Skip to content
LogoLogo

Security model

Bloom is built around explicit control points between an agent and user funds.

Defaults

  • Mainnet and L2 broadcasts are disabled by default.
  • Private keys are never readable through the filesystem.
  • Keys are encrypted at rest with argon2id and chacha20poly1305.
  • Transaction writes create pending plans, not immediate broadcasts.
  • Policy runs before signing.
  • Side-effecting operations are appended to a hash-chained audit log.

Policy controls

Per-wallet policy.toml can enforce:

  • max ETH per transaction;
  • max USD per transaction;
  • rolling 24h USD totals;
  • recipient allow and deny lists;
  • contract-call gates;
  • automation thresholds;
  • private orderflow requirements.

Private orderflow

When private = true is configured for a wallet policy, broadcasts route through a configured private RPC provider such as MEV-Blocker or Flashbots Protect on supported chains. Unsupported chains return an explicit error rather than silently falling back to public broadcast.

Threat boundary

Bloom does not make a local machine multi-tenant safe. The daemon is currently single-user and inherits the OS permissions around the Bloom home and mount point. Use OS isolation for separate users or untrusted agents.