Research
The thinking behind every Rates Engine choice — architecture decisions, integration audits, methodology notes. All of this lives in the public repo; the curated highlights are below, and the topics index points you at the full archive.
Featured
ADR-0003: i128 / u128 never truncates to int64
Token amounts and reserves on Soroban are i128. Parsing them as int64 silently corrupts every value above 2^63. The full chain — big.Int in Go, NUMERIC in postgres, strings on the wire — is the only way that doesn't introduce silent bugs.
Read on GitHub
ADR-0015: Closed-bucket-only API contract
Every region serves the same rate at the same wall-clock time, even though they ingest independently. Achieved by only ever serving CLOSED buckets — the in-progress bucket is invisible until the next minute boundary.
Read on GitHub
ADR-0019: Multi-factor confidence + freeze
A single-source price is reported, but flagged. Outlier storms, source dropouts, and divergence vs other oracles drive the confidence score; severe-enough events trigger a freeze that halts price serving for the affected pair.
Read on GitHub
Soroswap pair registry — why it's persisted in postgres
SwapEvent carries token amounts but not which (token_0, token_1) the pair holds. We need the registry to resolve. Without persistence, every restart and parallel backfill chunk had to rebuild it from scratch — losing trades along the way.
Read on GitHub
CAP-67 unified events — Protocol 23's "every transfer is one event"
Post-Whisk (mainnet 2025-09-03), every classic-asset movement emits a unified transfer/mint/burn event with a 4th sep0011_asset topic. Pre-P23 we still parse operations + effects. Decoder switches based on topic shape.
Read on GitHub
Reflector's missing methods — twap() and x_*() do not exist
The proposal claimed Reflector exposes on-chain TWAP and cross-pair methods. They don't exist on any of the three Reflector contracts (DEX/CEX/FX). We compute TWAP and cross-pair locally.
Read on GitHub
Browse by topic
Architecture decisions
25 ADRs covering ingest pipeline, storage choices, latency budget, validator topology, freeze semantics, and more.
Discovery audits
Per-DEX, per-oracle audit notes verifying event schemas and decoder correctness against upstream Rust source.
Operations runbooks
Per-alert runbooks, archival-node bringup, disaster-recovery triage, SEV playbook, release process.
Architecture narratives
Long-form designs for ingest pipeline, aggregation policy, supply pipeline, contract-schema evolution, showcase site data inventory.
Why we publish all of this
Stellar already has Horizon. The reason a second pricing stack adds value is methodology — what gets included in the VWAP, how we handle cross-pair triangulation, what triggers a freeze, how we audit a Soroban contract before flipping BackfillSafe. None of that is useful behind a closed door. Every choice is in the repo, every audit is in the repo, and every disagreement has an ADR with a "Why this not the alternative" section.