Page cover

Emergency Backup Protocol (EBP)

Technical Specification

Overview

The Emergency Backup Protocol (EBP) provides automated failover functionality from Solana to BNB Chain during network disruptions or Token-2022 program failures. The protocol operates under pre-approved DAO authorization, enabling rapid emergency response while maintaining community oversight and asset security through a timelock commitment mechanism.

System Architecture

The EBP consists of three core components: pre-approved governance framework, network monitoring with multi-signature execution, and secure time-lock state management.

1. Pre-Approved Governance Framework

DAO Pre-Authorization

The DAO pre-approves the Emergency Backup Protocol during normal network conditions:

  • Community votes to authorize the multi-signature committee to execute emergency failover

  • Authorization includes specific parameters: trigger conditions, committee composition, and operational procedures

  • DAO retains the right to revoke authorization at any time through standard governance voting

  • No real-time DAO voting required during actual emergencies

Multi-Signature Emergency Committee

Pre-authorized committee of 3-5 trusted community members with emergency execution powers:

  • Committee can immediately activate EBP when trigger conditions are met

  • Members are appointed through DAO governance and subject to regular review

  • Committee actions are transparent and logged on-chain for community oversight

  • Emergency powers are limited to EBP activation only - no other protocol controls

Accountability and Oversight

  • All committee actions are publicly recorded and auditable

  • DAO can review committee decisions post-emergency and adjust authorization

  • Committee members can be replaced through standard governance if needed

  • Built-in checks prevent abuse while enabling rapid emergency response

2. Network Monitoring & Emergency Execution

Distributed RPC Monitoring Architecture

The EBP employs a geographically distributed monitoring system to eliminate false positives from local connectivity issues:

Geographic Distribution

  • 3-5 independent monitoring services deployed across different global regions (US East, US West, Europe, Asia, South America)

  • Each service operates independently with no shared infrastructure or dependencies

  • Regional diversity ensures local network issues cannot trigger false emergencies

RPC Endpoint Coverage

  • Each monitoring service tracks 5-10 public Solana RPC endpoints

  • Endpoints include major providers and geographically diverse nodes

  • 60-second polling interval for real-time status tracking

Majority Consensus Requirement

  • Emergency trigger requires majority agreement (≥3 out of 5 monitoring services)

  • Each service must independently confirm all monitored RPC endpoints are unresponsive

  • 72-hour consecutive downtime must be confirmed by the majority before committee notification

False Positive Prevention

  • Local connectivity issues affect only 1-2 monitoring services → No trigger

  • Regional internet outages cannot reach majority threshold → No trigger

  • True Solana network failures affect all regions → Legitimate trigger activation

This distributed approach provides mathematical certainty that triggers represent genuine Solana network failures rather than localized connectivity problems.

Automated Network Status Tracking

The distributed monitoring services continuously track Solana RPC node availability across multiple endpoints and geographic regions. Alert systems aggregate consensus data and notify the multi-signature committee when the majority threshold confirms 72+ hours of consecutive RPC unresponsiveness.

Emergency Trigger Conditions

Single objective criterion for EBP activation:

Majority consensus (≥3 out of 5) of geographically distributed monitoring services confirming Solana RPC nodes unresponsive for 72+ consecutive hours

This simplified trigger eliminates subjective metrics and provides mathematical certainty against false positives from local connectivity issues.

Rapid Committee Response

Upon detecting that majority consensus confirms RPC nodes have been unresponsive for 72+ consecutive hours, the multi-signature committee can immediately initiate the emergency protocol without waiting for DAO voting, leveraging pre-approved authorization.

3. State Management & Time-Lock Security

Regular State Snapshots

State-tracking contract on Solana automatically creates comprehensive checkpoints every 24 hours during normal operations, capturing RUCCO license balances and pending utility fee distributions.

Snapshot Validity Determination

Snapshot validity is determined through Solana's native block finality mechanism:

  • Valid snapshots correspond to the state at the last finalized block on Solana

  • If a block is finalized by the Solana network consensus, the corresponding snapshot is automatically considered valid

  • No additional validation logic or external validators required

  • This approach leverages Solana's existing security guarantees

Time-Lock Commitment Security

The EBP employs a mandatory time-lock as the sole security mechanism with final commitment:

Hash Commitment Phase

  • Multi-signature committee publishes the cryptographic hash of the latest 24-hour checkpoint on-chain

  • Only the hash is revealed, not the actual state data

  • Solana tokenized licenses are immediately locked upon hash commitment

  • Commitment is final and irreversible - the process will proceed regardless of subsequent Solana network status

Mandatory 48-Hour Freeze Period

  • Fixed waiting period during which no state transfer occurs

  • All RUCCO operations remain frozen on both chains

  • This temporal isolation provides mathematical security against manipulation attacks

  • No cancellation mechanism - even if Solana recovers during this period, the 48-hour freeze continues to completion

Reveal and Transfer Activation

  • After the freeze period, snapshot data is revealed and verified against the committed hash

  • Upon successful verification, equivalent RUCCO tokenized licenses are minted on BNB Chain

  • Original Solana tokenized licenses remain locked until network restoration

Design Philosophy - Commitment Finality

  • Maximum Simplicity: Zero additional logic for cancellation or early termination of the freeze period

  • Total Predictability: All participants know exactly what to expect once commitment is published

  • No Edge Cases: Eliminates ambiguous scenarios and potential governance conflicts during the 48-hour freeze

  • Security First: Time-lock maintains its full security function without compromise

  • Acceptable Trade-off: If Solana recovers during the freeze period, users wait the full 48 hours anyway - suboptimal but rare, and far better than risking asset loss through complex cancellation mechanisms

  • Separation of Concerns: The irreversible 48-hour freeze is completely independent from the flexible restoration process, which remains under DAO governance control

Balance and Asset Preservation

All tokenized license balances and pending utility fees maintain exact 1:1 mapping between chains through the time-lock mechanism.

4. Backup Operations & License Continuity

BNB Chain Operations

After the 48-hour security period, RUCCO license holders can resume all transactions and governance operations on BNB Chain with identical balances and rights.

1:1 Tokenized License Backing

  • RUCCO licenses are locked on Solana upon hash commitment

  • Equivalent amounts are minted on BNB Chain after time-lock verification using standard BEP-20 token contract

  • No external bridges or cross-chain protocols required

  • Simple burn-and-unlock mechanism for Solana restoration

Fee Architecture Activation (Optional)

Initial BNB Chain operations utilize standard BEP-20 token without fee withholding, ensuring immediate operational continuity without complex infrastructure dependencies.

Extended Outage Fee Mechanism: In cases of extended Solana unavailability (>30 days) or DAO-determined necessity, the community may vote to activate the pre-designed fee withholding mechanism:

  • DAO governance vote required (>66% approval)

  • Deployment of custom BEP-20 contract with 6.9% utility fee logic

  • Migration from standard BEP-20 to fee-enabled version

  • Identical functionality to Token-2022 implementation

  • Reversible upon Solana restoration

Ambassador Fee Mechanism

  • During normal operations: 0.9% ambassador fee operates through DAO governance

  • During EBP: ambassador fees frozen and accumulated during the backup period

  • Upon Solana restoration: accumulated ambassador fees executed in batch burn operation

  • After 24 months: unassigned ambassador allocations transition to burn mechanism

Operational Workflow

  1. Pre-Authorization: DAO votes to authorize multi-signature committee and EBP parameters

  2. Continuous Monitoring: Distributed monitoring services track Solana RPC availability across multiple geographic regions

  3. Extended RPC Downtime: Majority consensus confirms RPC nodes unresponsive for 72+ consecutive hours

  4. Emergency Detection: Consensus threshold confirmed, committee notified

  5. Immediate Activation: Multi-signature committee initiates hash commitment using pre-approved authority (latest 24-hour checkpoint)

  6. Hash Commitment: Latest checkpoint hash published, Solana tokenized licenses locked

  7. 48-Hour Freeze: Mandatory security waiting period

  8. Verification & Transfer: Snapshot verified, BNB Chain tokenized licenses activated

  9. Backup Operations: Full RUCCO functionality on BNB Chain with standard BEP-20 token

  10. Solana Restoration: DAO votes for return when network stability restored

  11. Asset Return: BNB tokenized licenses burned, Solana tokenized licenses unlocked, ambassador utility fees processed

System Benefits

Reliability & Safety

  • High Reliability Threshold: 72-hour trigger period ensures activation only for severe, sustained network failures

  • False Positive Prevention: Distributed monitoring with majority consensus eliminates local connectivity issues from triggering emergency protocols

  • Predictable Data Loss: Maximum 24-hour rollback provides clear expectations for emergency scenarios

Simplicity & Security

  • Implementation Simplicity: Single trigger condition and security mechanism reduce complexity dramatically

  • Automated Checkpoint System: Daily checkpoints eliminate complex validation logic and reduce potential attack vectors

  • Mathematical Security: 48-hour time-lock provides cryptographic certainty against attacks

  • No Cancellation Policy: Once hash commitment is published, the 48-hour freeze period continues to completion regardless of Solana network recovery

Governance & Process

  • Democratic Oversight: DAO maintains ultimate control through pre-authorization and post-emergency review

  • Predictable Process: Fixed timeline and clear procedures provide certainty for all participants

  • Accountability: All actions logged and reviewable by the community

Independence

  • No External Dependencies: Zero reliance on cross-chain bridges or external validation services

Technical Implementation

Governance Smart Contracts

  • Simple authorization contract storing DAO approval status and committee addresses

  • Multi-signature wallet with time-lock capabilities

  • Revocation mechanism for DAO to withdraw authorization

State Management Requirements

  • Automated 24-hour checkpoint creation during normal operations

  • Simple checkpoint storage and retrieval system

  • Straightforward tokenized license locking and minting contracts

  • No complex validation or verification logic required

Security Considerations

  • Pre-authorization eliminates real-time governance attack vectors

  • 48-hour freeze period prevents all manipulation attempts with no exceptions

  • Commitment finality ensures zero cancellation complexity or governance conflicts during emergencies

  • Committee accountability through transparent on-chain logging

  • DAO oversight through authorization review and revocation powers

Development Advantages

  • Simplified governance logic reduces smart contract complexity

  • No real-time voting mechanisms required during emergencies

  • Straightforward testing and auditing process

  • Minimal external dependencies

Conclusion

The EBP provides robust emergency failover through a pre-approved governance model that balances systematic response capabilities with democratic oversight. By separating the irreversible 48-hour security freeze from flexible restoration governance, and securing transfers through time-lock commitment, the protocol achieves maximum effectiveness while maintaining community control and mathematical security guarantees. The two-phase approach ensures emergency activation is deterministic and secure, while restoration decisions remain under democratic control.

PreviousProof of FeasibilityNextFee Architecture Activation for Extended Outages

Last updated