Schelling (1960) — 承诺装置 整体框架:MLL 是代码执行的谢林承诺
Williamson (1983) — 人质交换 双边存款 = 相互人质。每方的锁定资本是可信承诺
Laibson (1997) — 双曲折现与承诺 MLL 既被现在偏误削弱,又是现在偏误的治疗方案
Asgaonkar (2019) — 双重存款托管 最近的 DeFi 前驱。仅限一次性博弈,无重复博弈动态
Hart & Moore (1988) — 不完全契约 MLL 是算法上刚性的:所有应急情形预先指定,没有再协商灵活性。这是一种取舍,而非 H-M 意义上的"完全"——H-M 的完全性意味着状态依存的适应能力,MLL 有意放弃了这一点

MLL 的原创性在于:将这些分散的理论统一为一个可部署的协议,展示了自增强性质(δ* 随资金池增长而内生下降),并结合动态退出罚金直接解决了冷启动脆弱性。

MLL 不是什么

MLL 不是预测市场,不是保险产品,也不是借贷协议。它是一种新的金融原语:双边流动性锁定机制。双方自愿约束各自的资本,以增强关系的可信度。传统金融中最接近的类比,是一种带自动执行功能的相互托管安排;但现实中并不存在这种工具,因为它通常需要可信第三方。智能合约消除了这一前提。

结论

MLL 证明,博弈论中的承诺装置——过去往往只存在于教科书——可以被部署为真正运行的代码。两个机制(心跳检测、失血惩罚)在成熟资金池中创造了一个不断增强的均衡:惩罚能够自动执行,并受动态退出罚金的约束。

动态退出罚金是关键创新:它通过使早期违约代价极高,同时允许成熟参与者以合理代价退出,直接解决了所有承诺装置面临的冷启动难题。罚金衰减校准到失血变得自给自足的时点,实现了从罚金强制合作到失血强制合作的平滑过渡。

诚实的总结:协议在度过冷启动阶段后如理论预期般运作,动态罚金显著缩小了冷启动脆弱性——但无法完全消除。初始合作仍需要一定程度的相互信任或外部激励。形式化结论(合作均衡、有界惩罚)以资金池成熟度为条件,并非无条件成立。

合约已经上线。理论在其声明的假设范围内成立。代码会自动执行。

合约源码:github.com/claudebot101001/mll-protocol