Why Safe?

X10 Vision on safety

The goal of X10 is to establish a genuinely trustless exchange, where users can trade without relying on the integrity of the platform. We define a trustless exchange as one that technically prevents any false or manipulative transactions from occurring. X10 achieves this design through several key features: users retain self-custody of their funds, all trading activities are verified on-chain, and liquidation mechanisms are fully transparent. These foundational elements are powered by StarkEx, a high-performance scalability engine developed by StarkWare.

In this blog, we’ll explore each of these principles, beginning with how TradFi ensures the security of transactions through well-established safeguards. We'll then examine why crypto CeFi, lacking many of these critical protections, can present an insecure option for crypto trading.

Trading ecosystem

Over the last century, traditional finance has evolved into a sophisticated ecosystem where multiple entities — brokers, exchanges, custodians, clearing houses and depositories — play distinct but interconnected roles. In this system, the trading process involves several coordinated steps to ensure secure transactions. It starts with trade execution, where an investor places a buy or sell order via a broker, who is authorized by the exchange. The exchange accumulates these orders, matches buyers with sellers, and confirms the trade. Once confirmed, the trade clearance phase begins, with the clearing house stepping in as a guarantor, ensuring both parties fulfill their obligations. The clearing house temporarily takes ownership of the trade and splits it into two legs (buyer-to-seller and seller-to-buyer) through a process called novation.

Next is trade settlement, where the clearing house nets all trades and provides final settlement instructions to custodians. These instructions specify the cash and securities to be exchanged. The custodian, acting on behalf of the investor, ensures that delivery versus payment occurs, meaning the simultaneous exchange of cash for the corresponding securities. Once the clearing house verifies that all instructions are correct, it facilitates the transfer of ownership of the securities from the seller to the buyer, completing the trade. The securities are then recorded electronically at a depository, securing the investor's position.

The whole process is demonstrated in the image below.

This clear separation of roles within the trading ecosystem is a key strategy for effectively managing various risks that can arise in financial markets. In this framework, exchanges primarily function as dynamic marketplaces for matching orders, facilitating price discovery and liquidity for market participants, while not holding any authoritative power over the transactions themselves.

What’s wrong with CeFi?

The primary concern with CeFi ,including major exchanges like Binance, Bybit, and Coinbase, is that they combine multiple functions that should be separated, within a single entity. This consolidation of power fundamentally leads to conflicts of interest and exposes the system to operational vulnerabilities.

Brokerage Risk

In TradFi, only certified brokers are allowed to trade on the exchange, and they have access only to their own and publicly available information. The exchange itself operates strictly as a service provider and is prohibited from engaging in trading. These regulations, enforced by the SEC and other regulatory bodies, are designed to safeguard market integrity and fairness.

In contrast, CeFi lacks this separation of roles — there are no brokers, and anyone, including the exchange itself, can trade on the platform. This creates significant risks, as the exchange has priority access to all order data, which becomes publicly available only after a small time lag. The exchange could potentially misuse this early access to information for its own benefit, often to the detriment of its customers. By leveraging not-yet-public information about upcoming transactions that are likely to impact asset prices, centralized exchanges could theoretically engage in front-running — executing their own trades ahead of others to profit from the anticipated market moves.

Clearing Risk

When there is no separate entity for clearing, the exchange itself acts as the clearing house, eliminating the independent checks and balances that are key for preventing unethical practices. This allows the exchange to match trades even when one party can’t meet their obligations. A clear example of this risk was the collapse of FTX, where the exchange failed to ensure that Alameda Research had adequate margin to execute trades, resulting in a breakdown of market integrity and unequal treatment of users.

In TradFi, such a scenario is prevented by the clearing house, which acts as a neutral third party. A trade only settles once the clearing house verifies that both parties have met their obligations, including maintaining the required margin and ensuring sufficient funds.

Custodian Risk

Lastly, centralized exchanges retain full custody of users' funds, as they act as the custodians themselves. This creates a single point of failure where customer deposits are vulnerable to mismanagement, fraud, or even theft. We can reference FTX again as an example, where user funds were reportedly misappropriated to cover the exchange's own losses. In cases of exchange insolvency, hacking, or internal malfeasance, investors may lose access to their funds with little to no recourse. The lack of an independent custodian also eliminates the additional layer of security and oversight that traditionally ensures the safekeeping of assets and prevents the misuse of client funds. This centralization of control over assets in CeFi heightens the risk to investors' capital.

The good thing is that all these risks can be eliminated in a trustless exchange.

How does X10 eliminate safety risks?

X10 eliminates custodian risk by allowing users complete self-custody of their funds, ensuring that the platform neither owns nor manages users' assets. Control and ownership remain entirely with the client. Clearing risk is eliminated and brokerage risk is minimized through on-chain validations of the trading logic, ensuring full transparency and security.

Self-custody

Unlike centralized exchanges, where users lose control of their funds upon deposit, X10 guarantees full self-custody. When users connect to X10, a StarkEx vault is created for them, complete with its own public and private keys. These keys are deterministically generated, allowing users to regenerate their L2 keys easily without relying on external storage.

Deposited funds go directly to a StarkEx smart contract, meaning X10 cannot access them under any circumstances. Even if the exchange operator fails, users can execute forced withdrawals via the smart contract, bypassing the exchange entirely. This ensures that funds cannot be frozen or lost.

In essence, X10’s self-custody fully replaces the role of independent custodians found in TradFi.

On-chain verification of trading logic

On-chain verification of trading logic ensures the security and transparency of all transactions conducted through X10. This verification completely eliminates clearing risk, as it guarantees that payments are always fulfilled. This is achieved by ensuring that every trade is fully collateralized and that all settlements occur directly on the blockchain, providing a trustless and secure trading environment.

Additionally, each transaction is signed by the user, meaning all key order parameters are confirmed during the signing process. When placing an order, users specify both the maximum amount they are willing to spend and the minimum they are willing to receive. X10 is designed to strictly adhere to these conditions for trade settlement. Transactions are verified via StarkEx, and any discrepancies between the signed data and the actual transaction data are automatically rejected. This effectively eliminates the need for a traditional clearing house, as StarkEx ensures the integrity of the transaction without involving a third party.

While StarkEx cannot guarantee order book price-time priority, this risk is minimized by the fact that users sign off on the worst possible price they are willing to accept. As a result, X10 is unable to execute trades at a price worse than what the user has already approved, ensuring that trade conditions are fully respected. To alleviate any concerns, X10 also provides a real-time stream of all best bids, asks, and trades, allowing users to verify that their trades were executed at the best available prices at the moment of exchange.

Looking ahead, we plan to incorporate secure enclaves using AWS Nitro and Intel SGX, enabling even the most cautious users to verify that their orders are processed by an audited system proven to be fair — without the need for distributed order matching.

X10 also ensures fair liquidation logic through several key principles. Accounts subject to liquidation cannot perform any transactions, as StarkEx will automatically reject any liquidation attempt if the user’s equity exceeds the margin requirements. Liquidation is triggered by independent external mark prices provided by oracles, further enhancing fairness. Additionally, StarkEx guarantees that the liquidation process improves the account's health, meaning the ratio of Total Value to Total Risk must improve following liquidation.

Audits

In addition to the principles that X10 upholds, it's important to highlight the security of the smart contracts it employs. StarkEx has previously undergone extensive audits by external auditors and all audit reports are accessible here.