Skip to content
Pact Network / Docs

Settlement authority

The settlement authority is the on-chain pubkey allowed to sign settle_batch. The settler service is the off-chain process that packages and submits batches.

Authority (on-chain)

Section titled “Authority (on-chain)”

In v1, every EndpointConfig points at the same authority pubkey, held by Pact. The program will accept no other signer on settle_batch.

Future: per-endpoint settlement authorities. An upstream operator could run their own settler signed by their key. The program already supports this — we just don’t use it.

Settler service (off-chain)

Section titled “Settler service (off-chain)”

Process in pact-network-prod (GCP, asia-southeast1). Loop:

  1. Pull classified calls from the indexer / internal call log.
  2. Group by EndpointConfig.
  3. Build settle_batch.
  4. Sign with the settler authority.
  5. Submit to mainnet.
  6. Confirm, log batch ID, mark calls settled.

Idempotent on call IDs — re-runs don’t double-pay.

Trust assumptions

Section titled “Trust assumptions”
  • Settler pays refunds only from the CoveragePool. It can’t mint.
  • It can’t pay more than recorded principal + premium on a server_error.
  • It can’t reclassify calls — classification happens at Market; the settler is read-only on that field.
  • It can delay settlement by not running. That’s the v1 centralization risk.

Authority during private beta

Section titled “Authority during private beta”

Upgrade, settler, and pool authority are all held by the protocol team during private beta. Updates land here when long-term governance is finalized; live state on Status.

See also

Section titled “See also”