"When payout disputes happen, CSV logs are not evidence. Dual cryptographic logs are."
This PoC demonstrates VCP v1.1 Three-Layer Architecture for tamper-evident audit trails.
Every year, thousands of prop firm traders lose payouts to disputes they cannot win:
- "Our records show you violated the drawdown limit"
- "The execution price in our system differs from yours"
- "We have no record of that trade"
CSV logs can be edited. Screenshots can be faked. Your word against theirs is not evidence.
┌─────────────────────────────────────────────────────────────────────┐
│ LAYER 3: External Verifiability │
│ ───────────────────────────────── │
│ • Digital Signatures (Ed25519) │
│ • External Anchoring (OpenTimestamps/Blockchain) │
│ • Third-party verification without trusting the producer │
├─────────────────────────────────────────────────────────────────────┤
│ LAYER 2: Collection Integrity │
│ ──────────────────────────────── │
│ • Merkle Tree (RFC 6962 compliant) │
│ • Batch completeness proof │
│ • Audit path for each event │
├─────────────────────────────────────────────────────────────────────┤
│ LAYER 1: Event Integrity │
│ ─────────────────────────── │
│ • EventHash (SHA-256 of canonical event) │
│ • PrevHash (optional hash chain) │
│ • Individual event completeness │
└─────────────────────────────────────────────────────────────────────┘
┌─────────────────────┐ ┌─────────────────────┐
│ TRADER SIDECAR │ │ PROP FIRM SYSTEM │
│ (Your Evidence) │ │ (Their Evidence) │
└─────────┬───────────┘ └─────────┬───────────┘
│ │
│ CrossReferenceID: shared-uuid │
│ OrderID: ORD-2025-001234 │
│ │
▼ ▼
┌─────────────────────┐ ┌─────────────────────┐
│ VCP v1.1 Event Log │ │ VCP v1.1 Event Log │
│ • EventHash │ │ • EventHash │
│ • Merkle Tree │ │ • Merkle Tree │
│ • Digital Signature │ │ • Digital Signature │
│ • External Anchor │ │ • External Anchor │
└─────────┬───────────┘ └─────────┬───────────┘
│ │
└──────────────────┬───────────────────────┘
▼
┌─────────────────────┐
│ Independent Verifier│
│ (Auditor/Regulator/│
│ Third Party) │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ CROSS-REFERENCE │
│ VERIFICATION │
│ │
│ ✓ Both logs match │
│ ✗ Discrepancy alert│
└─────────────────────┘
Guarantee: Unless both parties collude AND compromise external anchors, any discrepancy is detectable and provable.
python scripts/generate_events_v1_1.pyThis creates:
evidence/trader_events.jsonl- 23 trader-side eventsevidence/propfirm_events.jsonl- 23 prop firm-side eventsevidence/anchor_records.json- External anchor records
python verifier/verify.py \
--trader evidence/trader_events.jsonl \
--propfirm evidence/propfirm_events.jsonl \
--anchor evidence/anchor_records.jsonOutput:
Layer 1: Event Integrity
✓ Trader event hashes: 23/23 valid
✓ PropFirm event hashes: 23/23 valid
Layer 2: Collection Integrity
✓ Trader Merkle tree: VALID
✓ PropFirm Merkle tree: VALID
Layer 3: External Verifiability
✓ Trader anchor: VALID
✓ PropFirm anchor: VALID
VCP-XREF: Cross-Reference Verification
✓ NO DISCREPANCIES DETECTED
This verification is MATHEMATICALLY PROVABLE per VCP v1.1.
# Simulate prop firm editing an execution price
python scripts/tamper_demo.py
# Verify and detect the tampering
python verifier/verify.py \
--trader evidence/trader_events.jsonl \
--propfirm evidence/propfirm_tampered.jsonlOutput:
Layer 1: Event Integrity
✗ PropFirm event hashes: 22/23 valid
✗ DISCREPANCIES DETECTED
CRITICAL: 1
• [EXE] ORD-2025-001002: execution_price
├─ Trader: 2658.20
└─ PropFirm: 2655.50
These issues are CRYPTOGRAPHICALLY PROVABLE per VCP v1.1.
vcp-payout-dispute-poc/
├── README.md # This file
├── LICENSE # CC-BY-4.0
├── requirements.txt # Dependencies (standard library only)
├── evidence/
│ ├── trader_events.jsonl # 23 trader-side VCP v1.1 events
│ ├── propfirm_events.jsonl # 23 prop firm-side VCP v1.1 events
│ └── anchor_records.json # External anchor records
├── verifier/
│ └── verify.py # VCP v1.1 Three-Layer verification
├── scripts/
│ ├── generate_events_v1_1.py # Generate VCP v1.1 compliant events
│ └── tamper_demo.py # Demonstrate tamper detection
└── docs/
└── architecture.md # Detailed architecture
This PoC implements the following VCP v1.1 requirements:
| Requirement | Status | Reference |
|---|---|---|
| Three-Layer Architecture | ✅ | Section 6.0 |
| EventHash (SHA-256) | ✅ | Section 6.1.1 |
| PrevHash (optional) | ✅ | Section 6.1.2 |
| Merkle Tree (RFC 6962) | ✅ | Section 6.2.1 |
| Merkle Proof | ✅ | Section 6.2.3 |
| Digital Signatures | ✅ | Section 6.3.1 |
| External Anchor | ✅ | Section 6.3.3 |
| Policy Identification | ✅ | Section 5.5 |
| VCP-XREF Dual Logging | ✅ | Section 5.6 |
| UUIDv7 Event IDs | ✅ | RFC 9562 |
| JSON Canonicalization | ✅ | RFC 8785 |
{
"header": {
"event_id": "UUIDv7",
"timestamp_int": "nanoseconds",
"timestamp_iso": "ISO 8601",
"event_type": "SIG|ORD|ACK|EXE|REJ",
"...": "..."
},
"payload": {
"trade_data": { "...": "..." },
"vcp_gov": { "...": "..." }
},
"vcp_xref": {
"version": "1.1",
"cross_reference_id": "shared UUID",
"party_role": "INITIATOR|COUNTERPARTY",
"shared_event_key": { "order_id": "...", "..." }
},
"policy_identification": {
"version": "1.1",
"policy_id": "org.example:policy-001",
"conformance_tier": "SILVER|GOLD|PLATINUM",
"verification_depth": { "..." }
},
"security": {
"version": "1.1",
"event_hash": "SHA-256 hex",
"prev_hash": "previous event hash",
"signature": "Ed25519 base64",
"merkle_root": "batch root",
"merkle_index": 0,
"merkle_proof": [{ "hash": "...", "position": "left|right" }],
"anchor_reference": "anchor-id"
}
}| Scenario | Without VCP | With VCP v1.1 Dual Logging |
|---|---|---|
| Trader claims execution at $X | "Trust us, it was $Y" | Three-layer cryptographic proof shows $X |
| Drawdown dispute | CSV can be edited | Merkle tree proves timeline integrity |
| Missing trade | "No record in our system" | CrossReferenceID + anchor proves existence |
| Payout denial | Months of email disputes | Mathematical verification in seconds |
- End disputes permanently - Mathematical proof replaces "he said, she said"
- Reduce legal costs - Disputes resolve in seconds, not months
- Build trader trust - "VC-Certified" badge signals transparency
- Regulatory readiness - MiFID II, EU AI Act compliance preparation
- Run the VCP Sidecar alongside your trading
- Your logs are YOUR evidence (independently anchored)
- Cross-reference verification catches manipulation
- External anchoring proves your timeline
# Clone repository
git clone https://github.com/veritaschain/vcp-payout-dispute-poc.git
cd vcp-payout-dispute-poc
# No dependencies required - uses Python standard library only
python --version # Requires Python 3.9+
# Generate events and run verification
python scripts/generate_events_v1_1.py
python verifier/verify.py -t evidence/trader_events.jsonl -p evidence/propfirm_events.jsonl- Python 3.9+
- No external dependencies (standard library only)
- VCP Specification v1.1
- VCP-XREF Dual Logging Guide
- VeritasChain Standards Organization
- IETF Draft: draft-kamimura-scitt-vcp
This PoC is released under CC-BY-4.0.
- Standards Questions: standards@veritaschain.org
- Technical Support: technical@veritaschain.org
- Partnership Inquiries: partners@veritaschain.org
Remember: When payout disputes happen, CSV logs are not evidence. VCP v1.1 Three-Layer cryptographic logs are.
This repository is a technical demonstration. It does not constitute legal, trading, or compliance advice.
Built by VeritasChain Standards Organization — Verify, Don't Trust.