Corex

Corex is a darkpool spot exchange built on Flare Confidential Execution. Instead of putting the matching engine and internal account state directly on chain, Corex routes user actions into a trusted execution environment that can process deposits, maintain balances, privately match orders, and authorize withdrawals while keeping the exchange logic off the public mempool path.

The user experience is split between onchain settlement and TEE execution. Users deposit assets into CorexCustody through CorexInstructionSender, and those deposits are synchronized into the TEE-managed exchange state. Orders can be submitted either through the onchain instruction flow or as direct EIP-712 signed intents sent to the runtime. Once inside the enclave, Corex maintains account balances, tracks open and filled orders, and runs deterministic private matching for the configured market, giving the system a darkpool execution model rather than a fully transparent onchain order book.

Withdrawals are designed around a stricter trust boundary than a normal app backend. The runtime validates the user request, checks balances and nonces, and only then uses the configured TEE signer to authorize the final finalizeWithdraw(...) custody release onchain. On the frontend side, users can inspect markets, balances, orders, and activity through wallet-authorized read routes, so the demo exposes both the confidential execution path and the operator/developer observability needed to understand what the system is doing.

For the hackathon version, Corex is deployed around a single market on Flare Coston2 with a full local stack: contracts, proxy, TEE runtime, smoke tests, and a Next.js trading frontend. The goal is to show a credible pattern for a TEE-backed darkpool where custody remains onchain, price-time matching remains private to the execution environment, and the user still interacts through familiar wallet signing flows.

Corex is built as a multi-part system rather than a single smart contract app. The architecture is split into the following pieces:

• Frontend (frontend/): a Next.js 16 + React 19 interface with wagmi, viem, and Reown AppKit for wallet connection, market views, balances, orders, transfer flows, and direct signed intent submission.
• Smart contracts (corex-tee/contract/): CorexInstructionSender handles user entrypoints and emits TEE instructions through Flare’s registry, while CorexCustody escrows tokens and verifies TEE-authorized withdrawals.
• TEE runtime (corex-tee/go/): a Go-based Corex engine that decodes instructions, maintains in-memory exchange state, runs the private darkpool matcher, exposes read APIs, verifies direct EIP-712 order and withdraw intents, and signs withdrawal authorizations with the configured TEE key.
• Proxy and infra (corex-tee/docker-compose.yaml): ext-proxy, Redis, and the extension container bridge onchain instruction events into the local TEE runtime and expose result polling for contract-backed actions.
• Deployment and verification tooling: Foundry deploy scripts, Go control-plane tools, a one-command Coston2 deploy wrapper, and smoke tests that exercise deposit, order placement, matching, getState, contract-backed withdraw, and direct POST /withdraw-intent.

Some of the most important implementation details are around signatures and boundary enforcement:

• Protected read routes use short-lived EIP-712 wallet signatures, so account data is not exposed as an unauthenticated public API.
• Direct order placement, cancel, and withdraw flows use typed-data signatures tied to the live deployment config, which lets the frontend submit signed intents without forcing every action through the onchain instruction path while still preserving the darkpool execution model inside the TEE.
• Withdrawals are fail-closed around custody. The runtime only advances local state after the onchain finalize transaction succeeds, which keeps the local exchange view aligned with the escrow contract.

Operationally, the demo is meant to be reproducible. The repo includes the contract deploy path, extension registration flow, tunnel-based TEE registration, runtime docs, API docs, and frontend docs so the system can be stood up locally against Flare Coston2 and inspected end to end.