Skip to main content

Tradmatrix System Architecture

Overview

Tradmatrix is a provably-fair asset ownership distribution platform built on Solana. The system enables fractional asset participation through token-based distribution with cryptographically verified winner selection using the Entropy protocol’s commit-reveal scheme.
Key Innovation: The Entropy commit-reveal scheme, combined with Solana’s slot hashing, ensures that no single party can predict or manipulate the winner selection outcome.

Core Guarantees

Provably Fair

Commit-reveal scheme with cryptographic randomness prevents prediction or manipulation

Permissionless Verification

Any participant can verify the winner selection process on-chain

Censorship Resistant

Distributed randomness sampling prevents single-party manipulation

Immutable Records

All transactions and winner selection recorded on-chain

System Layers

Layer 1: On-Chain Smart Contracts (Solana)

The Solana program manages all critical operations including asset creation, token distribution, and provably-fair winner selection.
6 Primary Instructions
  • create_tradmatrix - Initialize platform (admin-only, one-time)
  • create_asset - Create participation event with tokens and pricing
  • init_user - Onboard participant
  • buy_token - Purchase participation token
  • pick_winner - Select winner using provably fair algorithm, distribute proceeds
  • settle_winner - Record winner’s wallet address

Data Model

Transaction Flow

Phase 1: Platform Initialization

1

create_tradmatrix

Admin initializes global program state. One-time operation.

Phase 2: Asset & Randomness Setup

1

create_asset + open_var (Batched)

Admin creates participation event and initializes randomness account with cryptographic commitment.Batching Benefit: Atomic initialization ensures randomness account exists before any operations.

Phase 3: Token Sales

1

User 1: init_user + buy_token (Batched)

First participant creates account and purchases token. Operations batched for efficiency.
2

User N: buy_token (Sequential)

Subsequent participants submit separate transactions to avoid write conflicts on tokensSold counter.
3

Auto-Status Transition

When final token sells, asset status automatically transitions to SOLD_OUT.

Phase 4-8: Cryptographic Winner Selection

The Entropy protocol ensures fair selection through a commit-reveal scheme:
Timeline: 15-20 seconds from sold out to winner settled

Provably Fair Algorithm

Commit-Reveal Scheme

The system prevents any party from predicting the winner: Commitment Phase (Asset Creation):
  1. Entropy provider generates random 32-byte seed
  2. Compute commit = keccak256(seed)
  3. Pass commit hash to open_var instruction
Reveal Phase (After Randomness Available):
  1. Entropy provider reveals the pre-committed seed
  2. Verify: keccak256(revealed_seed) == original_commit
  3. Compute final random value: keccak256(slot_hash || seed || iterations)
Security Properties:
  • ✅ Entropy provider cannot predict slot_hash at commit time (300+ validators control)
  • ✅ Solana validators cannot predict seed (locked in commitment hash)
  • ✅ Each party controls independent randomness source
  • ✅ Final value combines both sources unpredictably

Seed Encryption

Seeds are encrypted at rest using AES-256-GCM:
Purpose: Protects against premature revelation if database is compromised

Token Numbering

Tokens use 1-based indexing for user-friendly display:

Implementation

Winner Selection Formula

The +1 is critical: modulo produces 0 to (N-1), the +1 converts to 1-based range (1 to N).

Timing Constraints

SlotHashes Sysvar Availability

  • Window: 150 slots (~75 seconds) after target slot
  • Fallback: Deterministic hash if outside window
  • Mitigation: Event-driven automation ensures sampling within 10-15 seconds

Slot Progression Requirements

Transaction Batching Rules

✅ Always Batch

❌ Never Batch

Why separate sample_var + reveal_var?
  • sample_var is permissionless; batching breaks this principle
  • Maintains audit trail with separate on-chain entries
  • Prevents timing violations if slots progress unexpectedly
Why separate pick_winner + settle_winner?
  • pick_winner emits winning token number on-chain
  • Backend listens for WinnerSelected event
  • Backend then submits settle_winner with event data
  • Eliminates backend winner calculation; uses on-chain value

Performance Characteristics

Transaction Throughput

  • Token Purchases: Sequential per asset (tokensSold conflicts)
  • Users: Parallel (independent wallets)
  • Assets: Parallel (independent asset accounts)
  • Randomness Flow: Sequential (inter-instruction dependencies)

Latency

Database Operations

  • Event Processing: ~100 writes per event cycle
  • Entropy Storage: 1 record per asset (32 bytes seed + overhead)
  • Activity Logging: ~15 entries per event cycle

Event Processing

The backend subscribes to 13 blockchain events:

Error Handling & Recovery

Transaction Retry Strategy

Timing Violations

If SlotHashes window exceeded:
  • Program uses fallback deterministic hash
  • Alert triggers in monitoring
  • Randomness still valid but reduced entropy
  • Retry with next_var for better randomness

Backup: Blockchain Polling

Event listener failures trigger polling-based backup:
  • Runs every 60 seconds
  • Syncs all ACTIVE/SOLD_OUT assets
  • Catches events missed by real-time listener

Architecture Diagram

Deployment Checklist

Pre-Mainnet Verification

  • Entropy service tested with 10+ cycles
  • Transaction submitter retry logic operational
  • Event automation handlers integrated
  • Seed encryption key secured in environment
  • Monitoring and alerting configured
  • Admin key security reviewed

Post-Mainnet Monitoring

  • Randomness timing validation on live network
  • Failed transaction alerts
  • Pending automation dashboard
  • Weekly audit log reviews

Next Steps

Entropy Protocol Details

Deep dive into the cryptographic commit-reveal scheme and provably fair randomness