Security Model
Olymp security relies on cryptographic signatures, on-chain anchors, and verifiable payload hashes. Gateways and consumers can independently validate results.
Core verification rules
- Providers sign Data Packages using EIP-712 typed data.
- Gateways validate signatures, anchor records, and payload hashes.
- Consumers can independently verify the proof bundle and anchor ID.
- Score updates are centralized in MVP via the
ScoreUpdaterrole.
Slashing MVP (explicit)
Current (bootstrap):
- Slashing is admin/role-based via
SlashingManager. - Only approved slashers can slash provider bonds.
- Slashed funds are routed to treasury/fee collector.
Slashable reasons (documented):
- Invalid provider or adapter signature.
- Anchor mismatch (metadata differs from on-chain anchor).
- Repeated schema violations for the same data type.
- Deliberate malformed payload (hash mismatch).
Non-slash penalties:
- Downtime results in routing penalties or score decay.
- Slow or unreliable endpoints can be de-prioritized by gateways.
Future upgrades:
- Governance-controlled slashing rules and role management.
- Dispute and appeals processes (out of scope for MVP).
Threats addressed:
- Tampered payloads (hash mismatch)
- Replay attacks (nonce registry)
- Unregistered providers (registry validation)