Skip to main content
Tulip v1 is an early production implementation, and its contracts have not been independently audited. Transactions are irreversible, model-credit markets can be volatile, and inference relies on off-chain providers. Verify the network, contract target, approvals, and amounts before signing.

Contract protections

  • Fixed credit supply with no mint authority after construction.
  • Deterministic ModelID and one canonical market binding.
  • Launch LP NFT minted directly to an immutable locker.
  • Locker fee collection checks that position liquidity principal is unchanged.
  • Canonical launches use creator-bound commit/reveal protection and require a prior-block commitment.
  • Creator LP-fee changes have a one-hour on-chain safety delay and a hard 10% ceiling.
  • Only activated tariff versions can settle; replacing a pending tariff permanently leaves the replaced version inactive.
  • Closing permits reject usage that starts at or after the close request, and paused models or non-active offers cannot settle.
  • Protocol fee checkpoints make inference splits use the fee that applied when the request started.
  • Provider tariffs are versioned and delayed.
  • Permits are bound to one model and may optionally bind one offer.
  • EIP-712 receipts bind the exact request, quote, permit, model, offer, tariff version, usage, wake state, and timestamps.
  • Request IDs can settle only once.
  • Settlement recomputes the charge from the on-chain tariff.
  • Permit closure has a 30-minute delay.
  • State-changing custody and settlement paths use reentrancy guards.

Gateway protections

  • All /v1/* routes require a Tulip API key.
  • Provider onboarding requires an expiring operator signature and a single-use nonce.
  • Endpoint origins must be HTTPS subdomains of endpoints.huggingface.cloud.
  • Public responses omit endpoint URLs and credentials.
  • PostgreSQL credentials are encrypted with AES-256-GCM.
  • Reservations are atomic when durable PostgreSQL storage is used.
  • Streaming requests require terminal usage instead of estimated billing.
  • Automatic failover is limited to the period before output is delivered.

Known trust assumptions

Tulip does not currently provide cryptographic proof that an endpoint executed a model correctly. Users trust:
  • The provider to deploy and run the committed model revision.
  • Hugging Face, as the v1 endpoint vendor, to host the endpoint and expose truthful operational metadata.
  • The Gateway to route correctly, meter usage, and protect its signing key.
  • Protocol governance to use pause, fee, quarantine, signer, and treasury controls responsibly.

Operational requirements

Production operators should use:
  • Multisig or governed protocol ownership.
  • A managed signer or HSM for usage receipts.
  • Private secret storage and rotation.
  • PostgreSQL backups and connection encryption.
  • Multiple Robinhood RPC providers.
  • Gateway, settlement, indexer-lag, and balance monitoring.
  • Rate limits, request logging with secret redaction, and abuse controls.
  • A public incident response and pause policy.

Safe production use

  • Confirm your wallet is connected to Robinhood Chain, chain ID 4663.
  • Inspect transaction targets and receipts in Blockscout.
  • Use bounded token approvals and inference permits.
  • Protect wallet keys, Tulip API keys, and provider credentials.
  • Start with small trades and permit balances when using a market for the first time.