Platform Infrastructure

System Topology

The system is deployed across three execution environments:

• On-Chain (Polygon PoS) — Smart contracts, token operations, membership NFTs, vault management, treasury
• Edge Compute (Cloudflare) — Static site, API routes, SSR, CDN-distributed globally
• Application Layer (TypeScript) — Risk engine, analytics pipeline, validation, session management

2.1 HeliosTreasury

The treasury contract is the financial backbone of the platform. All fees from namespace registration, membership activation, and service charges flow into the treasury. Withdrawals require a 48-hour timelock and are subject to daily caps.

• 48-hour mandatory timelock on all withdrawal requests
• Configurable daily withdrawal cap (default: 100 POL)
• 6 allocation categories: Operations (25%), Reserve (30%), Development (20%), Marketing (10%), Compliance (10%), Emergency (5%)
• Full audit trail with WithdrawalRequested, WithdrawalExecuted, WithdrawalCancelled events
• Admin can cancel pending withdrawals during timelock window

2.2 HeliosNamespaceRegistry

The namespace system provides human-readable identity for all participants. Each namespace maps to an on-chain address and ecosystem type, with full forward and reverse resolution.

• Name validation: 3-32 characters, alphanumeric + hyphens, no consecutive hyphens
• Rate limiting: maximum 5 claims per address per 24-hour period
• Anti-squatting: registration fee forwarded to treasury
• Metadata storage: key-value pairs for profile enrichment
• Operator-reserved namespaces for system identities
• Transfer functionality with full ownership history

2.3 HeliosMembership

Soulbound ERC-721 NFTs represent membership status. Each member receives exactly one NFT that tracks their tier level. Upgrades are permitted; downgrades are blocked at the contract level.

2.4 HeliosGoldToken (hGOLD)

hGOLD is an ERC-20 token where 1 hGOLD represents 0.01 troy ounces of physical gold held in reserve. The contract enforces that total supply never exceeds verified reserve backing.

• Reserve-backed minting: supply cap = verifiedReserveOz * 100
• MINTER_ROLE required for all minting operations
• Daily mint limit (configurable, default: 100,000 hGOLD = 1,000 oz)
• Compliance blacklist: blocked addresses cannot send or receive
• Full audit trail: MintEvent, BurnEvent, ReserveUpdated indexed events
• Reserve ratio publicly queryable: reserveRatio() view function

2.5 HeliosCertificateNFT

Gold certificates are non-fungible tokens representing specific gold holdings with unique serial numbers, weight, purity, and vault location metadata.

• Unique serial number enforcement — no duplicates permitted
• Certificate metadata: serial, weight (milliounces), purity, vault ID, issue date
• Redemption burns the NFT and emits CertificateRedeemed event
• Tracking: totalActiveWeightMilliOz, totalMinted, totalRedeemed counters
• ISSUER_ROLE required for minting; holder can redeem

2.6 HeliosVaultFactory

The vault factory creates and manages multi-signature vault contracts bound to specific namespaces. Each vault supports up to 10 signers with operator-controlled emergency freeze capability.

• Namespace-bound: each vault linked to a .helios identity
• Multi-sig: configurable threshold for transaction approval
• Emergency freeze: operator can freeze vault to halt all operations
• Signer management: add/remove with role-based access control
• Vault enumeration: list all vaults for a given namespace

3.1 Risk Categories & Weights

3.2 Risk Score Tiers

3.3 Circuit Breaker System

An automated circuit breaker halts all platform transactions when triggered. Conditions include gold price moving more than 8% in any one-hour window, or manual activation by operators.

• Automatic trigger: gold price ±8% within 1 hour
• Manual trigger: operators can trip for any reason
• Auto-reset: 30-minute cooldown (configurable)
• Manual override: requires explicit operator reset
• Real-time proximity monitoring: distance-to-trigger displayed on dashboard

3.4 Velocity Controls

Per-member transaction velocity is monitored across three time windows to detect abnormal activity patterns.

3.5 Anomaly Detection

Statistical anomaly detection uses Z-score analysis against historical transaction data. Any value exceeding 3 standard deviations from the member's historical mean is flagged for review.

3.6 Exposure Limits by Tier

4.1 Portfolio Analytics

• Total return, Sharpe ratio, max drawdown, annualized volatility
• Per-asset allocation tracking with 24h change indicators
• Best/worst day identification from historical snapshots
• CAGR calculation for staking positions with lock-period awareness

4.2 Reserve Stress Testing

Monte Carlo simulation models thousands of gold price scenarios using geometric Brownian motion to evaluate the probability of reserve inadequacy under adverse market conditions.

• Configurable simulation count (default: 10,000 scenarios)
• GBM price model with calibrated drift and volatility
• Output: probability of inadequacy, 5th/95th percentiles, worst case
• Stress horizons: 30, 90, 180, 365 day projections

4.3 Correlation Engine

Pearson correlation analysis tracks relationships between gold and other assets (BTC, ETH, POL, DXY, VIX) across 30-day, 90-day, and 1-year windows. Used for portfolio risk diversification scoring.

4.4 Member LTV Prediction

A weighted factor model predicts member lifetime value using six signals: tier level, tenure, transaction frequency, referral network size, portfolio value, and engagement score. Includes tier migration probability estimation.

4.5 Platform Health Score

A composite health metric (0-100) aggregates six component scores: reserve adequacy (25%), liquidity depth (20%), member growth (15%), operational stability (15%), compliance posture (15%), and market conditions (10%). Automated alerts trigger when components fall below thresholds.

4.6 Technical Indicators

• Simple Moving Average (SMA) with configurable period
• Exponential Moving Average (EMA) with smoothing factor
• Dual-EMA crossover trend detection (bullish/bearish/neutral)
• Applied to gold price, hGOLD volume, and platform TVL

5.1 Input Sanitization

• XSS pattern detection and stripping (script tags, event handlers, data URIs, iframes)
• SQL injection pattern detection (UNION SELECT, DROP TABLE, etc.)
• Null byte stripping
• Length enforcement with configurable max
• Namespace name validation: 3-32 chars, alphanumeric + hyphens, reserved word blocking

5.2 Rate Limiting

Token bucket algorithm provides smooth rate limiting per IP, member ID, or endpoint. Default: 30 requests per 60-second window with automatic token refill.

5.3 Security Headers

5.4 Address Validation

• EVM addresses: 0x prefix, 40 hex characters, EIP-55 checksum detection
• Stellar addresses: G prefix, 56 base32 characters
• XRPL addresses: r prefix, base58 encoding, length validation
• Auto-detection: chain type inferred from address format

5.5 Contract Interaction Safety

• Pre-flight gas estimation and boundary checks
• Dangerous method detection (selfdestruct, delegatecall)
• Gas price reasonableness validation (> 500 gwei warning)
• Gas limit ceiling (10M gas warning)
• HMAC request signing for API integrity verification

5.6 Session Security

• Cryptographically secure session token generation (Web Crypto API)
• Browser fingerprinting for session binding (privacy-respecting, non-PII signals)
• Constant-time signature comparison to prevent timing attacks

6.1 Deployment Pipeline

• Compile: Solidity 0.8.24 with optimizer (200 runs + viaIR)
• Deploy: Sequential UUPS proxy deployment for all 6 contracts
• Configure: Post-deployment tier pricing, role grants, namespace reservations
• Verify: Automated PolygonScan source verification
• Manifest: JSON output with all addresses, gas costs, timestamps

6.2 Network Configuration

6.3 Post-Deployment Configuration

• 10-tier membership pricing set on-chain
• OPERATOR_ROLE granted to operations wallet
• MINTER_ROLE and ISSUER_ROLE granted to authorized addresses
• System namespaces reserved (helios, admin, treasury, system, support, platform)
• Treasury allocation categories verified