Skip to main content
Flashnet executes complex actions (AMM pool creation, swaps, CLOB, escrow, etc.) without a general-purpose VM by combining three independent actors. The model deliberately splits authority so that no single party can move funds or mutate state.

Why the Split Works

  1. Custody stays with the user until the very moment all validators agree the intent is valid; the TEE cannot act without the shards, and validators cannot act without the enclave.
  2. m-of-n secret sharing permits liveness with up to n − m offline or malicious validators while preventing sub-threshold collusion.
  3. Deterministic enclave code + remote attestation constrains the TEE to a publicly auditable state machine.
  4. Accountability means that any validator who withholds shards or signs a bad intent can be proven dishonest and penalised.

Security Assumptions

  1. The enclave’s hardware isolation (e.g. SGX or Nitro) prevents key extraction; compromised hardware would be detected via failed remote attestation.
  2. At least m validators are honest and responsive; liveness requires this quorum.
  3. Spark finality ensures that once the tx is signed the state transition is immutable and can be sequenced to Bitcoin.

Failure Scenarios