Security Model

How IRSB enforces accountability through economic bonds, deterministic slashing, and Cloud KMS + EIP-7702 delegation.

Solver Bonds

Every solver must stake a minimum bond of 0.1 ETH in the SolverRegistry before they can accept intents. The bond serves as collateral that can be slashed if the solver violates protocol rules.

Deposit

Solvers call depositBond(solverId) with ETH. The bond can be topped up at any time.

Withdrawal

7 days cooldown period after requesting withdrawal. Prevents rage-quitting after a bad fill.

Slashing

80% to user, 15% to challenger, 5% to treasury.3 jailings = permanent ban.

Dispute Resolution

Two resolution paths handle different types of violations.

Deterministic Resolution

For objectively verifiable violations: receipt timeout expired, wrong amount delivered, invalid signature.

  • 1. Challenger opens dispute during 1 hour challenge window
  • 2. On-chain data confirms the violation
  • 3. resolveDeterministic() auto-slashes the solver
  • 4. No human judgment needed

Optimistic Resolution (V2)

For complex or subjective disputes that require evidence review.

  • 1. Challenger opens dispute with evidence and bond
  • 2. Solver has 24 hours to post counter-bond
  • 3. No counter-bond = challenger wins by default
  • 4. Counter-bond posted = escalate to arbitrator
  • 5. Arbitrator has 7 days to rule

Three-Level Identity Assurance

LevelNameWhat It ProvesStatus
L1Transport IdentityVerified caller (JWT / workload identity)Live
L2Action AuthorizationOnly allowed IRSB state transitionsLive
L3Instance AttestationAgent runs in approved environment (TEE)Planned

Typed Actions (No Arbitrary Signing)

Cloud KMS + WalletDelegate restrict signing to these typed actions only. The AllowedMethodsEnforcer rejects any selector not on the allowlist:

SUBMIT_RECEIPT { intentId, receiptHash, evidenceHash } OPEN_DISPUTE { receiptId, evidenceHash, reasonCode } SUBMIT_EVIDENCE { disputeId, evidenceHash } REDEEM_DELEGATION { delegation, permissionContext, executionCalldata } SET_DELEGATION { delegations[] }

There is no "sign this arbitrary digest" API. Cloud KMS keys never leave HSM hardware. On-chain, the WalletDelegate enforces caveats before any delegated call executes.

Key Management (Cloud KMS + EIP-7702)

Signing uses Google Cloud KMS with on-chain policy enforcement via EIP-7702 WalletDelegate. Private keys never leave HSM hardware. Five caveat enforcers restrict all delegated transactions.

Cloud KMS

HSM-backed keys. Non-extractable. Sub-100ms signing latency. Solver and watchtower sign directly via KMS.

WalletDelegate

EIP-7702 on-chain policy via 5 caveat enforcers: SpendLimit, TimeWindow, AllowedTargets, AllowedMethods, Nonce. All enforced before execution.

Legacy (Deprecated)

Agent-passkey (Lit Protocol PKP, 2/3 threshold) still running on Cloud Run. Not recommended for new integrations.

Audit Status

IRSB is experimental software deployed on Sepolia testnet. It has 308 passing tests including fuzz tests (10,000 runs per fuzz test), but has not yet undergone a formal third-party security audit. A security audit is planned before mainnet deployment. Do not use with mainnet funds.