# Web3 / Institutional Tokenization Glossary

Canonical language for this workspace. Aimed at the architecture of regulated, tokenized-asset
infrastructure (Marketnode context). Terms are promoted here only once demonstrably understood.

## Terms

### Foundations

**Blockchain**:
A shared, append-only ledger whose state is agreed by mutually distrusting parties, with no single
party able to rewrite history. The reason to use one is the absence of a trusted central operator.
_Avoid_: "distributed database", "the crypto"

**Immutability**:
The guarantee that a confirmed transaction cannot be altered or deleted after the fact. Protects data
_after_ it is written — says nothing about its truth _when_ written. Cuts both ways: deployed bugs are permanent too.
_Avoid_: "permanent", "can't be hacked"

**Oracle**:
Any mechanism that writes off-chain data (prices, events, identities) onto a blockchain so contracts
can act on it. A reintroduced trust assumption.
_Avoid_: "data feed", "API"

**Oracle problem**:
The blockchain's trust guarantees do not extend to oracle-supplied data: the chain proves a value was
not altered after writing, never that it was true at write time. See [[oracles-and-the-oracle-problem]].
_Avoid_: "bad data bug"

### Accounts & execution

**EOA (Externally Owned Account)**:
An account controlled by a private key (a human/wallet). The only kind of account that can _initiate_
a transaction. Has a balance, no code.
_Avoid_: "wallet" (a wallet manages keys; the EOA is the account)

**Contract account**:
An account controlled by its own code, not a private key, living at an address with persistent storage.
Passive — it only runs when called by an EOA or another contract; it cannot act on its own.
_Avoid_: "the program", "the server"

**Gas**:
The unit metering the computational cost of an EVM operation, paid in ETH. Storage writes are
expensive; reads via `view` functions are free. The reason architects push data off-chain.
_Avoid_: "transaction fee", "gas money"

**Revert**:
The atomic rollback of all state changes in a transaction when it fails (out of gas or a failed
`require`). Gas spent is not refunded. The mechanism ERC-3643 uses to enforce compliance.
_Avoid_: "error", "rollback"

### Tokens & permissioned standards

**ERC-20**:
The standard _interface_ (not code) for a fungible token: `balanceOf`, `transfer`, `approve`,
`transferFrom`, plus `Transfer`/`Approval` events. Its `transfer` gates on balance only — permissionless,
which disqualifies it for a regulated security.
_Avoid_: "a token" (ERC-20 is the interface, not the asset)

**Event**:
A cheap log a contract emits that off-chain services subscribe to — the one-directional on-chain →
off-chain bridge (e.g. the reconciliation feed for a transfer agent).
_Avoid_: "callback", "webhook"

**ERC-3643 (T-REX)**:
The dominant standard for permissioned security tokens. Keeps the ERC-20 interface but gates `transfer`
on an identity check (WHO may hold) and a compliance check (WHETHER a transfer is allowed), plus an
agent with freeze/forced-transfer/recovery/mint/burn powers. See [[erc-3643-architecture]].
_Avoid_: "security token" (ERC-3643 is one standard for them)

**Agent (ERC-3643)**:
The accountable, named operator (the transfer-agent role) holding privileged token powers: freeze,
forced transfer, recovery, mint, burn. The concrete answer to "regulation requires an accountable party."
_Avoid_: "admin", "owner" (the owner configures; the agent operates)

### Security & custody

**Multisig**:
A wallet requiring M-of-N independent private keys to authorise a transaction, with the policy enforced
and publicly verifiable on-chain. Chain-specific.
_Avoid_: "shared wallet"

**MPC (Multi-Party Computation)**:
A custody model that splits one private key into shares held by separate parties who jointly compute a
signature without ever reassembling the key. Cryptographic and chain-agnostic. The basis of Fireblocks.
_Avoid_: "multisig" (distinct: multisig = N whole keys on-chain; MPC = one key in shares, off-chain)

**Access control (vulnerability)**:
A privileged function (mint, freeze, upgrade) that is not properly restricted, letting an unauthorised
caller invoke it. OWASP's #1 smart-contract loss category. Maps onto the owner/[[erc-3643]] agent roles.
_Avoid_: "permissions bug"

**Reentrancy**:
A flaw where a contract makes an external call before updating its own state, letting the callee re-enter
and repeat the action. Fixed by checks-effects-interactions (update state before external calls).
_Avoid_: "recursion bug"

**Proxy / upgradeability**:
A pattern where a permanent proxy contract holds the data/address and forwards calls to a swappable logic
contract, so code can be fixed/changed at the same address. Converts an immutability risk into an
upgrade-key (access-control) risk.
_Avoid_: "versioning"

### Backed tokens & Solana

**Reserve-backed (wrapped) token**:
A token whose value comes from a real off-chain asset held in custody, minted 1:1 against deposits and
burned on redemption — the stablecoin pattern (e.g. SPCX = SpaceX shares). Contrast with a synthetic/
perpetual that holds no underlying. See [[tokenization-backing-spectrum]].
_Avoid_: "tokenized stock" (which can also mean a synthetic — be specific)

**Backing invariant**:
The rule that on-chain token supply must never exceed the assets held in custody (supply ≡ reserves).
The core thing a backed-token architecture exists to protect.
_Avoid_: "the peg"

**Proof of Reserves (PoR)**:
On-chain attestation that circulating supply is matched by custodied reserves. When wired into mint logic
("secure mint"), it makes over-minting impossible even with a compromised mint key. The oracle problem
([[oracle-problem]]) applied to backing.
_Avoid_: "audit"

**Token-2022 (Token Extensions)**:
Solana's token program offering modular extensions for compliant assets — the rough equivalent of
[[erc-3643]] assembled from program features rather than a contract suite.
_Avoid_: "SPL token" (Token-2022 is the newer, extensible program)

**Transfer Hook (Solana)**:
A Token-2022 extension that runs a custom program on every transfer to enforce rules (e.g. KYC whitelist)
and abort non-compliant transfers. The Solana analog of ERC-3643 compliance modules.
_Avoid_: "callback"

**Default Account State = Frozen**:
A Token-2022 setting that makes every new token account start frozen, so only issuer-thawed (KYC'd)
wallets can hold the asset. The Solana analog of the identity-registry eligibility gate.
_Avoid_: "blacklist"

**Permanent Delegate (Solana)**:
A Token-2022 mint-level authority that can transfer or burn tokens from any account — the clawback /
forced-transfer / recovery primitive. The Solana analog of the ERC-3643 [[agent-erc-3643]] powers, and
the most dangerous key in the system.
_Avoid_: "admin"

### Pricing & markets

**Creation/redemption arbitrage**:
The mechanism that holds a backed token near its underlying's price: because the token is 1:1
redeemable/mintable for the real asset, traders profit from any gap and close it. The same mechanism
behind ETF tracking. The token's price is anchored, not set — there is no price oracle pushing it.
_Avoid_: "the peg", "price sync"

**Tracking gap (premium / discount)**:
The difference between a backed token's market price and its underlying. Premium = token above; discount =
token below. Widens with fees, settlement latency, thin liquidity, permissioned arbitrage, and — most
notably — when the underlying market is closed but the token trades 24/7 (the weekend dislocation).
_Avoid_: "de-peg" (reserve for stablecoins; here it's a tracking gap)