Skip to main content

Why Notional?

No front-running

Orders stay private until execution in hardware-encrypted memory.

Full transparency

All trades are recorded on an immutable blockchain and can be independently verified.

Sub-30ms execution

Supports <30ms added latency over direct Hyperliquid access.

Finality

Optimistic updates provide instant feedback while blockchain settlement preserves security.

How It Works

Notional runs inside a Trusted Execution Environment (TEE) - hardware that encrypts all memory and computation. Think of it as a black box that:
  1. Executes trades at exchange-level speeds
  2. Keeps your orders private until execution (no front-running)
  3. Proves it’s running legitimate code via cryptographic attestation
  4. Cannot be tampered with by the host, cloud provider, or even Notional operators
Every action (deposits, orders, fills, liquidations, withdrawals) is recorded as an immutable transaction on Notional’s Layer 2 blockchain. This creates a complete audit trail that anyone can verify.

Security Model

Trusted Execution Environment (TEE)

A TEE is a secure area of a processor that provides:
  • Hardware-encrypted memory - CPU encrypts RAM contents, host cannot read
  • Isolated execution - Cloud provider (Azure) cannot inspect or modify the TEE
  • Remote attestation - Cryptographic proof the system is running unmodified code
  • Secure key management - Trading keys released only to verified TEEs
Notional uses AMD SEV-SNP (Secure Encrypted Virtualization) on Azure Confidential VMs. The host cannot read VM memory, inject code, or modify execution.
Why This Matters for Traders:
  • Orders remain private until execution (encrypted memory)
  • No front-running by operators or infrastructure
  • Provably running correct code (attestation)
  • Higher capital efficiency with borrowed margin

Speed vs Security Tradeoff

Notional uses a dual finality model that balances instant feedback with blockchain security: Optimistic Layer (Instant):
  • Unconfirmed fills applied immediately for <30ms responsiveness
  • Updates positions and PnL in real-time
  • Never affects withdrawable balances - can’t withdraw based on unconfirmed fills
  • Reconciled against blockchain within ~1 second
Finalized Layer (Secure):
  • All Hyperliquid events (fills, deposits, withdrawals) confirmed on-chain
  • Withdrawals only use blockchain-confirmed balances
  • Internal operations (borrows, liquidations) finalize on commit
This dual-layer approach gives you exchange-like UX with blockchain-grade security.

Transparency & Verification

Immutable Event Log: Every state change is recorded with:
  • Global sequence number (total ordering)
  • Timestamp and event type
  • Full event payload
  • Hash chain linking to previous events
Anyone Can Verify:
  1. Download the transaction log
  2. Replay all events from genesis
  3. Verify the reported state matches your computation
  4. Check TEE attestation to confirm hardware security
Crash Recovery: If the system crashes, it automatically recovers by replaying the transaction log from the last checkpoint. Zero data loss, no manual intervention required.
For a deeper technical dive, see Risks for threat model analysis and security boundaries.