Deploy TradeOS CosmWasm (Claim) Contract on XION

Gov Props Mainnet Contract Deployments
1

App Description

This proposal requests storing the TradeOS CosmWasm smart contract (tradeos-cw-sc) bytecode on XION mainnet. The contract is on-chain infrastructure built to support TradeOS product development: it gives the TradeOS team a production-grade, audited CosmWasm module for verifier-authorized, one-time asset claims (native or CW20)—a replay-safe payout path keyed to an off-chain secp256k1 verifier and deterministic claim digests. Integrators may instantiate their own instances against the stored code as needed for TradeOS-related deployments.

Team Background

This contract is developed by Burnt Labs, the core team building XION network infrastructure. It is maintained to enable the TradeOS team to ship and iterate on TradeOS experiences on XION with a clear, documented on-chain claims layer. The same codebase is open for instantiation by deployments that align with TradeOS’s technical requirements. The implementation has been exercised on xion-testnet-2, with integration examples and documentation in the repository.

Contract Source Code

Contract(s) Description(s)

TradeOS CosmWasm (tradeos-cw-sc) supports TradeOS development on XION as a verifier-backed vault: assets held by the contract are paid out only when a designated secp256k1 verifier has signed a specific claim. Each successful claim is one-time (replay protection on the signed digest).

  • Instantiation — Optional owner (defaults to sender). verifier_pubkey: 33-byte compressed key as hex (0x… optional) or base64.

  • Claim shape — A ClaimInfo specifies asset (native denom or CW20 contract), recipient bech32 to, value (must be non-zero), optional time deadline (0 = none), and comment. The verifier signs a digest derived with keccak256 over a canonical encoding that includes asset, recipient, amount, deadline, comment, this contract address, and chain id, then applies the standard EIP-191 Ethereum Signed Message prefix (aligned with the EVM implementation). get_claim_digest returns the hex digest to sign; is_claimed checks whether that digest was already used.

  • claim — Submit claim + signature (hex/base64; 64-byte r||s, or 65 bytes with v stripped). Verifies against the stored pubkey, rejects expired or duplicate claims, then sends native or CW20 to to.

  • Owner-onlyset_verifier, emergency_withdraw (move funds without a signature), and update_ownership (cw-ownable: propose transfer, accept, renounce).

  • Migration — Supported for instances with wasm admin; migrates only within the same tradeos-cw-sc contract name and refreshes cw2 version metadata.

Each integrator instantiates its own contract after mainnet code storage, with separate admin, verifier, and ops policy.

Audit

testnet code_id

2026