A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be isolated from other processes usually at a hardware level in order to provide confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself.

How does Oyster work?

Oyster is a sub-network of Marlin that specializes in offering TEE-based coprocessors. It is fast, cheap and secure. It allows instances to be rented individually for any stretch of time or for tasks to be delegated amongst a pool of nodes in a serverless way without individually renting instances and paying only for the duration of the task's execution. Nodes can be rented and tasks delegated using both smart contract calls and web 2 APIs. A set of auditors routinely query Oyster nodes to ensure uptime guarantees.

What are the benefits of using Oyster?

Oyster is very flexible and versatile. Developers can port existing web 2 applications on Oyster, write code in the programming language of their choice and use popular libraries and frameworks. Additional benefits include: 1. Secure: Hardware isolation ensures that programs run correctly as intended without exposing their contents and prohibiting interference from the host machine or its owner. 2. Fast: Oyster nodes are essentially like usual servers. There’s no redundancy in computation, complex protocol logic or cryptography. Thus, apart from a little TEE overhead for encrypted memory access, Oyster nodes are very performant and provide an experience similar to running programs on a normal machine. 3. Cheap: TEEs can be considered commoditized. While a little more expensive than vanilla servers, they are very cheap compared to blockchains, MPC, FHE or ZK proofs. Consequently, TEEs are a very affordable mode to carry out computations verifiably.

How can I get involved?

Oyster is a permissionless network. As such, programmers can contribute to its codebase, developers can build trustless web 3 applications by deploying their backends on Oyster nodes and infrastructure providers can run TEE-enabled Oyster nodes.

Decentralized verifiable frontends

Deliver censorship-resistant access to your dApps.

Ensure your users can always access your applications verifiably with decentralized frontend hosting.

Decentralize your frontend

ADVANTAGES

Features

Censorship Resistance

No single entity controls the hosting infrastructure, making it extremely difficult to block or censor access to your frontend.

High Availability

The decentralized network ensures continuous operation, even if some nodes go offline.

Tamper Proof Delivery

TEEs guarantee that the frontend code delivered to users is exactly as intended, preventing malicious modifications.

Web2 & Web3 Compatibility

Serve traditional web frontends and seamlessly connect them to blockchain backends.

Learn more

STEP 1

Deploy

Upload your frontend code to Oyster. It's cryptographically hashed and stored across a decentralized network.

STEP 2

Enclave verification

Oyster's Trusted Execution Environments (TEEs) attest that every hosted instance runs exactly your code. No tampering.

STEP 3

Link to onchain DNS

3DNS binds your domain to the code's hash. Only verified instances can update DNS records or request SSL certificates.

STEP 4

Users access

Visitors connect via decentralized domains (ENS, Unstoppable Domains) or traditional HTTPS, with guaranteed integrity.

STEP 1

Deploy

Upload your frontend code to Oyster. It's cryptographically hashed and stored across a decentralized network.

STEP 2

Enclave verification

Oyster's Trusted Execution Environments (TEEs) attest that every hosted instance runs exactly your code. No tampering.

STEP 3

Link to onchain DNS

3DNS binds your domain to the code's hash. Only verified instances can update DNS records or request SSL certificates.

STEP 4

Users access

Visitors connect via decentralized domains (ENS, Unstoppable Domains) or traditional HTTPS, with guaranteed integrity.

Get Started

Explore the ecosystem

Discover the vast variety of dApps that can leverage Marlin coprocessors

Asula

Sigmoid

View our documentation

Can't find the answer you're looking for? We have a database of useful documents and resources dedicated to help you

View Documents

By binding domains to code hashes and enforcing execution in secure enclaves, phishing and tampering become impossible.

Yes! 3DNS supports traditional domains (e.g., .com) and Web3-native ones (ENS, .crypto).

Absolutely. Host static sites or dynamic apps—no lock-in.

Developer Chat Research Forum

Oyster

Kalypso

Github

Docs

Relay

Discord

MEV

AI

DEX

Decentralized Frontends

Decentralized Gateways

Oracles

Explore Ecosystem

Forum

Blog

Ethereum-Arbitrum Bridge

POND-MPond Bridge

Contribute

Oyster

Kalypso

Github

Docs

Relay

Discord

MEV

AI

DEX

Decentralized Frontends

Decentralized Gateways

Oracles

Explore Ecosystem

Forum

Blog

Ethereum-Arbitrum Bridge

POND-MPond Bridge

Contribute

Deliver censorship-resistant access to your dApps.

Features

Censorship Resistance

High Availability

Tamper Proof Delivery

Web2 & Web3 Compatibility

Trustless community run frontends

Deploy

Enclave verification

Link to onchain DNS

Users access

Deploy

Enclave verification

Link to onchain DNS

Users access

Case Study: Oyster TEE + 3DNS = on-chain management of verifiable decentralized frontends

Deploying Decentralized Frontends with Oyster: A step-by-step guide

View our documentation

Questions?

How does decentralized frontend hosting improve security?

Can I use my existing domain?

Is this compatible with React/Angular/other frameworks?