Security

Trust an open network of strangers' GPUs

Anyone can run a node, so the protocol assumes nodes may lie. Four independent checks catch bad output, a reputation score compounds the signal, and stake gets slashed when fraud is proven on-chain — honesty is simply the cheaper strategy.

Four layers of verification

A · Statistical re-runs

~5% of jobs are re-run on oracle-controlled nodes and compared by embedding cosine similarity (not hashes — floating-point makes exact matches impossible). Below 0.70 flags an anomaly and opens a dispute.

B · Format & length

100% of jobs get cheap deterministic checks — non-null, correct format, token count in range, no repeated-token loops. Violations penalize reputation instantly, no dispute needed.

C · Economic stake

Every node posts ≥100 $QAIS as slashable collateral. A node earning cents per job won't risk thousands in stake to cheat — the math favors honesty.

D · Requester feedback

Requesters submit a satisfaction signal, weighted by their own reputation. A soft input only — it nudges the score but can never trigger a slash on its own.

Before each job, a node publishes a signed commitment to hash(model_id · weights_hash · backend · node_id) — proving which model ran without revealing the output.

Reputation — five weighted dimensions

One score in [0, 1], a weighted blend of five signals. Accuracy uses a single exponential moving average, so a node earns trust gradually and loses it fast — anomalies and lost disputes decay the score 10–20× quicker than a normal pass.

Accuracy40%

EMA of verified job outcomes (sampled re-runs)

Uptime25%

Availability over a 30-day rolling window

Latency15%

P95 response time vs the network median

Longevity10%

Active days, saturating at one year

Stake10%

Staked $QAIS, saturating at 10,000

New nodes start at 0.70 after a 30-job onboarding and must clear 30 verified jobs before the score can trigger an automatic slash. Snapshots commit on-chain every 24 hours.

Slashing

Proven bad behaviour burns stake. The penalty scales with severity and doubles for repeat offenders.

Violation	Stake slashed
Job abandonment (accepted, then dropped)	1%
Verified result failure (first offense)	5%
Verified result failure (repeat — doubles)	10%+
Downtime SLA breach (>5% in a month)	2%
Dispute loss (minor)	10%
Dispute loss (major fraud)	50%
Sybil collusion detected	100% + ban

50% — burned

Slashed stake is partly destroyed, deepening the deflationary pressure.

30% — challenger

The party who raised a winning dispute is rewarded from the slash.

20% — treasury

The remainder funds protocol operations.

Disputes — commit-reveal arbitration

Contested jobs go to a randomly selected panel. Votes are committed as hashes, then revealed together — no arbitrator can copy another's vote, killing herd bias.

File. A requester, the oracle, or any staker raises a dispute with a 50 $QAIS bond (refunded on a win, burned on a loss).
Commit (48h). Five arbitrators — high-reputation nodes and long-term stakers — each submit hash(vote · salt). No one sees another's choice.
Reveal (24h). Everyone reveals vote + salt simultaneously; a preliminary outcome is set by supermajority.
Verify & reward. Where feasible, the oracle re-runs the job to confirm the truth. Arbitrators are paid for being correct — not for siding with the majority — so voting against a wrong crowd pays the most.

On-chain contracts

Five core contracts (plus two supporting), OpenZeppelin-based, behind a transparent proxy with a multisig admin and a timelock on upgrades. Live on Arbitrum Sepolia:

Contract	Responsibility	Address
QUAISToken	ERC-20 with burn(); fixed 1B supply, no mint after genesis.	0x5532663d…b25531
NodeRegistry	Stake, tiers, reputation storage, suspension/deactivation.	0xe9674474…34e99a
JobEscrow	Per-job fund locking, verified release, refunds, job records.	0x9a8be9ad…303267
DisputeResolution	Commit-reveal arbitration, arbitrator rewards, slash execution.	0x546b548b…8d8013
ProtocolTreasury	Fee accrual, burn execution, staker + operations allocation.	0x83acf7b9…903fa2
CreditAccount support	Pre-funded deposits + EIP-712 capped batch settlement.	0xc148e3d3…4c8191
StakingRewards support	Distributes the 20% staker share of protocol fees.	0x8fa6ec11…6b648f

Settlement can't over-charge you

Requesters pre-fund a credit account, then sign one EIP-712 spending cap off-chain. The gateway batches thousands of jobs into a single settlement transaction, but can only ever settle at the prices in your signed job specs — and never beyond the cap. Worst case, a compromised gateway settles agreed work; your principal is never at risk, and you can revoke in one transaction.

Figures reflect the protocol design in the token economics spec; parameters are governance-adjustable and the network is currently testnet only.