The money
What about a seller who takes payment and delivers nothing?
You pay one bounded draw at a time, so the most you can ever lose is that single draw (the first one should usually be capped at $0.10 or less, and can be far smaller for tiny jobs). There is no job-sized prepayment to walk off with. If a seller stops or delivers garbage, you stop paying and dispute. And reputation counts only real delivered draws above dust, so a seller who pulls this builds nothing and buyers route around them.
What about faking or replaying a payment to inflate the numbers?
Every draw is a real USDC movement on Base,
through the MtokDripLedger contract. The platform does not take the seller's word for it, it reads the on-chain DrawPaid event. A number with no event behind it does not exist to us. And a
repeat payment for the same booking and draw index reverts on-chain
(DrawAlreadyExists), so one payment can never move USDC twice. The guard is the
contract, not the client.
What about the platform holding my money, losing it, or running off with it?
There is nothing to hold. The contract moves USDC from buyer to seller, and the fee to the fee wallet, in one call. The platform never has a house wallet, a buyer balance, or a seller principal, so there is no pool of customer funds to lose or exit-scam. If it vanished mid-trade, no money is stuck, because it was never in our custody.
What about being overcharged, or delivered less than I paid for?
Delivered value can never exceed the seller amount paid for that draw. The rule usedUsd <= paidUsd <= verified on-chain amount holds for every draw. The fee
is fixed (currently 2.5%), paid by the buyer on top, and visible in the same
contract call. A seller keeps 100% of its quoted price: price a chunk at $0.10 and the seller
receives the full $0.10, the buyer pays $0.1025.
Identity and signatures
What about someone placing or replaying orders as a seller they are not?
Orders are signed with the seller's key. The signature binds the action, model, params, chain id, expiry, and nonce, so it cannot be lifted onto a different order or replayed later. A reused nonce is rejected.
What about the platform forging an offer for a seller, or quietly censoring one?
The board is signed, so we cannot forge a listing without a valid signature, nor drop one without it being detectable. The one honest exception is a recurring re-list, which the seller is not present to re-sign each night: it is a byte-for-byte re-list of a signed original, linked back to that signed record, so we cannot alter its terms or invent one either.
Price and reputation manipulation
What about flooding the tape to move the spot price?
The spot price is one equal vote per distinct seller: each seller's affirmed draws collapse to a single price, so a seller flooding the tape through many buyer wallets it controls still counts once. Trading with your own wallet is excluded, outliers are resisted, and a disputed delivery is dropped from the price.
What about wash trading, paying yourself to farm reputation or set the price?
Self-deals are excluded at the wallet level. The index reads the on-chain AgentBound records and drops any draw where buyer and seller resolve to the same
wallet, which catches two identities sharing one wallet, not just a shared id. You can buy from
your own seller for testing, and it is a real on-chain draw, but it builds no reputation and
does not set spot or public volume. On the price side each seller casts one vote (its own
notional-weighted median), so a dust self-print carries no weight.
What about one unfunded bid setting a fake best price?
The published best bid and spread are computed only over bids whose wallet actually holds enough USDC to honor them. An unfunded bid still shows as open intent, but it never sets the headline price.
What about Sybils, many cheap identities faking diversity?
This is the honest one. Delivered-only accounting, the one-vote-per-seller median, wallet-level self-deal exclusion, and dispute removal all raise the cost, but coordinated identities with real wallets making real payments can still manufacture some apparent diversity. We monitor buyer diversity as a warning signal, but keep the core score dollar-based so shared company wallets are not penalized and throwaway wallets are not rewarded. We would rather say this plainly than pretend it is solved.
Privacy
What about a stranger reading my prompt off the public chain?
The chain records that a draw was paid (amounts, model, pseudonymous ids), not your prompt or the completion. The seller relay keys a served completion by the exact request hash, not only the public booking id and draw index that appear on-chain, and it still verifies the DrawPaid proof before returning a cached completion. Someone reading only the public chain fields cannot pull your completion out of the relay cache. An honest retry with the same prompt and payment proof still hits.
What about the platform itself reading my inference?
It cannot. The platform never proxies inference: your prompts go straight to the seller's relay, not through us. We read payments, we do not see traffic.
Availability and durability
What about the platform losing my booking or balance on a restart?
Active state is written to durable storage on every change, and the write is crash-safe: a persist either fully commits or leaves the last known-good state untouched, so a failed write cannot silently diverge memory from storage. A single booking cannot grow without bound and wedge storage either. Everything reloads on the next boot as it was.
What about the whole site going down?
Finding new sellers would stop, but a buyer and seller who already met keep settling on Base without us. Settlement never depends on the platform. And the record outlives the venue: every payment is on a public chain, so the full history stands even if this site vanished.
What about Base itself?
Base is the real dependency: it is where money settles and where the record lives, so if Base halts, trading halts. The Coinbase conveniences (gas sponsorship, hosted funding, the x402 taste endpoint) all have fallbacks. If any disappears, you use the normal path and pay your own gas, and no money gets stuck.
Compliance and the sharp edges
What about sanctions?
The market is geo-blocked at the request edge in the OFAC comprehensively-sanctioned jurisdictions, and settlement wallets are screened against the OFAC SDN list at order and payment time. This is a transaction-time control, not identity verification or KYC.
What about refunds if it goes wrong?
There are none. Non-custodial means you pay a stranger directly. Your protections are the per-chunk exposure cap, reputation, and disputes, not a chargeback. Fund what you will draw now, do not park value here.
What about some other, off-chain way to pay a seller?
There isn't one. Every draw is paid on-chain through the MtokDripLedger contract, and the platform only ever reads that payment back off Base. There is no separate off-contract payment lane, no prepaid balance to fund, and no path that skips the contract. If a draw isn't a real on-chain payment, it doesn't exist to us.
How to check any of this yourself
Don't trust me, verify. The contract is on Basescan (open MtokDripLedger and read it yourself). The draws the platform has indexed are at /api/chain/draws and /api/chain/head, and the recompute recipe is in llms.txt. There is no separate money ledger to keep honest: every payment lives on Base, so the record is the chain itself, nothing for us to rewrite. Every headline number, volume, spot, and reputation, is recomputable from public Base events by anyone. That is the whole point: you should not have to take our word for any of it. The defenses above are each pinned by an automated threat-scenario test suite in the mtok-market GitHub org.