TEE Liquidity Vault Architecture
- TEE-based liquidity vaults are secure control patterns that use trusted hardware enclaves to enforce liquidity functions and collateral management.
- They employ off-chain, enclave-driven logic to dynamically adjust LTV ratios and manage stablecoin issuance via well-defined risk controls.
- They integrate high-frequency execution with on-chain settlement and attested reporting, ensuring auditable integrity and mechanisms for emergency recourse.
A TEE-based liquidity vault is a vault architecture in which critical liquidity functions—custody, issuance limits, state transitions, liquidation control, or liquidity attestations—are enforced by trusted execution environments rather than by public smart contracts alone. In the literature, closely related constructions appear as TEE-protected treasuries for asynchronous off-chain payments, as vaults that mint time-bound stablecoins against stale closing prices during market closures, as attested reporting systems for Lightning Network channel liquidity, and as rollup-style state engines that combine enclave execution with on-chain redemption and challenge logic (Lind et al., 2017, Borjigin et al., 7 Oct 2025, Singh et al., 12 Dec 2025, Wen et al., 2024). The common design objective is to obtain high-frequency liquidity management and low-latency execution while retaining auditable integrity and an ultimate on-chain recourse path.
1. Conceptual lineage and problem setting
The earliest closely aligned formulation is the TEE treasury model in Teechain. There, collateral is placed in on-chain deposit outputs controlled by enclave-generated secret keys, and these outputs can be dedicated to channels, reallocated, and ultimately flushed to the blockchain only under enclave-controlled state transitions. Teechain’s abstract characterizes this as off-chain execution that is asynchronous with respect to the underlying blockchain, using treasuries protected by hardware TEEs and replicated state via committee chains, and reports at least a 33x higher transaction throughput than Lightning, with a 30-machine deployment handling over 1 million Bitcoin transactions per second (Lind et al., 2017). In vault terminology, the treasury functions as a liquidity pool whose spend authority is subordinated to enclave logic.
A second lineage arises from intertemporal collateral transformation. In the time-bound stablecoin framework, a user deposits shares into a vault immediately after the primary market close, an oracle posts the official closing price , and the vault mints units of a stablecoin that is valid only from close to the next open. At the next open, the oracle posts , the borrower either repays and retrieves the same shares, or the collateral is liquidated, and the stablecoins are redeemed and burned (Borjigin et al., 7 Oct 2025). This defines the vault as a short-term collateralized loan engine over the closure interval.
A third lineage concerns attested liquidity disclosure rather than direct custody. The Lightning verification framework places the balance-reporting logic inside a TEE, binds a liquidity report to a remote attestation quote, and optionally proves authentic transport via zkTLS. In that setting, the vault is a service that continuously attests to private liquidity state for auditors, lenders, exchanges, or other counterparties, using TEEs as the hardware-backed source of truth (Singh et al., 12 Dec 2025).
A plausible implication is that “TEE-based liquidity vault” is best understood not as a single protocol family but as a control pattern: a pool of economically meaningful state becomes accessible only through attested enclave code, with the chain acting as settlement substrate, recourse mechanism, or attestation registry.
2. Economic structure, pricing, and credit function
In the time-bound stablecoin setting, the vault’s central economic object is the claim on the minimum of the official close and official open: The decomposition
implies that the issuance-time fair value is
where is the value of a European put on with strike . The associated Liquidity-of-Time Premium is defined as
0
and under the idealized model this becomes 1. TLP is therefore the relative discount of the fair stablecoin price below the stale closing price, and measures the cost of obtaining overnight liquidity against collateral that cannot be repriced until the next market open (Borjigin et al., 7 Oct 2025).
The same paper derives a no-arbitrage pricing corridor. With 2 and 3, the fair-value condition is
4
with band
5
or equivalently
6
This makes the vault economically analogous to a monetary authority for a temporary peg: it does not force secondary-market price to equal 7, but it can modulate issuance capacity so that the discount remains inside a target range (Borjigin et al., 7 Oct 2025).
The credit-theoretic interpretation generalizes beyond time-bound stablecoins. “Vault as a credit instrument” models a vault as a senior claim structure in which depositors fund a pool, borrowers draw against collateral, and depositor loss is governed by the gap between book value 8 and real liquidation value 9. The key loss object is
0
In this formulation, a TEE-based liquidity vault remains a credit instrument even when execution or valuation logic moves into enclaves; what changes is the distribution of 1, not the basic economic role of the vault (Zbandut et al., 19 Apr 2026).
This suggests that TEE usage does not alter first principles of solvency. It changes how price staleness, liquidation routing, data integrity, and withdrawal rights are operationalized, but the core questions remain collateral sufficiency, execution quality, and loss allocation.
3. TEE control plane and programmatic invariants
The most explicit vault-control specification appears in the time-bound stablecoin design. A TEE-based vault is expected to ingest official close 2, read the current LTV parameter, compute
3
enforce per-user borrow limits, monitor observed stablecoin price 4, compute
5
and update risk parameters accordingly. At open it ingests 6, evaluates collateral value 7, compares it to debt, and flags positions for auction when 8 or repayment deadlines are missed (Borjigin et al., 7 Oct 2025). The same framework specifies additional invariants: no trivial arbitrage, peg-discipline via a TLP band, optional default-probability constraints, equivalent-share return, and full collateral coverage at open.
The equivalent-share requirement is a distinctive vault property. Borrowers can reclaim the same shares they deposited if they repay, and if they do not repay those specific shares are auctioned or otherwise realized for stablecoin holders. For a TEE, this maps directly to stateful tracking of share identifiers per position, rather than mere aggregate balance accounting (Borjigin et al., 7 Oct 2025).
Teechain contributes a related architectural principle. Deposit outputs are controlled by enclave-generated secret keys; the host cannot spend them directly and must go through enclave logic. Outputs may be free, dedicated to a specific channel, or terminated. This gives a TEE-based vault an internal resource-allocation interface: collateral units can be committed, released, reassigned, or flushed to chain under enclave-enforced state transitions rather than under unrestricted wallet control (Lind et al., 2017). This suggests a generalized vault substrate in which the TEE is not only a signing oracle but the internal allocator of liquidity compartments.
For higher-value deployments, committee-based execution replaces the single-enclave controller. TEERollup registers sequencer TEEs on-chain, stores public keys, requires quorum certificates from at least 9 different TEE types, and only then accepts a new state root on the main-chain contract. Its state representation
0
binds a height, predecessor hash, account-tree root, and transaction hash into a single attested update object (Wen et al., 2024). Applied to a liquidity vault, the same pattern yields QC-guarded vault-state transitions: asset positions, user balances, and withdrawal queues become part of an enclave-executed state machine whose public checkpoint is an on-chain root.
4. Dynamic risk control, attested reporting, and settlement fallback
A defining feature of the time-bound stablecoin vault is dynamic LTV control. The proposed rule is
1
subject to bounds such as 2 and optional default-probability constraints (Borjigin et al., 7 Oct 2025). If TLP widens, the vault lowers LTV and contracts issuance; if TLP compresses toward par, the vault can loosen LTV and expand supply. The paper explicitly analogizes this to a central bank defending a peg by tightening or loosening liquidity.
Where the vault’s external interface is balance verification rather than direct issuance, the reporting path becomes equally important. The Lightning verification framework places the balance-reporting software inside a TEE, generates a remote attestation quote whose report data binds the quote to the balance report, and then either serves that result through zkTLS or signs the report directly with an enclave-generated key. The paper distinguishes “Hot Proofs,” which are off-chain, high-frequency, TEE-backed, and zkTLS-attested, from “Cold Proofs,” which are on-chain settlement events and therefore slow but final (Singh et al., 12 Dec 2025). In vault terms, Hot Proofs support frequent liquidity attestations and covenant checks; Cold Proofs remain the ultimate recourse when trust in the enclave path is impaired.
TEERollup provides a complementary answer to the availability problem. Its on-chain contract stores state roots but not full state, and users can invoke StartChallenge when transactions are censored or sequencers become unavailable. If unresolved within the waiting period, SettleRollup freezes the system, after which SettleWithdraw allows direct exit via a Merkle proof against the last recorded account root (Wen et al., 2024). For a liquidity vault, this pattern yields a precise escape hatch: TEE control is the normal execution path, but redeemability is preserved by a frozen-state proof mechanism that no longer depends on TEEs or off-chain operators for safety.
The same rollup design also externalizes data availability to Data Availability Providers backed by collateral and a laziness-penalty mechanism. A plausible implication is that large TEE-based vaults may require a layered architecture: enclaves for fast logic, DAP-like services for full-state retention, and on-chain roots for non-custodial exits.
5. Security model, governance surface, and economic deterrence
TEE-based vaults are frequently mischaracterized as if enclaves remove trust assumptions. The cited literature does not support that view. TEERollup explicitly adopts a threat model in which TEE integrity and availability may be compromised, assumes at most 3 TEE types are compromised at a time, and uses heterogeneity plus a threshold 4 to prevent a minority of compromised enclaves from finalizing an invalid state (Wen et al., 2024). The Lightning attestation framework likewise lists hardware vulnerabilities, privacy leakage to third-party APIs, stale-state attacks, and performance overhead as first-order design considerations (Singh et al., 12 Dec 2025).
The most systematic decomposition comes from the vault credit-risk framework. It separates risk into Level 1 mechanical loss channels, Level 2 governance quality, and Level 3 infrastructure and code integrity. For Level 3, the failure probability is superadditive in dependency depth: 5 When TEEs are introduced, enclave code, attestation services, and key-management components become additional nodes in the dependency graph (Zbandut et al., 19 Apr 2026). The practical conclusion is not that TEEs are undesirable, but that they can lower some Level 1 mechanical risks while increasing Level 3 complexity. A TEE-based vault may therefore improve execution quality and oracle handling while simultaneously becoming more exposed to software, attestation, or hardware-failure concentration.
At Level 1, the same framework enumerates six structural loss channels: oracle execution divergence, endogenous recovery, full-information run dynamics, timelock-constrained governance, oracle manipulation or false solvency, and congestion-driven liquidation failure (Zbandut et al., 19 Apr 2026). Several of these map directly to TEE vault design. A TEE may lower typical execution wedges or coordinate batch-aware liquidations, but the framework stresses that realized execution still has to be measured from objective traces. A TEE may implement secure oracle aggregation, but that shifts part of oracle risk into enclave integrity and governance over oracle logic.
A separate literature prices the security of TEE-mediated external control by modeling collusion among TEE operators. In the TEE-BFT framework, a threshold of 6 providers is needed to compromise the system, the attack prize is a short-window flow 7, and sanctions are summarized by an effective sanction 8. The resulting conservative safe-value bound is
9
where 0 is the coalition detection probability under independent per-member detection risk 1 (Shamis et al., 30 Oct 2025). For a liquidity vault, this yields an explicit design doctrine: vault capacity should be chosen relative to threshold size, operator sanctions, and expected short-window extractable value, rather than treated as an unconstrained by-product of software deployment.
6. Applications, execution design, and open controversies
One application class is intertemporal collateralization. Here the TEE-based liquidity vault is a controller for time-bound stablecoin issuance during market closures, using stale official closes, adaptive LTV, closing-price and opening-price oracles, and open-time auction liquidations (Borjigin et al., 7 Oct 2025). Another is attested off-chain channel liquidity, where the vault is primarily a proof service for balance or solvency claims rather than a direct issuer of liabilities (Singh et al., 12 Dec 2025). A third is rollup-style pooled execution, where the vault is effectively a state root over balances and entitlements with fast normal-path withdrawals and proof-based emergency exits (Wen et al., 2024).
A further application is confidential AMM execution. V0LVER does not assume TEEs, but it specifies a mechanism in which orders are encrypted, liquidity is allocated before order contents are revealed, and block-producer profit is maximized by moving the pool price to the external market price rather than by extracting user-level MEV. The design uses encrypted Order Commitment Transactions, allocation pools, and a Diamond-style LVR rebate, and argues that users trade at the external price in expectancy while user-level MEV and uncontrolled loss-versus-rebalancing are suppressed (McMenamin et al., 2023). This suggests that a TEE-based liquidity vault can serve as the confidentiality and enforcement layer for such a mechanism: the enclave seals pending orders, commits price before reveal, and performs batched clearing under attested logic.
The main controversies are therefore not about whether TEE-based vaults are feasible, but about where they relocate trust and opacity. One common misconception is that enclave execution is equivalent to trustless execution. The literature instead presents TEEs as a means of execution assurance under specific attestation, hardware, and governance assumptions, often paired with threshold committees, zkTLS, or escape hatches (Singh et al., 12 Dec 2025, Wen et al., 2024). Another misconception is that better execution logic eliminates vault credit risk. The credit-risk framework argues the opposite: a TEE-based vault is still a credit instrument, and its depositor risk remains governed by collateral realizability, withdrawal dynamics, governance latency, and code integrity (Zbandut et al., 19 Apr 2026).
A plausible synthesis across these sources is that the mature form of a TEE-based liquidity vault is hybrid rather than purely enclave-centric. Fast-path liquidity management, pricing, or attestation occurs inside TEEs; operator collusion is bounded through thresholds and sanctions; full-state availability is preserved through external storage and on-chain checkpoints; and ultimate safety rests on challenge, liquidation, or withdrawal procedures that remain verifiable without trusting a live enclave. Under that synthesis, the TEE is neither a replacement for settlement finality nor a mere optimization. It is a programmable control layer for liquidity that sits between continuous off-chain execution and irreversible on-chain resolution.