Lock-and-mint
Architectural pattern for a cross-chain bridge: an asset is locked on the source chain and a wrapped equivalent is minted on the destination. Reverse path is burn-and-release. The most common bridge architecture.
Aliases: lock and mint, lock-mint, burn-and-release
Lock-and-mint is the most common architectural pattern for cross-chain bridges. The mechanics:
- Forward path (chain A → chain B): the user locks an asset in the bridge contract on chain A → the bridge emits an event → bridge validators sign it → a wrapped asset (
wToken) is minted on chain B. - Reverse path (chain B → chain A): the user burns the wrapped asset on B → validators sign the burn event → the bridge on A releases the original.
Advantages
- 1:1 backing: every wrapped token on B is backed by a real locked asset on A. No inflation under normal operation.
- Simplicity: no AMM, no rebalancing, no peg loss — in an ideal world.
Failure modes and risks
- Trust in bridge validators: if the quorum is compromised, the wrapped asset can be minted “from thin air” (without a real lock) → drain of the pool on A. This is exactly what happened to Ronin Bridge, Wormhole, Nomad — and in May 2026 to TAC’s TON bridge.
- On-chain signature verification (CHKSIGN in TVM, ecrecover in EVM) is non-negotiable. Trusting an off-chain rotator without on-chain verification is a catastrophic anti-pattern.
- Wrapped tokens are not interchangeable: wUSDT-TAC, wUSDT-Ethereum, wUSDT-Avalanche are three different assets backed by different contracts.
Alternatives
- Atomic swap / HTLC — no trusted validators, but narrow scenario coverage and poor UX.
- Liquidity-network bridges (Connext, Across) — liquidity on both sides, the bridge acts as a market-maker.
- Canonical bridge — formalised lock-and-mint maintained by the source chain’s team (e.g. Ethereum’s native L2 bridges).