Tulip v1 is an early production implementation, and its contracts have not been independently audited. Transactions are irreversible, model-credit markets can be volatile, and inference relies on off-chain providers. Verify the network, contract target, approvals, and amounts before signing.
Contract protections
- Fixed credit supply with no mint authority after construction.
- Deterministic ModelID and one canonical market binding.
- Launch LP NFT minted directly to an immutable locker.
- Locker fee collection checks that position liquidity principal is unchanged.
- Canonical launches use creator-bound commit/reveal protection and require a prior-block commitment.
- Creator LP-fee changes have a one-hour on-chain safety delay and a hard 10% ceiling.
- Only activated tariff versions can settle; replacing a pending tariff permanently leaves the replaced version inactive.
- Closing permits reject usage that starts at or after the close request, and paused models or non-active offers cannot settle.
- Protocol fee checkpoints make inference splits use the fee that applied when the request started.
- Provider tariffs are versioned and delayed.
- Permits are bound to one model and may optionally bind one offer.
- EIP-712 receipts bind the exact request, quote, permit, model, offer, tariff version, usage, wake state, and timestamps.
- Request IDs can settle only once.
- Settlement recomputes the charge from the on-chain tariff.
- Permit closure has a 30-minute delay.
- State-changing custody and settlement paths use reentrancy guards.
Gateway protections
- All
/v1/* routes require a Tulip API key.
- Provider onboarding requires an expiring operator signature and a single-use nonce.
- Endpoint origins must be HTTPS subdomains of
endpoints.huggingface.cloud.
- Public responses omit endpoint URLs and credentials.
- PostgreSQL credentials are encrypted with AES-256-GCM.
- Reservations are atomic when durable PostgreSQL storage is used.
- Streaming requests require terminal usage instead of estimated billing.
- Automatic failover is limited to the period before output is delivered.
Known trust assumptions
Tulip does not currently provide cryptographic proof that an endpoint executed a model correctly. Users trust:
- The provider to deploy and run the committed model revision.
- Hugging Face, as the v1 endpoint vendor, to host the endpoint and expose truthful operational metadata.
- The Gateway to route correctly, meter usage, and protect its signing key.
- Protocol governance to use pause, fee, quarantine, signer, and treasury controls responsibly.
Operational requirements
Production operators should use:
- Multisig or governed protocol ownership.
- A managed signer or HSM for usage receipts.
- Private secret storage and rotation.
- PostgreSQL backups and connection encryption.
- Multiple Robinhood RPC providers.
- Gateway, settlement, indexer-lag, and balance monitoring.
- Rate limits, request logging with secret redaction, and abuse controls.
- A public incident response and pause policy.
Safe production use
- Confirm your wallet is connected to Robinhood Chain, chain ID
4663.
- Inspect transaction targets and receipts in Blockscout.
- Use bounded token approvals and inference permits.
- Protect wallet keys, Tulip API keys, and provider credentials.
- Start with small trades and permit balances when using a market for the first time.