Most protocols do not really design around frontrunning and MEV.
They either leave users exposed, add a basic commit-reveal scheme, or rely on private mempools, relays, solvers, and other off-chain infrastructure.
Those systems can be useful, but they usually move the problem into a new trust boundary. The user now depends on someone not leaking orderflow, not censoring, not selectively routing, and not extracting value in a less visible way.
BondRoute takes a different path.
It lets applications define, on-chain, what stake, funding, and timing constraints are required before a protected call can execute.
The problem with basic commit-reveal is that it hides intent, but it does not price abandonment.
If revealing is optional and failing is cheap, the user still holds optionality. Bots can pre-commit to multiple branches and selectively reveal the profitable one. The protocol sees no explicit failure. The attack is invisible and cheap.
BondRoute fixes the missing layer: the protected application quotes the bond required for the specific call, the user stakes before execution, and abandoned bonds forfeit stake.
No execution without a bond. No free optionality.
I posted the longer mechanism-design argument on EthResearch here:
https://ethresear.ch/t/bondroute-pricing-abandonment-in-commit-reveal-protocols/24845
Full README / implementation:
Details for integrators
BondRoute is a singleton.
Every bonded call across every integrated protocol goes through the same contract. From the outside, an attacker sees a commitment hash and a stake amount, nothing else.
The target protocol, function selector, calldata, funding tokens, funding amounts, and even the bond owner are all hidden inside the hash. Any address can create a bond on behalf of another. There is no way to tell which protocol or user is involved until execution.
One signature, up to four funding tokens.
Gasless execution lets users sign once off-chain. The signature authorizes up to four funding tokens for the execution. A relayer can submit both transactions. Stake and refunds always go to the user. Relayers cannot take them.
The application quotes the bond.
A blind auction can require 10% of the committed bid as stake. A swap can require 1% of the input amount. A liquidation can require a fixed stake with a 5-block delay.
The protocol defines what “binding” means for its own risk surface.
The caller-facing quote function is:
function BondRoute_quote_call(
bytes calldata call,
IERC20 preferred_stake_token,
TokenAmount[] memory preferred_fundings
) external view returns (BondConstraints memory);
Two functions to integrate.
Inherit one file, implement BondRoute_quote_call and BondRoute_get_protected_selectors, then call BondRoute_initialize() inside each protected function.
That is the integration surface.
Latency and UX
BondRoute uses commit-reveal, so the on-chain path has two transactions: create bond, then execute bond. The block delay between them is not accidental overhead — it is what makes execution non-reactive. An attacker cannot simply frontrun at execution because they have no matching bond, and they could not create one reactively after seeing the reveal.
In practice, the user does not need two manual actions. With the gasless flow, the user signs once off-chain and a relayer posts both transactions.
Deployment
BondRoute is live on Ethereum, Arbitrum, Base, Optimism, and eleven other EVM chains at the same address:
0xb01d00000000440215e86e0A436f9b59FeB2F14a
GitHub / full README:
Feedback welcome, especially from wallet, router, solver, and protocol implementers who would be on the caller side of BondRoute_quote_call.