Trust & Safety
A product that handles inference keys and payments has to be verifiable, not just trusted. This page gathers the proofs, the limits, and who is responsible — in one place.
“Don't trust, verify.”
Project status
Carpe Diem is deployed and live on Base mainnet, and is currently in an experimental beta ahead of its public launch. Treat it as such: use small limits, and do not connect critical keys. What is testnet, mainnet, and beta is stated explicitly rather than blurred.
Who is behind Carpe Diem
Carpe Diem is a project of Lumen Labs, a Swiss non-profit association (art. 60 ff. of the Swiss Civil Code) based in Geneva. The association is the legal entity responsible for the protocol — not an anonymous team. Detailed team and governance communication will follow.
We identify the responsible legal entity and jurisdiction. Internal documents (e.g. the association's statutes) are not published, which is standard practice.
Your funds — non-custodial by design
Carpe Diem does not hold your funds. You keep your own wallet. When you buy credits, you purchase a service (AI inference): the escrow records non-refundable credits, it is not a deposit account managed on your behalf. There is no custody of user money — which keeps the protocol outside heavier financial-intermediary regimes.
- You control your wallet and your spending.
- The escrow contract holds purchased credits on-chain.
- Providers earn DIEM, withdrawable to their own wallet.
- Venice serves the inference; Phala secures the keys.
On-chain contracts (Base mainnet)
All official addresses in one place — beware of look-alikes. The escrow source is verified and reproducible from the repository: Sourcify reports a full bytecode match against the deployed contract.
0x15917768b31CB1DC61d9d858f2419BF45044005d0x53344b3b0a89CaeACD9D0B50bf5B1D21C4A1e9b40x833589fCD6eDb6E08f4c7C32D4f71b54bdA029130xF4d97F2da56e8c3098f3a8D538DB630A2606a024Contract governance & upgradeability
The escrow is upgradeable (UUPS) so security fixes can ship without migrating user balances. Upgrade and admin rights are being migrated from the deploying account to a Gnosis Safe multisig governed by a Timelock with a public delay. Once in place, no single party can change the contracts instantly — every change passes through a multi-signature approval and an announced, on-chain waiting period.
On-chain roles (admin, operator, guardian) are readable directly from the contract on BaseScan.
Key protection & TEE attestation
Provider keys are sealed inside a hardware Trusted Execution Environment (Intel TDX on Phala Cloud). They are never written to disk, never logged, and cannot be extracted from the enclave — not by the host, not by the Carpe Diem team. The running enclave is cryptographically attested against a published image digest, so anyone can verify what code is actually running.
Verify the live attestationAudit status
To date, the protocol has undergone an internal security review (AudiBot, Lumen Labs — May 2026). An independent external audit is planned, funded by accumulated protocol revenue. There is no external audit report yet — so we do not present the protocol as “externally audited.” The public report (scope, commit, findings, remediations) will be published when that audit is complete.
Provider key safety
- Use an inference-only Venice key — never an admin key.
- Scope it with a consumption limit and an expiry; this stays entirely under your control.
- Choose RAM-only (re-provision after reboot) or encrypted-at-rest persistence.
- Revoke anytime — from the provider page (removed from the TEE immediately) or from Venice.
Known risks — read before using
For providers
- Your Venice capacity is consumed by buyers; start with low limits.
- DIEM earnings are variable and depend on demand.
- Venice may change its own rules, pricing or models.
For buyers
- Availability and latency depend on live provider capacity.
- Credits are non-refundable; buy what you expect to use.
- Beta software with no SLA yet — not for mission-critical workloads.
Report a vulnerability
Found a security issue? We welcome responsible disclosure. Please report privately first and give us reasonable time to remediate. A public bug-bounty program is planned.
security@carpe-diem.xyzEntity: Lumen Labs (Swiss association) • Infrastructure: Phala Cloud (Intel TDX) • Frontend: Vercel • Inference: Venice AI
Internal security audit (AudiBot, Lumen Labs) — May 2026 • Independent external audit planned