EVM.

ecRecover, SHA-256, RIPEMD-160, Identity, ModExp, EC_ADD, EC_MUL, EC_PAIRING, BLAKE2F. All validated against go-ethereum test vectors (37 tests).

EIP-2537 precompiles at 0x0a through 0x10: G1ADD, G1MSM, G2ADD, G2MSM, PAIRING_CHECK, MAP_FP_TO_G1, MAP_FP2_TO_G2. Backed by blst.

TEE_VERIFY              real attestation verification
ZK_VERIFY               O(1) commitment lookup
MODEL_INFERENCE         inline inference
SETTLEMENT              settlement engine
TNZO_BRIDGE   0x1001
TOKEN_FACTORY 0x1002
CROSS_VM_BRIDGE 0x1003
STAKING       0x1004
GOVERNANCE    0x1005
NFT_FACTORY   0x1006
VRF_VERIFY    0x1007    RFC 9381
ERC8004_*     0x101a-c  Trustless Agents
ERC7579_*     0x101d-f  modular validators

Default 1337. eth_chainId returns the current chain id; clients should not hardcode.

Full EntryPoint + UserOperation v0.8 with split gas fields, PackedUserOperation, EIP-712 hashing, 40,000 gas penalty, deterministic CREATE2 account factory, smart accounts with installable validator modules, paymaster sponsorship, bundler bundle size 100.

Three on-chain validator modules drive smart-account custody at signing time: SocialRecoveryValidator (N-of-M guardian quorum, composite Ed25519 + ML-DSA-65), SessionKeyValidator (per-call target/selector allowlists, time-bounded), SpendingLimitValidator (per-tx + rolling-window daily ceilings).

All three are persistent: installs, uninstalls, and state mutations write through to CF_VALIDATOR_MODULES in RocksDB and hydrate on boot. A node restart does not wipe guardian quorums, reset session-key allowlists, or zero out daily-spend windows. The standard ERC-7579 selectors (installModule 0x9517e29f, uninstallModule 0xa71763a8, isModuleInstalled 0x112d3a7d, validateUserOp 0xa97bfdd1) are byte-identical to Safe / Biconomy Nexus / ZeroDev Kernel / Rhinestone.

ValidatorRegistry::validate_user_op AND-combines every installed module on a sender; combined valid_after = max(...), valid_until = min_nonzero(...). Enforced on both tenzro_signTransaction and eth_sendRawTransaction via aa_pre_sign_check so custody cannot be bypassed by routing around the signing helper.

DelegationRegistry records the Pectra Type-4 authority→target pointer for every EOA that signed an Eip7702Authorization. Install verifies chain-id + nonce, recovers the authority from the signature, and rejects authority/declared mismatches. Delegating to the zero address revokes. Resolved on every call into a designator-code account.

Persistent: write-through to CF_STATE / eip7702:<authority20> with bincode-encoded DelegationPointer; hydrates on boot. Without persistence a restart silently breaks every prior 7702 authorization (calls fall back to the EOA path).

Uniswap Permit2 SignatureTransfer at canonical address 0x0000…1023: EIP-712 typed data for TokenPermissions / PermitTransferFrom / PermitWitnessTransferFrom, per-owner word/bit nonce bitmap (high-248-bit word position, low-8-bit bit position) matching the Uniswap layout. tenzro_permit2DomainSeparator, tenzro_permit2Digest, tenzro_permit2VerifyAndConsume, tenzro_permit2NonceUsed RPCs. Bitmap persists to CF_SETTLEMENTS / permit2:<owner20>:<word32> — replay protection survives operator-induced restarts; without persistence, every previously-consumed permit becomes replayable.

Secure-Mint at 0x0000…1024: per-token SecureMintPolicy enforcing circulating + amount ≤ reserve for tokenized assets (xStocks, treasuries, stablecoins). tenzro_setSecureMintPolicy (admin-token-gated), tenzro_secureMintCheck, tenzro_secureMintApply, tenzro_secureMintRecordBurn. tenzro_submitReserveAttestation is fail-closed: empty signatures and unregistered attestors are rejected before any persist. Policies persist to CF_TOKENS / secure_mint:<token20>.