Roles
Five actors interact around a Loot. Four are users; one is protocol infrastructure.
Creator
Section titled “Creator”The address (and account) that launches and configures a Loot: it picks the asset, play style, window, seats, and Gates, and deploys the pool through the factory. The creator is recorded on-chain and is automatically the first contributor. Creators are trusted only with their own campaign — they cannot touch another Loot’s funds or override the verifier.
Contributor
Section titled “Contributor”Anyone who deposits funds into a Loot during its Pending window (if the creator enabled open contribution). Each contributor’s amount — and, for NFTs, their specific token IDs — is recorded on-chain. That ledger drives reclaim: after the Loot ends, contributors recover their pro-rata share of whatever was not claimed. The creator counts as a contributor.
Participant
Section titled “Participant”Anyone attempting to claim from a Loot. A participant must pass the Loot’s Gates to become eligible, then submit a verifier-signed voucher to claim. Participation is permissionless to attempt and gated to succeed; the protocol enforces one claim per wallet by default.
Operator
Section titled “Operator”A creator-side role for running a campaign at scale: configuring Gates, approving join requests, managing allowlists and groups, and reviewing participants. Operators act entirely through the creator’s own surfaces and have no special protocol privileges.
Verifier
Section titled “Verifier”The protocol’s eligibility oracle. The verifier evaluates a participant against the creator’s Gates and, on success, signs an EIP-712 voucher binding the recipient, the Loot, and the allocation. It never holds funds. Its signing key is held per chain in a hardware-backed secret, and its on-chain address is governed by a multisig that can rotate it. This is the one centralized component, and its power is deliberately narrow: it can authorize a claim, but the contracts still enforce who, how much, and only once.
Trust at a glance
Section titled “Trust at a glance”| Actor | Trusted with | Cannot |
|---|---|---|
| Creator | Their own Loot’s configuration & funding | Touch other Loots; bypass the verifier |
| Contributor | Adding funds; reclaiming their share | Reclaim more than contributed |
| Participant | Attempting a claim | Claim without passing Gates + a valid voucher |
| Verifier | Authorizing eligible claims | Move funds; mint allocations the contract rejects |
See the full security model for how these boundaries are enforced.