Technical Paper

Smart-Contract Surface

4.15 Program model

v1 runs on audited, widely-used programs rather than custom protocol code. No bespoke on-chain program is deployed for the reward layer; each on-chain function maps to a deployed, externally reviewed program.

FunctionProgramAuthority model
INT issuance and burnSPL TokenMint authority closed after genesis; burn under multisig
Reward distribution and claimAudited merkle distributorPer-epoch root; root-set authority is multisig
Treasury and authoritiesSquads multisigSeparated root / treasury / clawback approvals
Foundation NFTToken-2022 (NonTransferable)Backend mint, one per wallet
Transparency commitmentsMemo programEpoch root and dataset hash written on-chain

bINT and ePoints are off-chain accounting units. They are not on-chain tokens; their balances live in the operations layer and settle into INT through the distributor.

4.16 What goes on-chain

The on-chain layer carries INT token events, the per-epoch distribution root, treasury authority changes, and transparency commitments. The off-chain layer carries the reward engine (contribution → amount → root), receipt content, trust signals, and behavior history.

The published reward dataset is written to permanent storage; its hash and the epoch root are committed on-chain. External parties can recompute their own balance from the published data and check it against the on-chain root, while receipt content stays in the off-chain data layer.

4.17 Settlement integrity

Before a distribution root is signed, an independent verifier recomputes it from the same source ledger and checks the cumulative allocation invariants (4.18). A root that does not match the recomputation, or that would breach an allocation ceiling, does not proceed to signing. Root signing and treasury movements require multi-approval through the Squads multisig.

This separation keeps reward computation, independent verification, and fund movement in distinct hands: a single compromised server cannot move funds on its own.

4.18 Audit posture

The on-chain surface relies on programs that are already audited and in broad production use. The off-chain reward engine and the independent verifier are reviewed before launch, with a public report archive and a security reporting channel. Scope and report links are published as reviews complete.