~$2B volume
POLYMER / The Verifiable RPC Network

Securing the
Onchain Economy.

Every wallet, bridge, and exchange reads the blockchain through someone else's server, and trusts whatever it says. Polymer signs every response inside tamper-proof hardware.

Run a Polymer node Read the whitepaper
01 // PROTOCOL ARCHITECTURE
Hardware
Intel TDX · sealed RAM
Image digest
sha256:7f3c8b…d92c
Boot identity
I_priv_n · ephemeral
Lifetime
RAM-only · vanishes on reboot
TDX ENCLAVE · CHAIN FULL NODE node:0x4a8f2c1b…e92c
CHAIN FULL NODE EL + CL · RPC server canonical answer EIP-712 PolymerResponse typed-data digest SIGNING CORE I_priv_n secp256k1 libsecp256k1 CONST-TIME ATTESTATION Cloud attestation RS256 · per-response KEY BINDING hash(I_pub_n) bound binds identity to image D_image · sha256:7f3c8b2e4f1a · POLYMER · v2.0
Output
PolymerResponse · EIP-712
TEE-secured RPC response · typed-data digest
Signature
σ = ECDSA-secp256k1(I_priv_n, digest)
key generated & sealed inside the enclave · never exfiltrable
Verifies in
any EIP-712 wallet · Solidity ECDSA.recover · verifier-v2
no bespoke library · no protocol-wide setup · no shared key
02 // THE HIDDEN ATTACK SURFACE

You don't read the blockchain. A server does.

Wallets, bridges, exchanges. Every app on chain depends on someone else's server to fetch on-chain data. If that server lies, the lie looks identical to the truth.

CRITICAL kelp.layerzero.node-swap 2026-04-18T11:14:23Z attribution: Lazarus Group (DPRK)
// Forensic · binary diff at T+0
NODE · BEFORE
canonical worker
sha256:
9f2c…e4a8
behavior: honest
SWAPPED
NODE · AFTER
tampered worker
sha256:
71b3…d92c
behavior: selective lie
// SAME NODE → OTHER CLIENTS
eth_getProof → valid Merkle proof
// SAME NODE → LZ VERIFIER
eth_getProof → forged Merkle proof
Drained in a single exploit
$292M
Bridge withdrawal · LayerZero rsETH
116,500 rsETH · ~18% of circulating supply, irreversible on-chain.
// Window
T−5m · DDoS
T+0 · swap
T+19 · forge
T+47 · drain
UTC 2026-04-18 11:14 47 min · 0 alerts
03 // REQUEST FLOW

From RPC call to verified response.

A consumer sends an RPC call. The node answers from inside a hardware enclave, signs the response, and attaches a fresh attestation. The consumer verifies everything against keys pinned on chain.

FIG · 04 Per-request path · consumer to chain full node to registry ━━ data ━━ signed ┄┄ attested
// OFF-CHAIN
CONSUMER
wallet · indexer · bridge · DVN
verifier-v2
eth_getBalance(...) · x402 stablecoin
HOST · OPERATOR-CONTROLLED
TDX ENCLAVE D_image ✓
Chain Full Node · RPC
EL.eth_getBalance() → resultHash · headBlock · finality
SIGNING IDENTITY
I_priv_n
secp256k1 · const-time
RUNTIME ATTESTATION
A_live
Cloud attestation · per-response
root @ host = drop, throttle, isolate · cannot reach inside
σ · A_live · EIP-712 PolymerResponse
// ON-CHAIN
ON-CHAIN
Registry
getNodes(1) · ChainVersionRecord
D_image · governance
// OFF-CHAIN // ON-CHAIN CONSUMER wallet · indexer bridge · DVN verifier-v2 eth_getBalance(...) x402 stablecoin HOST · OPERATOR-CONTROLLED root @ host = drop, throttle, isolate · cannot reach inside TDX ENCLAVE D_image ✓ Chain Full Node · RPC EL.eth_getBalance() → resultHash · headBlock · finality SIGNING IDENTITY I_priv_n secp256k1 · const-time RUNTIME ATTESTATION A_live Cloud attestation · per-response σ · A_live EIP-712 PolymerResponse ON-CHAIN Registry getNodes(1) ChainVersionRecord D_image · governance GOVERNANCE multisig · time-locked register(I_pub_n, attestation) — once at boot getNodes(networkId) → I_pub_n[] verify_response() ecrecover ≡ I_pub_n ✓
04 // TRUST PILLARS

Three pillars. Hardware. Cryptography. Public verifiability.

Hardware locks the node down. Cryptography signs every response. Open source lets anyone audit what's actually running. Three independent checks behind every read.

PILLAR / 01 · HARDWARE
Receives workload binary · enclave memory
TDXSILICON
ENCLAVE
Intel TDX
Silicon root · sealed memory
→ EMITS
image_digest = sha256(measured pages)
signed_by: Intel root CA
Intel's chip seals the node and signs a fingerprint of what's running. Nothing outside the enclave can change it: not the host OS, not the hypervisor, not the cloud admin.
PILLAR / 02 · CRYPTOGRAPHY
Receives image_digest + per-node I_pub_n
SIGKEY-BINDING
+ ECDSA
Per-node identity
Key in silicon · ECDSA secp256k1
→ EMITS
RPC signed by I_priv_n + cloud attestation { image_digest, hash(I_pub_n) }
signed_by: enclave key + cloud key
The enclave generates a fresh signing key that never leaves the hardware. The cloud signs an attestation binding the key to the measured image. Every response is signed by the enclave's key.
PILLAR / 03 · PUBLIC VERIFIABILITY
Receives public source → deterministic D_image
SRCREPRODUCIBLE
BUILD
Reproducible builds
Public source · anyone can audit
→ PROVES
sha256(rebuild) ≡ ChainVersionRecord.D_image
verified_by: independent rebuilders
The node's code is open source and built deterministically. Anyone can rebuild from source and confirm the on-chain image is what the public code compiles to.
→ CONSUMER VERIFIES
Three roots, one check.
σ → I_pub_nA_live.D_image ∈ Registry
VERIFIED
MONOMER LABS 2026
Privacy·Terms