Security

Makechain's security model is fail-closed and address-native. Identity is immutable, authorization is explicit per message family, and removed message families are rejected at every stage.

Fail-closed identity

owner_address is immutable protocol identity. State attached to one address cannot be retargeted to another by protocol message.

Message authorization

Ordinary messages require a delegated Ed25519 key with sufficient scope.

SIGNER_ADD and SIGNER_REMOVE are special-cased and derive authority from custody proofs.

STORAGE_CLAIM still requires finalized settlement verification, but first successful application does not require delegated-key authorization. Duplicate replay remains settlement-first and marker-idempotent.

Replay protection

keychain and signer management (KEYCHAIN_AUTHORIZE, KEYCHAIN_REVOKE, SIGNER_ADD, SIGNER_REMOVE) use custody_nonce
ref updates and deletes use per-ref nonces
message hashes remain content-addressed BLAKE3 digests over canonical protobuf encoding

Removed ingress classes

Makechain removes relay-era attack and ambiguity surface by rejecting:

KEY_ADD
OWNERSHIP_TRANSFER
STORAGE_RENT
RELAY_SIGNER_ADD
RELAY_SIGNER_REMOVE

Validators do not inject Tempo events into blocks.

Security

Fail-closed identity#

Message authorization#

Replay protection#

Removed ingress classes#

Fail-closed identity

Message authorization

Replay protection

Removed ingress classes