The contract enforcer may not be registered everywhere

 So you want a series of trades, in Btc, Gold, Stocks or Swift money account based on market prices.

If you have stocks on the public ledger you want cnditionaly traded,then you need to shard that stock, put it on hold so it become under the control of the contract manager. But the exchange may not have that feature. What deters you from double selling the stock?  The contract manager can only put an external wait on verification,and defers to the sec contract enforcement mechanism.  The contract enforcement must be able to observe two ledgers for a double sided proof.  Thus the compiler imposes an outer limit on a call to SEC exchange. I basically has to wait a confirmation or decline. If the external limit clicks with no reply from the stock exchange then that is fails to deliver and the handling agency is the external exchange. 

What does the contract enforcement want from fails to deliver? Any cancellation fees must be accounted for in account space, naturally. The accounts returned to previous stable node, and parties notified.  But in the case of the external stock exchange, which handles its own fails to deliver, it will have an incomplete definition of ledger protocol and be flagged as a warning at compile time. 

Spectre kernels make external calls and hold encryption keys. The compile has the job of translating ledger APIs into sequences of kernel calls. Those are set up when the traders biometrically agree to let the contract run.

The spectre secure kernel can manage hot keys in encrypted kernel memory. The contacts are directed grafts and a checksum accumulated down any particular path. The kernel can also verify the total diected graph, and all parties can agree to that contract checksum. The kernel has to setup and tear down cache calls.  Tha setup means retrieving the hot keys at some point.  

The hot keys are write only, except where the owner have prior agreement for the places needed in check summed contracts.  So the kernel use of the keys is very conditional requiring the users signature and the proper cache function by prior agreement. And the kernel cache clearing is proved spectre compatible.  The provable contact leads to destruction of the kernel keys. The processor is counterfeit proof and holds a secret foundry key.