Skip to main content
The oracle is a NATS-based message queue with JetStream. It reads Bybit sub-account equity and posts NAV updates and challenge state to Solana.

Cadence & reliability

Update cadence~60 seconds during active hours
ReliabilityJetStream provides message persistence, durability, delivery guarantees
Authorizationpolicy_challenges.validate(Report) requires template.admin == signer

Safety checks

These checks pause the vault automatically when something looks wrong:
ConditionAction
API downtime > 5 minutesVault pauses withdrawals
On-chain NAV diverges from Bybit equity by > 2%Vault pauses
Independent watchdogCross-validates the primary reader
All NAV updates are logged on-chain with a timestamp and Bybit equity reference.

Oracle security

  • Oracle keypair stored in KMS, rotated regularly, HSM integration for production
  • Template-admin verification prevents unauthorized challenge updates
  • Cryptographic message authentication
  • Dead-letter queue for failed messages
  • Independent watchdog reader (separate server, API key, region) cross-validates

The trust assumption

NAV reporting currently depends on oracle infrastructure operated by Hyro. While settlement, share accounting, fee logic, and payouts all occur on-chain, NAV reporting is the single largest trust assumption in Phase 1. A successful oracle attack could mint shares at a false NAV.
The decentralization path: independent watchdog cross-validation today → multi-signer oracle in Phase 2 → ZK proofs of CEX state via zkTLS in the long-term roadmap.

Trust Assumptions

The full disclosure of what LPs trust today.