Architecture & Tech Stack

Looty's architecture is a hybrid model that combines the speed, flexibility, and scalability of Google Cloud (Web2) with the decentralized security and transparency of EVM blockchains (Web3). We are not writing our own complex L2 or protocol. We use best-in-class, audited components (Firebase and Gnosis Safe) and combine them into a single, fault-tolerant system.

1. Backend: The "Brain" of Operations (Google Cloud) All our business logic, user sessions, and AI arbitration run on serverless Google Cloud infrastructure, secured by YubiKey hardware keys.

  • Cloud Functions for Firebase: These are our "workhorses." Every action (creating an order, uploading a receipt, running an AI check, requesting a withdrawal) is a separate, isolated cloud function.

  • Firestore (Database): We use Firestore (NoSQL) to store all "off-chain" data: user profiles, their fiat requisites (in an encrypted subcollection), trade histories, and chats.

  • Firebase Authentication: Manages user authentication via their EVM wallets (EVM login).

  • Vertex AI (Gemini 2.5 Flash): Our "AI Guardian." We use a fine-tuned Gemini 2.5 Flash model for all arbitration tasks, receipt verification, and proactive chat monitoring.

  • Secrets Manager: Critical keys (e.g., signer keys for Gnosis Safe) are stored in the secure Google Secrets Manager.

2. On-chain: The "Safe" with Deposits (Base EVM) We do not store user funds in a centralized database. All security deposits are held on-chain on Base (or other EVM networks) in audited smart contracts.

  • Deposit Treasury (Gnosis Safe): This is the main Gnosis Safe where users make their "Deposit-to-Trade" deposits. It serves as our primary "vault."

  • Insurance Fund (Second Gnosis Safe): This is a second, separate Gnosis Safe that holds funds received from the 2% commissions and the "slashing" of scammers. It is used exclusively for paying out compensations.

3. Gnosis Safe Security Architecture ("The Gold Standard") This is the core of our on-chain security. We use a 3-of-3 multisig Gnosis Safe, but with a unique implementation:

  • Fully Automated Signers: All 3 signer keys for the Gnosis Safe are automated Cloud Functions.

    1. Function 1 (Request): Checks basic user rights (e.g., "requested amount <= deposit balance").

    2. Function 2 (AI Verdict): Checks that the user has no active disputes or "red flags" from the AI.

    3. Function 3 (Final Signature): Verifies the verdicts of the first two functions and the 7-day hold, after which it signs the transaction.

  • Why is this secure?

    • No "Human" Key: There is no "admin" who can steal the funds.

    • No Single Point of Failure: Hacking one function achieves nothing. An attacker would need to breach the entire Google Cloud ecosystem, secured by YubiKey, to access all three keys simultaneously.

    • A Conscious Choice: We consciously trust the Google Cloud ecosystem as a single point of control, rather than introducing external "human" keys that carry other risks (loss, theft, coercion).

4. Technology Stack (Briefly)

  • Frontend: React (on Vite), PWA (Service Worker)

  • Backend: Firebase (Auth, Firestore, Cloud Functions, Secrets Manager)

  • AI: Google Vertex AI (Gemini 2.5 Flash)

  • Blockchain: Base, Ethereum, Polygon, BNB Chain (and other EVM networks)

  • Infrastructure: Gnosis Safe (Safe)

  • Key SDKs: Ethers.js, @web3-react, Firebase SDK

  • Compliance: Sumsub SDK (for KYC/AML)

PreviousCompliance & TrustNextEconomic Model & Future

Last updated