Security Model
Molpha’s security is built on multiple layers of verification, economic incentives, and cryptographic proofs.Independent Verification
Each verifier node computes values from the API directly. This ensures:- No blind signing — nodes must fetch and validate data independently
- Deterministic computation — all nodes apply the same transformation logic
- Hash verification — nodes compare their computed value’s hash with the expected hash before signing
Leader Rotation
A different node coordinates each round, preventing single-point failures:- No single aggregator has permanent control
- Rotating leadership distributes trust
- Reduces risk of targeted attacks
HashiCorp Vault Integration
API keys and credentials are protected through HashiCorp Vault:- No keys on-chain — API secrets never touch the blockchain
- Secure access — Nodes fetch credentials via authenticated Vault API
- Access control — Fine-grained permissions per node and feed
- Key rotation — Centralized key management with automatic rotation support
On-Chain Proofs
Feed results and signatures are permanently verifiable:- Cryptographic signatures — Every result is signed by verifier nodes
- Quorum verification — Multiple signatures required for acceptance
- Permanent audit trail — All feed updates stored on-chain
Slashing & Reputation
Nodes risk bonded USDC for dishonesty or inactivity:- Stake requirements — Nodes must bond USDC to participate
- Slashing conditions:
- Signing incorrect values
- Missing assignments repeatedly
- Malicious behavior detected via challenges
- Reputation system — Performance tracked and affects rewards
- Economic security — Dishonest behavior costs more than potential gains
Next Steps
- Economics — Learn about the USDC-native model
- Protocol Overview — Understand the architecture
- Feed Creation — Create your own feeds