ARCHITECTURE · v1.2 · 2026-05-31

From your device to a
confirmed bundle — four hops.

Every key path, every node call, every cent of fee revenue — sourced from the deployed contracts and the running backend. The hot-path reads exclusively from the operator's own Reth node over a local IPC socket; there is no external RPC dependency in the trade-execution path. Read it before you fund anything.

Smart-contract source open at etherscan.io · verified source. The trading engine stays proprietary — protection comes from the on-chain footprint, not from secrecy.

01

Hot-path · PWA → local Reth → multi-builder → on-chain

Four physical hops between a Face ID confirm and a landed block.

+--------------------------------------------------------------------+
| L4   PWA shell                                                     |
|      React + Vite. Service Worker. iOS Safari / Android Chrome /   |
|      Desktop / Telegram WebApp. No app store, no extension.        |
+----+---------------------------------------------------------------+
     |  touch / Face ID / passkey ceremony
     v
+----+---------------------------------------------------------------+
| L3   Signing                                                       |
|      Coinbase Smart Wallet. Owner = passkey, derived in-browser    |
|      via WebAuthn PRF. Lifetime ~12 ms between credential-get and  |
|      signed payload, then zeroed. Session keys are separate:       |
|      90-day TTL, per-token spend cap, scoped calldata.             |
+----+---------------------------------------------------------------+
     |  signed payload (no key material) over HTTPS
     v
+----+---------------------------------------------------------------+
| L2   Backend + local Reth                                          |
|      Rust (axum + tokio). Reads from a LOCAL Reth node over IPC    |
|      ( sub-1 ms RTT to the node ). No external RPC provider on     |
|      the hot path. Backend sees signed payloads,                   |
|      never key material.                                           |
+----+---------------------------------------------------------------+
     |  eth_sendBundle  ( fan-out, parallel )
     v
+----+---------------------------------------------------------------+
| L1   Multi-builder relay  ( 4 destinations )                       |
|        flashbots.net                                               |
|        beaverbuild.org                                             |
|        titanbuilder.xyz                                            |
|        lightspeedbuilder.info                                      |
|      First inclusion wins; the rest are dropped.                   |
+----+---------------------------------------------------------------+
     |  block N confirmation
     v
+----+---------------------------------------------------------------+
| L0   Ethereum mainnet                                              |
|      Uniswap V2 / V3 multi-hop + Curve where deeper. Anti-rug      |
|      LP-monitor on tokens you hold; trip -> auto-sell front-runs   |
|      the rug in the SAME block with a higher MEV tip.              |
+--------------------------------------------------------------------+

02

Smart wallet · passkey → smart wallet → session keys

One ceremony per session. The keys live for 12 ms in the browser, then are zeroed. Session keys do the rest, with a hard daily cap.

Passkey owner

Your passkey lives in the device’s Secure Enclave (iOS), TPM (Windows / Android), or a hardware security key. The private key signing transactions is a secp256k1 derived from the passkey via the WebAuthn PRF extension. Existence in memory: ~12 ms between credentials.get() and the signed payload. After that: SubtleCrypto.deleteKey + zeroed buffers. LOSURIA never sees the raw key.

↓ authorises

Smart wallet

Coinbase Smart Wallet. Funds, NFTs, session-key authorisations, token approvals all live here. The smart wallet pays gas via executeBatch([refill_eoa, op]) — no bundler, no operator float, no user-visible funding step beyond the one-time bootstrap.

↓ arms

Session key

A separate ephemeral secp256k1 generated in-browser when you arm a snipe. Scoped: one token, hard ETH spend cap, ≤90-day TTL. Cannot transfer ERC-20s outside whitelisted DEX router calldata. Cannot authorise new session keys. Signs autonomously while your tab is closed — that’s how auto-snipe works without a passkey prompt. Disarm: one tap, on-chain via SessionKey.deauthorize(keyAddr).

03

Trust model · what you trust LOSURIA for vs. what is verifiable

If a fact is on-chain you can prove it yourself; if it is operational we say so.

Verifiable on-chain · no operator trust required

Founders Pass 500 cap — operator-committed. Technical MAX_TOTAL_CAP=1500 ceiling immutable but unreachable in practice: operator never raises phaseCap above 500.
Mint price $236, settled via Chainlink ETH/USD feed; bounded 50–200 % corridor around the construction anchor.
Fee collector address: immutable per swap leg. Operator cannot redirect collected ETH.
LSR token: 1B fixed supply, no mint(), no upgrade path, ERC20Votes wired.
Launchpad: factory mints token, funds LP, locks LP NFT — all in one transaction. The creator never holds the LP NFT.
Launchpad buy tax: creator-set 0–5 %, immutable post-deploy, sells tax-free, routed on every buy. Token contract has no mint(), no pause(), no admin and no blacklist.
Snipe-window: every launch routes through deployScheduled() with a 60-second minimum delay between TokenDeployed and PoolOpened. Atomic-launch path is removed in factory v3 — seat-holders ALWAYS get the pre-arm window. Enforced by MIN_DELAY_SECS on the factory.

Operator trust · what we ask you to take on our word

Local Reth is up and configured correctly — verifiable via /latency (operator-published) and via your own ping to the public surfaces.
Trading engine source is proprietary. Counterfactual MEV-saved estimates are published at /mev/recent; you can spot-check the math against any tx hash.
Backend sees signed payloads, never key material — but you do trust us to not re-broadcast a session-key signature outside its scope (the smart wallet would reject it; the trust is in the calldata path).
Operator treasury custody sits on a hardware-security device under the operator's physical control, per the Operating Agreement Art. V — trust is in operational discipline, not in code.
Roadmap items (Pass fee discount, snipe-priority queue, Solana sniping) ship when they ship. We never advertise them as live perks.

04

Deployment addresses · Ethereum mainnet

Every address points to a contract whose Solidity source is `exact_match` verified on the open Sourcify registry. Click any row for the Etherscan view; follow the /audit page for the Sourcify lookup.

Founders Pass V2 0x6238B370…3B212d

Token Factory v3 (Launchpad) 0x74B0fA7D…A007514

Fee Collector 0x36d4d58f…F20cbf

Subscription V1 0xfe76387E…C2ff6de

Treasury Sweeper V1 0x6Be6eFB4…1510aBC

LSR governance token 0xe9126022…b339db04

Chainlink ETH/USD feed 0x5f4eC3Df…c5b8419

Source verification etherscan.io · verified source

05

Security posture · every key path on the page

If a key can sign for you, it appears in the table — with the holder and rotation path.

Key path	Scope	Holder	Rotation
User passkey	Everything the smart wallet owns	You · Secure Enclave / TPM / hardware key	Add backup passkey, revoke old
Session key	1 token, ETH cap, TTL ≤ 90d	You · in-memory secp256k1 on device	1-tap deauthorise, on-chain
Operator EOA	Pay gas for some snipe bundles (refunded)	Operator · hardware-security device	Rotation per Operating Agreement Art. V
Founders Pass owner	Set mint price (50–200 % corridor) · pause	Operator · Ledger Nano-X (cold)	Renounce after the 500th mint
Token Factory owner	Set launch / featured fee (bounded)	Operator · Ledger Nano-X (cold)	Bounded by contract `FEE_MIN/MAX`
Fee Collector	Receive ETH · sweep to treasury	No admin · immutable	Impossible by design
LSR (governance token)	1B fixed supply · ERC20Votes	No mint() · supply fixed at deploy	Impossible by design

Every owner-key path on the operator side uses a hardware-security device. The keys never touch a connected machine — every signing op is wallet-app verified on-device, per Operating Agreement Art. V.

06

Live status endpoints

Every claim above ends in a permalink. Bookmark them; they update in real time.

Local Reth latency app.losuria.com/latency

Last 100 MEV bundles app.losuria.com/mev/recent

Every protected swap app.losuria.com/trades

Chain + relay reachability app.losuria.com/status

Smart-contract source etherscan.io · verified source

Open /trades → How we compare Founders Pass

From your device to aconfirmed bundle — four hops.