Tagged: security

10 projects across the lattice ecosystem.

Convex Architecture Documents

CAD000: Design Principles Codifies the non-negotiable axioms every other CAD inherits from — immutable values, bounded resources, CRDT-safe idempotence, security-first cryptography. This is the constitution: why Convex refuses the shortcuts (mutable state, unbounded ops, bespoke crypto) that trap other decentralised platforms.
CAD007: Juice Accounting Meters CPU and bandwidth per CVM op with hard upper bounds so an O(n) attacker cannot force O(n^2) work — DoS protection baked into the execution semantics rather than retrofitted. It plays the role Ethereum gas plays but is priced on actual worst-case resource use, and is called juice deliberately because it is a Convex concept, not a blockchain one.
CAD010: Transactions Pins down the signed transaction envelope — Ed25519 signature, origin address, strict incrementing sequence number — so replay attacks are structurally impossible and every state change has a cryptographically attributable author. The narrow interface is what lets clients from any language submit work into consensus.
CAD016: Peer Staking Separates operational peer stake (slashed if the hot key leaks) from delegated stake (slashed only if the controller account is compromised), so coin holders can back good operators without running infrastructure themselves. Cleaner fault model than Ethereum validator staking, where one key loss loses everything.
CAD017: Peer Operations Sets the concrete hardware, network, and key-management bar for running a peer — 1000 CVM minimum stake, offline controller keys, commodity 8-core box. Deliberately keeps peer operation achievable by individuals, not just data centres.
CAD022: Trust Monitors Composable on-chain subject-action-object authorisation modules based on the TCSEC B3 reference-monitor model — sandboxed, callable in query mode, reusable across contracts. Access control becomes a first-class shareable component instead of ad-hoc modifiers copied into every contract.
CAD023: Keystore Standardises how peers, CLIs and wallets store Ed25519 keys — encrypted at rest, password not cached, in-memory only when needed, reusing proven formats rather than reinventing. Prevents the class of keystore bugs that have drained other ecosystems.
CAD038: Lattice Authentication Makes the merge step itself the security boundary — every incoming signed value is verified against its owner key (public key, Convex address, or DID) at O(delta) cost. You cannot inject data into a namespace you don't own, no matter what transport delivered it.