// LimitOrderBook — Phase D of silent-iron-keystone v4. // // Sealed-bid limit orders with commit-reveal. Order plaintext stays // encrypted in `dark_orders` (operator-held, never on chain). Contract // holds: // - commitment hash to the order ciphertext // - reveal block (committed inside the commitment, also stored) // - cancellation flag // - per-fill nullifier // // Match logic stays off-chain (sealed-bid is invariant #11 — the // only swap ingress). DSOL's role is binding + replay protection. dark contract LimitOrderBook { public mapping(bytes => bytes) orderCommit; // order_id → commitment public mapping(bytes => uint64) orderRevealBlk; // order_id → reveal block public mapping(bytes => bool) orderCancelled; public mapping(bytes => bool) filledNullifiers; @direct entry submit(bytes order_id, bytes commitment, uint64 reveal_block) { require(orderRevealBlk[order_id] == 0, "ORDER_DUPLICATE"); require(reveal_block > block.number + 1, "ORDER_REVEAL_TOO_SOON"); require(reveal_block < block.number + 1000, "ORDER_REVEAL_TOO_LATE"); orderCommit[order_id] = commitment; orderRevealBlk[order_id] = reveal_block; orderCancelled[order_id] = false; } @direct entry cancel(bytes order_id) { require(orderRevealBlk[order_id] != 0, "ORDER_UNKNOWN"); require(block.number < orderRevealBlk[order_id], "ORDER_PAST_REVEAL"); require(!orderCancelled[order_id], "ORDER_ALREADY_CANCELLED"); orderCancelled[order_id] = true; } // Operator-recorded fill. Caller proves the opening matches the // stored commitment; contract enforces nullifier freshness. @direct entry record_fill(bytes order_id, bytes nullifier, uint64 fill_amount) { require(orderRevealBlk[order_id] != 0, "FILL_UNKNOWN"); require(!orderCancelled[order_id], "FILL_CANCELLED"); require(block.number >= orderRevealBlk[order_id], "FILL_BEFORE_REVEAL"); require(!filledNullifiers[nullifier], "FILL_REPLAY"); require(fill_amount > 0, "FILL_ZERO_AMOUNT"); filledNullifiers[nullifier] = true; syscall(TOKEN_TRANSFER_EMIT_V1, ctx.txHash); } }