Skip to main content

Multi-chain trust

Covenant's trust layer is live on Base. $CVNT stays a single Solana mint. What crosses to Base is proof, not value: signed statements about an agent that any EVM contract can check for a fraction of a cent.

The problem: going multi-chain usually means moving the token

Crypto has lost billions to bridge hacks, and almost every one traces to the same decision: a project expands to a new chain by bridging or wrapping its token, and the wrapper becomes the honeypot. The value sits on the bridge, and the bridge is what gets drained.

An agent trust layer does not need to move value across chains. It needs to move facts: who an agent is, what it has done, what it has staked. Facts are signatures. Signatures do not need a bridge.

The design: bridge the trust, not the token

Covenant keeps one canonical identity and one hash-chained audit history authoritative on Solana. Base holds verifiable projections of them, never the source of truth and never the token. An agent's identity, reputation, provenance, and bonds each cross as a signed statement a contract verifies on arrival.

  • Only signed data crosses. Never the token, never a wrapped representation, never custody.
  • Solana stays canonical. Other chains carry projections; the source of truth does not move.
  • Value stays chain-local. Per-call payment is USDC on the chain of the call, never $CVNT.

The keystone: one identity an EVM can check for ~3k gas

Verifying a Solana ed25519 signature on an EVM costs about 2 million gas, enough to make cross-chain verification pointless. So Covenant gives each identity a second key on the secp256k1 curve, which an EVM checks with a plain ecrecover at around 3 thousand gas, and binds it bidirectionally to the canonical ed25519 identity, anchored on Solana.

Every cross-chain artifact is signed by that issuer key. A consumer recovers the signer with one ecrecoverand checks it against Covenant's published issuer address. One agent, one record, provable on both chains, for a fraction of a cent.

Live on Base mainnet

The trust primitives are live on Base mainnet, the agent is registered and discoverable, and one real Covenant record already verifies against Base's own attestation stack. The entire surface went through an internal adversarial security audit and hardening before any of it shipped.

  • ERC-8004 identity. The agent is registered in the ERC-8004 Identity Registry, so EVM tooling discovers a Covenant identity whose record points back to Solana.
  • Issuer identity.Covenant's secp256k1 Base identity, bound to the Solana identity. The key every attestation recovers to.
  • Reputation schema. An EAS schema for non-transferable, audit-derived reputation, bound to a Solana anchor so it cannot be laundered onto a sellable token.
  • Bond verifier. A contract that authenticates a Covenant USDC bond receipt with one ecrecover. No bridge, no light client, no Solana read on the path.
  • Provenance record.A real audit-root attestation that verifies under Base's EAS domain and recovers to the issuer key.

Payments: chain-local USDC, never the token

Covenant already runs x402 paid endpoints on Solana mainnet, returning real USDC payment challenges per call. The same model carries to Base: per-call value is chain-local USDC, signed through an EIP-3009 authorization so an agent needs only USDC, not the gas token and not $CVNT. Base-native paid endpoints are the next step; the payment rail and the token boundary are already settled.

A name that resolves to the identity

opencovenant.eth resolves to the Covenant identity. An ENS lookup of the name on Ethereum returns the same Solana identity the ERC-8004 record points at, so the name, the onchain registration, and the canonical identity all agree. Per-agent names extend it: <agent>.agents.opencovenant.ethresolves to each agent's Solana identity through a CCIP-Read gateway, so any ENS-aware tool can look up a Covenant agent by name. The name is a pointer; the identity stays authoritative on Solana.

The invariant: $CVNT never leaves Solana

$CVNT is one mint, one market. It is never bridged, wrapped, or minted on any other chain, and no per-call fee is ever denominated in it. This is enforced in code, checked on every build. Multi-chain grows the surface that consumes Covenant's trust without ever fragmenting the token or the trust root.

Verify it yourself

Address sheet, Base mainnet (chain 8453):

issuer identity (attestor)   0x186953d5b4A290f8f53b8377cb38EDA75D664211
bond receipt verifier        0xBee387DD4A2fF215d6f997E5DA464C92285BCb6e
reputation schema UID (EAS)  0x84738ec346cd136dddd5b09e8df18a3c5cfb2603aaf5a68758c0149aa406cc39
EAS registry / predeploy     0x4200...0020 (schemas) . 0x4200...0021 (attestations)
relayer (no authority)       0x5fA1d0C0bfFE257a20027C523093F941834f5D66
$CVNT mint (Solana only)     2mNVZ6aEjrGwiUVCfz7XGWpiXuWzgBDoznwE579upump
  • The bond verifier trusts the issuer. TRUSTED_ATTESTOR() reads back the issuer address, and USDC()reads back Base's native Circle USDC. Anyone with an RPC can call them.
  • The reputation schema is registered. getSchema(uid) on the EAS registry returns the Covenant schema.
  • The provenance record recovers to the issuer. Recompute the EAS digest and run ecrecover; it returns the issuer address, not ours to assert.
  • The relayer holds no trust. It pays gas and submits transactions. It signs no attestation, so compromising it forges nothing. The trust key never sends a transaction.
  • $CVNT is not on Base. There is no such token to find, by construction.

What comes next

  • Base x402 endpoints. Base-native paid endpoints over the EIP-3009 rail already built.
  • Cross-chain enforcement. Bonds slashable on Solana from an EVM-proven event, with an objective fault definition and a challenge window.
  • More L2s. OP-Stack EAS predeploys make each new L2 nearly free. Base is first.

Not trust by claim. Trust checked against the key. The token and its market stay whole on Solana; the proof travels everywhere else.