Company

Poly Syncer whitepaper

A technical description of how Poly Syncer mirrors trades from top Polymarket wallets in under two seconds, without taking custody of user funds.

Last reviewed · Priya Vasan, Co-founder & CTO

Abstract

Poly Syncer is a non-custodial Polymarket bot for prediction market copy trading. The system continuously observes a curated set of high-performing wallets, classifies their on-chain actions in near real time, and replays qualifying trades on each subscriber's own wallet through pre-authorized EIP-712 signatures — automated Polymarket trading without taking custody of user funds. The pipeline — listener, risk engine, mirror executor — runs at a measured end-to-end p99 latency of 1.8 seconds. Position sizes are computed from a variance-capped fractional Kelly criterion calibrated against each leader wallet's historical edge. Order flow is routed through a Flashbots-style private mempool to mitigate sandwich and front-running attacks on Polygon. This document describes the architecture, the risk model, the threat model, and the limitations.

This is the executive whitepaper. Full integration documentation lives in the API reference, and the audit report is published on the security page.

1. Problem

1.1 The information asymmetry

Polymarket operates as a fully on-chain CLOB on Polygon. Every order, fill, and position is publicly observable. Empirically, performance is highly skewed: based on twelve months of historical fills, the top two percent of wallets by realized PnL capture roughly seventy-three percent of net profit across the venue. The data is open. The actionability is not.

1.2 Why manual copy trading fails

An attentive human trying to mirror Polymarket wallets by hand faces a structural delay of roughly thirty to ninety seconds between the leader's fill and a manual mirror order. On thin markets and short-duration events — sports, daily political resolutions, earnings windows — that delay routinely consumes the entire edge. Copy trading is therefore a latency problem, not a discovery problem.

1.3 Why custodial copy trading is unacceptable

The naive solution is a pooled account that subscribers fund. We rejected this design for two reasons. First, it introduces counterparty risk: the operator can be hacked, subpoenaed, or coerced. Second, it converts a permissionless prediction market into a regulated money-services flow. Poly Syncer must be non-custodial or it is not worth building.

2. Architecture

2.1 Three-stage pipeline

The system is organized as three independent services that communicate over a low-latency message bus.

  1. Listener — A Rust service maintaining persistent WebSocket connections to four Polygon RPC endpoints (one premium, three redundant), plus a direct subscription to Polymarket's CLOB feed. The listener decodes OrderFilled events, attributes them to tracked wallets, and emits a normalized LeaderTrade message.
  2. Risk engine — A Go service that consumes LeaderTrade events and applies a layered policy: leader-trust score, market liquidity floor, subscriber risk caps, position-sizing model, and a final sanity gate. Output is a MirrorIntent per subscriber, or a rejection with reason.
  3. Mirror executor — A second Rust service that takes the subscriber's pre-signed EIP-712 authorization, constructs the matching Polymarket order, and submits it through a Flashbots-style private bundle. On confirmation, it emits an audit event consumed by the user dashboard and the public changelog aggregator.

2.2 Data flow

Polygon node ─► Listener (Rust) ─► Risk engine (Go) ─► Mirror executor (Rust) ─► Private bundle ─► Polygon
        │             │                  │                       │
        ▼             ▼                  ▼                       ▼
     mempool      LeaderTrade        MirrorIntent             AuditEvent
                  (50ms p50)         (180ms p50)              (publishable)

2.3 Why two languages

The listener and executor are written in Rust because they are I/O-bound and latency-critical, and because we needed deterministic memory behavior under sustained connection churn. The risk engine is Go because it is CPU-bound on policy evaluation and benefits from the language's mature concurrency primitives and faster iteration cycle. The split is pragmatic, not ideological.

3. Position sizing

3.1 Capped fractional Kelly

For each leader wallet, we maintain a rolling estimate of edge p (probability of profitable resolution, conditional on the trade being taken) and average win/loss ratio b. The base Kelly fraction is the classical formula:

f* = (b·p − q) / b      where q = 1 − p

In production we never deploy raw Kelly. The mirror size is:

f_mirror = min( α · f* , c_var(σ) , c_user )

  α       = 0.25         (quarter-Kelly damping)
  c_var(σ)= k / σ²       (variance cap, k tuned per category)
  c_user  = subscriber-defined max % of bankroll per trade

The damping coefficient α is the lever that has the largest historical effect on drawdown. We chose 0.25 after backtesting against three years of Polymarket fills; lower values gave up too much expected return, higher values produced unacceptable tail behavior on misclassified leaders.

3.2 Why we cap variance separately

Kelly is optimal under the assumption that p and b are known. They are not — they are estimated from a finite leader history. Variance capping is a robust-control adjustment: when our estimate of edge has wide error bars, we shrink the position regardless of what raw Kelly recommends. This is the single largest difference between Poly Syncer's sizing and the textbook treatment.

4. MEV protection

4.1 Threat model on Polygon

Polygon's mempool is public. A naive mirror order published on the broadcast mempool can be sandwich-attacked or front-run by searchers who recognize the pattern. The expected value loss from naive routing on illiquid markets is non-trivial — we measured it at roughly eleven basis points of fill quality on average across our test cohort.

4.2 Private bundle routing

Poly Syncer submits mirror orders through a Flashbots-style private bundle relay. The order is encrypted to a small set of cooperating block builders and never appears in the public mempool until it is included in a block. This eliminates the front-running surface for the orders that pass through Poly Syncer. It does not eliminate MEV at the venue level — Polymarket itself is a CLOB and not subject to the same sandwich vector — but it materially improves fill quality on cross-market and cross-AMM legs.

5. Audit and threat model

5.1 Trail of Bits, Q1 2026

Trail of Bits completed a full audit of the EIP-712 signature flow, the mirror executor, and the risk engine policy code in Q1 2026. The full report is published on the security page. There were three medium-severity findings, all remediated before the report was published, and no high or critical findings.

5.2 What an attacker controls

Because Poly Syncer is non-custodial, the worst-case attacker scenario is bounded by what a subscriber's pre-signed authorization permits. Authorizations specify: a maximum notional per trade, a maximum daily notional, a list of allowed market categories, and an expiration timestamp. An attacker who fully compromised Poly Syncer's infrastructure could submit valid orders within those bounds, but could not exceed them, drain the wallet, or sign new authorizations. The blast radius is finite and user-defined.

5.3 What the user controls

Authorizations can be revoked at any time by signing a single revocation message that invalidates the nonce. Revocation propagates within one block. There is no withdrawal queue, no admin key, and no upgrade path that bypasses the user's signature.

6. Roadmap

2026 Q2

Public read-only API, expanded coverage to Polymarket's sports vertical at full latency, and a community signal sharing layer.

2026 Q3

AI alpha signals graduate from Elite-only into a documented, opt-in classifier. Cross-venue mirror routing for prediction markets that share the underlying Polygon settlement layer.

2026 Q4

Programmatic strategy layer: subscribers compose multiple leader wallets with custom weighting and risk overlays, defined declaratively. Reference integration documented in the API reference.

8. Limitations and honest disclosures

Copy trading does not eliminate risk. Past performance of a leader wallet does not guarantee future performance, and Poly Syncer's leader-trust scoring is a heuristic. Mirror fills can and do receive worse prices than the leader on thin order books — we publish the average slippage in the monthly changelog. Read the risk disclosure in full before subscribing.