Flashnet RFQ is designed to be a fully trustless system where users maintain complete control over their funds throughout the quoting and trading process. The system architecture eliminates counterparty risk through atomic execution and provides transparency through a verifiable public log.

Trustless RFQ Process

Flashnet RFQ operates on a strict principle of user sovereignty, where the Flashnet infrastructure acts only as a communication layer between users and market makers.

How It Works

  1. User in Control: Users always maintain custody of their funds throughout the entire process
  2. Atomic Execution: Trades execute as atomic swaps on Spark, ensuring trades are either executed completely or not at all
  3. Quote Verification: Users can independently verify and select the best quotes
  4. No Middleman Risk: Direct settlement between user and chosen market maker
The user’s application never relinquishes control of funds to Flashnet or market makers. When a trade executes, it happens in a single, atomic operation where both sides of the trade (user assets and market maker assets) are swapped simultaneously, eliminating counterparty risk.

Risks and Mitigations

The primary risks in any RFQ system involve information leakage, front-running, and quote manipulation. Flashnet RFQ addresses these through:
  • Signed Quotes: All quotes are cryptographically signed by market makers
  • Quote Expiration: Quotes have strict time limitations to prevent staleness
  • Direct Execution: Users execute chosen swaps directly on Spark, not through intermediaries

Verification Log

Flashnet RFQ maintains a public, cryptographically verifiable log of all RFQ activities while preserving privacy.

How It Works

The verification log records hashed representations of:
  1. Quote Requests: Hashed request parameters that hide specific amounts and values
  2. Quote Responses: Hashed quote data that masks exact prices and sizes
  3. Request-Response Mapping: Cryptographic proof linking quotes to requests
This system allows users and market makers to verify:
  • That all requests were properly forwarded to market makers
  • That all quotes received were properly forwarded to users
  • The fairness and completeness of the RFQ process

Verification Without Information Leakage

The verification log is designed so that only the specific user and market maker involved in a transaction can verify their own requests and quotes, while the general public cannot see sensitive information like trade sizes, prices, or identities. This provides accountability without sacrificing privacy.

Gateway Security

While the RFQ Gateway serves as the communication layer, its design ensures that even if compromised, it cannot impact user funds.

Security Measures

  1. No Custody: The Gateway never takes custody of funds
  2. Signed Messages: All messages are cryptographically signed, preventing tampering
  3. Distributed Architecture: No single point of failure in the system
  4. Redundant Verification: Multiple ways for users to verify quote authenticity
Even in the worst-case scenario of a complete Gateway compromise, an attacker could at most:
  • Prevent messages from being delivered (mitigated by timeout mechanisms)
  • Send invalid quotes (rejected by client-side verification)
  • Withhold some quotes (mitigated by market competition and timeout alerts)
In no scenario can a compromised Gateway access user funds or execute trades without explicit user approval.
Flashnet RFQ combines the speed of centralized communication with the security of trustless execution. By separating the messaging layer (Gateway) from the settlement layer (Spark), the system delivers optimal performance without compromising on security or user sovereignty.