⚙️ SECTION 2: TECHNICAL ARCHITECTURE
2.1 🏛️ Layered Architecture Overview
OTCM Protocol implements a sophisticated five-layer architecture engineered specifically for institutional-grade securities trading on the Solana blockchain. This architecture represents a fundamental departure from traditional DeFi protocols, which typically prioritize transaction speed over compliance. OTCM's design philosophy places regulatory compliance and investor protection at the protocol level while leveraging Solana's exceptional performance characteristics to deliver sub-second transaction finality.
The architectural decisions reflect lessons learned from both traditional securities infrastructure and the cryptocurrency ecosystem:
Infrastructure Type | Approach | Trade-off |
|---|---|---|
🏛️ Traditional Securities | Compliance through centralized intermediaries (broker-dealers, clearinghouses, transfer agents) | Adds latency and cost |
🔗 Cryptocurrency Markets | Speed through decentralization | Typically sacrifices regulatory compliance |
⚡ OTCM Five-Layer Architecture | Compliance verification integrated into transaction processing | Achieves BOTH without compromise |
2.1.1 🎯 Five-Layer Design Philosophy
The five-layer architecture follows the principle of separation of concerns, where each layer handles specific responsibilities with well-defined interfaces to adjacent layers. This design enables independent scaling, testing, and upgrading of individual layers while maintaining system integrity.
Layer | Name | Primary Responsibility |
|---|---|---|
🖥️ Layer 1 | Application Layer | User interfaces, portal access, experience management |
⚖️ Layer 2 | Compliance Enforcement | Transfer Hooks, KYC/AML, OFAC, securities law automation |
💹 Layer 3 | Trading & Liquidity | CEDEX engine, bonding curves, CPMM, liquidity pools |
⛓️ Layer 4 | Blockchain Infrastructure | Solana L1, RPC nodes, consensus, finality |
🔌 Layer 5 | External Integration | Custody verification, oracles, SEC EDGAR, analytics |
2.1.2 📐 Architecture Diagram
┌─────────────────────────────────────────────────────────────────────────┐
│ 🖥️ LAYER 1: APPLICATION LAYER │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ 🚪 Issuers │ │ 🏦 CEDEX │ │ 🥩 Staking │ │
│ │ Portal │ │ Interface │ │ Portal │ │
│ │ (KYC/AML) │ │ (Trading) │ │ (Rewards) │ │
│ └────────┬────────┘ └────────┬────────┘ └────────┬────────┘ │
└───────────┼─────────────────────┼─────────────────────┼─────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────────────┐
│ ⚖️ LAYER 2: COMPLIANCE ENFORCEMENT │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ 🔍 │ │ 🚫 │ │ 🕵️ │ │ ✅ │ │ 🛑 │ │
│ │ Custody │ │ OFAC │ │ AML │ │Redemption│ │ Circuit │ │
│ │ Oracle │ │Screening │ │Analytics │ │ Verify │ │ Breaker │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ 🪝 SPL TOKEN-2022 TRANSFER HOOKS (42 Security Controls) │
└───────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ 💹 LAYER 3: TRADING & LIQUIDITY INFRASTRUCTURE │
│ ┌─────────────────────────────┐ ┌─────────────────────────────┐ │
│ │ 🏦 CEDEX ENGINE │ │ 💧 OTCM LIQUIDITY POOL │ │
│ │ • Bonding Curve Trading │ │ • CPMM Mechanics │ │
│ │ • Price Discovery │ │ • Capital Accumulation │ │
│ │ • Order Matching │ │ • Permanent Locks │ │
│ └─────────────────────────────┘ └─────────────────────────────┘ │
└───────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ ⛓️ LAYER 4: SOLANA BLOCKCHAIN INFRASTRUCTURE │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ ☀️ SOLANA MAINNET-BETA (Monolithic L1 Architecture) │ │
│ │ • Proof of History (PoH) + Tower BFT Consensus │ │
│ │ • Sealevel Parallel Execution (1000s of contracts) │ │
│ │ • 65,000+ TPS | 400ms Block Time | ~$0.0001-$0.0025 per TX │ │
│ │ • Gulf Stream (Mempool-less) | Turbine (Block Propagation) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
└───────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ 🔌 LAYER 5: EXTERNAL DATA & CUSTODY INTEGRATION │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ 🏛️ Empire │ │ 🚫 OFAC/SDN │ │ 🔬 Chainalysis│ │ 📋 SEC EDGAR│ │
│ │ Stock │ │ Lists │ │ / TRM Labs │ │ Integration │ │
│ │ Transfer │ │ (Sanctions) │ │ (AML) │ │ (Data) │ │
│ │ (Custody) │ │ │ │ │ │ │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────────────────┘2.1.3 🔄 Cross-Layer Communication
Inter-layer communication follows strict protocols ensuring data integrity and system reliability:
⬇️ Downward Communication (Request Flow)
Application layer requests traverse through compliance, trading, blockchain, and external layers sequentially. Each layer validates inputs, performs its specific function, and passes validated data to the next layer.
⬆️ Upward Communication (Response Flow)
Results propagate upward through the same path, with each layer adding its processing results. The application layer receives comprehensive transaction status including compliance verification results, trading execution details, and blockchain confirmation.
↔️ Horizontal Communication
Within each layer, components communicate through defined APIs. The compliance layer's Transfer Hooks execute sequentially, sharing state through Solana's account model. The trading layer's CEDEX and Liquidity Pool components share price and reserve data through on-chain state.
2.2 ☀️ Solana Layer 1 Foundation
OTCM Protocol's technical foundation rests on Solana, a monolithic Layer 1 blockchain protocol designed for high-throughput, low-latency transaction processing. Unlike modular blockchains (such as Ethereum) that offload scaling to Layer 2 solutions, Solana handles all transaction processing, state management, and consensus directly on its base layer—a critical characteristic for securities trading where settlement certainty and deterministic execution are paramount.
2.2.1 🎯 Why Solana: Technical Rationale
The selection of Solana as OTCM's blockchain infrastructure reflects careful analysis of securities trading requirements mapped against available blockchain capabilities:
Requirement | ⚫ Traditional Alternative | ☀️ Solana Capability |
|---|---|---|
⚡ Transaction Throughput | Ethereum: 15-30 TPS | 65,000+ TPS theoretical |
⏱️ Block Time | Ethereum: ~12 seconds | 400ms slots |
💵 Transaction Cost | Ethereum: $1-$50+ | $0.0001 - $0.0025 |
✅ Finality Time | Ethereum: ~6 minutes | ~13 seconds (32 blocks) |
📜 Smart Contract Model | Ethereum: Sequential EVM | Parallel Sealevel execution |
🪙 Token Standard | ERC-20/ERC-1400 | SPL Token-2022 + Transfer Hooks |
💡 Critical Design Decision: SPL Token-2022's Transfer Hook extension enables OTCM to execute compliance verification during every token transfer at the protocol level—a capability not available on Ethereum or most other blockchains without complex, gas-intensive proxy patterns.
2.2.2 🚀 Core Protocol Innovations
Solana achieves its exceptional performance through eight core innovations within its base layer. Understanding these innovations is essential for comprehending how OTCM's compliance-intensive operations execute efficiently:
⏱️ 1. Proof of History (PoH)
Proof of History functions as a "cryptographic clock" that timestamps transactions before they enter consensus. Traditional blockchains require nodes to communicate extensively to agree on transaction ordering and timing. PoH pre-establishes a verifiable sequence of events through a SHA-256 hash chain, where each hash depends on the previous output.
// Proof of History Hash Chain
hash_n = SHA256(hash_n-1)
hash_n+1 = SHA256(hash_n)
// Each hash proves a specific amount of time has passed
// Validators can verify order without communication🏦 OTCM Application: Transfer Hook verification benefits from PoH's pre-established ordering. Compliance checks execute in deterministic sequence without consensus delays, enabling the 750-1,250ms total verification time despite six sequential hooks.
🗼 2. Tower BFT
Tower BFT represents Solana's custom implementation of Practical Byzantine Fault Tolerance (PBFT) consensus, optimized to leverage PoH as its clock source. Traditional PBFT requires O(n²) message complexity for n validators; Tower BFT reduces this through PoH-synchronized voting.
Consensus Parameters:
Parameter | Description |
|---|---|
🔒 Vote Lockout | Validators commit to votes with exponentially increasing lockout periods |
💰 Rollback Cost | Switching votes becomes exponentially more expensive over time |
✅ Finality | 32-block confirmation provides practical finality (~13 seconds) |
⚡ 3. Sealevel: Parallel Smart Contract Execution
Sealevel is Solana's parallel execution engine that processes thousands of smart contracts simultaneously. Unlike Ethereum's sequential EVM, Sealevel identifies non-overlapping transactions and executes them in parallel across available CPU cores.
rust
// Transaction Parallelization Logic
fn schedule_transactions(txs: Vec<Transaction>) -> ExecutionPlan {
// Group transactions by account access patterns
let read_only: Vec<&Transaction> = filter_read_only(txs);
let write_sets: HashMap<Account, Vec<Transaction>> = group_by_writes(txs);
// Transactions touching different accounts execute in parallel
// Transactions touching same account execute sequentially
ExecutionPlan::optimize(read_only, write_sets)
}🏦 OTCM Application: CEDEX trading transactions touching different ST22 token pairs execute in parallel, enabling the platform to handle hundreds of concurrent trades. Transactions involving the same token pair serialize automatically, ensuring atomic state updates.
🌊 4. Turbine: Block Propagation Protocol
Turbine addresses the bandwidth bottleneck of block propagation by breaking blocks into smaller packets distributed through a tree structure. Each validator receives partial data and forwards it to downstream validators, achieving O(log n) propagation complexity.
Block Propagation Specifications:
Spec | Value |
|---|---|
📦 Packet Size | 64KB shreds (erasure-coded fragments) |
🌳 Fanout Factor | Each node forwards to 200 downstream nodes |
🔧 Reconstruction | 67% of shreds required to reconstruct complete block |
🌀 5. Gulf Stream: Mempool-less Transaction Forwarding
Gulf Stream eliminates the traditional mempool by forwarding transactions to upcoming leader validators before the current block finalizes. This reduces confirmation latency and memory pressure across the network.
🏦 OTCM Application: CEDEX transactions forward immediately to the next leader, reducing the time between user submission and inclusion in a block. This enables the sub-second user experience despite comprehensive compliance verification.
☁️ 6. Cloudbreak: Horizontally Scaled Account Database
Cloudbreak implements Solana's account database using memory-mapped files optimized for concurrent reads and writes. The system supports parallel access patterns essential for high-throughput trading operations.
🔧 7. Pipelining: Transaction Processing Unit
Solana's transaction processing pipeline operates similarly to CPU instruction pipelining, with distinct stages for data fetching, signature verification, banking (state changes), and recording. Different transactions occupy different pipeline stages simultaneously.
Stage 1 | Stage 2 | Stage 3 | Stage 4 |
|---|---|---|---|
📥 Data Fetch | ✍️ Signature Verify | 🏦 Banking | 📝 Recording |
GPU | GPU | CPU | Kernel |
📚 8. Archivers: Distributed Ledger Storage
Archivers are specialized nodes responsible for distributed ledger storage, keeping transaction history accessible without overburdening validators. This separation of concerns enables validators to maintain high performance while ensuring complete historical data availability for compliance and audit purposes.
2.2.3 🔐 Consensus Mechanism Deep Dive
Solana employs a hybrid consensus mechanism combining Proof of History (PoH) with Delegated Proof of Stake (dPoS). This hybrid approach achieves Byzantine Fault Tolerance while maintaining the throughput necessary for securities trading applications.
🔄 Consensus Flow:
┌─────────────────────────────────────────────────────────────────┐
│ CONSENSUS FLOW │
└─────────────────────────────────────────────────────────────────┘
1️⃣ LEADER SELECTION
│ Deterministic schedule rotates leader responsibility
│ among validators based on stake weight
▼
2️⃣ BLOCK PRODUCTION
│ Leader validator receives transactions via Gulf Stream
│ and produces blocks with PoH timestamps
▼
3️⃣ BLOCK PROPAGATION
│ Turbine distributes block shreds through
│ the validator network
▼
4️⃣ VOTING
│ Validators vote on block validity using
│ Tower BFT with exponential lockout
▼
5️⃣ FINALITY
│ After 32 confirmations (~13 seconds),
│ transactions achieve practical finality
▼
✅ SETTLEMENT COMPLETE2.2.4 📊 Network Performance Specifications
Metric | Specification | OTCM Utilization |
|---|---|---|
⚡ Theoretical TPS | 65,000+ | 400-600 TPS (compliance overhead) |
⏱️ Block Time (Slot) | 400ms | Used for PoH synchronization |
✅ Finality Time | ~13 seconds (32 blocks) | Settlement certainty for trades |
💵 Transaction Cost | $0.0001 - $0.0025 | ~5,000 lamports base fee |
🏗️ Architecture Type | Monolithic L1 | No L2 dependency for settlement |
🔐 Consensus | PoH + dPoS (Tower BFT) | Deterministic ordering |
2.3 🔲 Layer-by-Layer Technical Specifications
This section provides detailed technical specifications for each architectural layer, including interface definitions, performance requirements, and implementation details.
2.3.1 🖥️ Layer 1: Application Layer
The Application Layer provides user-facing interfaces enabling interaction with OTCM Protocol. All interfaces share common authentication, state management, and API connectivity patterns while presenting specialized functionality for different user types.
🚪 Issuers Portal
Purpose: Comprehensive onboarding and management interface for companies tokenizing securities through OTCM Protocol.
Core Functions:
Function | Description |
|---|---|
🏢 Company Registration | SEC CIK validation, corporate document upload, authorized signatory verification |
📊 Series M Configuration | Share class creation parameters, conversion ratios, custody arrangements |
🎫 ST22 Token Management | Minting authorization, vesting schedule configuration, treasury management |
📋 Compliance Dashboard | Real-time trading analytics, regulatory reporting, investor cap table |
Technology Stack:
Component | Technology |
|---|---|
🖥️ Frontend Framework | React 18+ with TypeScript, TailwindCSS |
🗂️ State Management | Redux Toolkit with RTK Query for API caching |
👛 Wallet Integration | Solana Wallet Adapter (Phantom, Solflare, Ledger) |
🔐 Authentication | SIWS (Sign-In With Solana) + JWT sessions |
📄 Document Processing | DocuSign API for legal signatures, S3 for storage |
🏦 CEDEX Trading Interface
Purpose: Real-time trading interface enabling ST22 token transactions with integrated compliance verification.
Core Functions:
Function | Description |
|---|---|
🔍 Market Discovery | Token listing, price charts, volume analytics, market depth visualization |
💹 Order Execution | Market orders, limit orders, swap interface with slippage protection |
💼 Portfolio Management | Holdings display, transaction history, P&L tracking |
✅ Compliance Status | Real-time KYC status, verification requirements, restriction alerts |
🥩 Staking Interface
Purpose: Staking management dashboard for OTCM token holders participating in protocol governance and rewards.
Core Functions:
Function | Description |
|---|---|
💰 Stake Management | Deposit/withdraw OTCM tokens, delegation to validator nodes |
📈 Rewards Tracking | APY display (8-60%), reward accrual, claim functionality |
⏱️ Epoch Management | 2.6-day epoch visualization, reward distribution timing |
🗳️ Governance | Voting on protocol proposals, delegation to representatives |
2.3.2 ⚖️ Layer 2: Compliance Enforcement Layer
The Compliance Enforcement Layer implements OTCM's 42-point security architecture through SPL Token-2022 Transfer Hooks. This layer represents the protocol's core innovation: automated securities law compliance at the smart contract level.
🪝 Transfer Hook Architecture
SPL Token-2022's Transfer Hook extension enables custom program execution during every token transfer. OTCM leverages this capability to implement six sequential compliance verification hooks:
Hook | Function | Data Source | Latency | Error |
|---|---|---|---|---|
🔍 Hook 1 | Custody Verification | Empire Stock API | 100-150ms | 6001 |
🚫 Hook 2 | OFAC Screening | SDN List Oracle | 200-500ms | 6002 |
🕵️ Hook 3 | AML Analytics | Chainalysis/TRM | 300-400ms | 6003 |
✅ Hook 4 | Redemption Eligibility | KYC Registry | 50-100ms | 6004 |
📉 Hook 5 | Price Impact Limit | TWAP Oracle | 50-100ms | 6006 |
💧 Hook 6 | Liquidity Ratio | Pool State | 50-100ms | 6007 |
⏱️ TOTAL | Complete Verification Pipeline | — | 750-1,350ms | — |
💡 Atomic Execution Guarantee: If any Transfer Hook returns an error, the entire transaction reverts atomically. This ensures that non-compliant transfers can never execute, even partially. Solana's account model and Sealevel's transaction isolation guarantee this atomicity.
🔐 Hook Implementation Details
Hook 1 — Custody Verification Oracle:
rust
// Hook 1: Custody Verification (Rust/Anchor)
pub fn verify_custody(
ctx: Context<CustodyVerification>,
transfer_amount: u64,
) -> Result<()> {
let oracle_data = ctx.accounts.custody_oracle.load()?;
let total_circulating = ctx.accounts.mint.supply;
let custodied_shares = oracle_data.verified_balance;
// Ensure tokens never exceed custodied backing
require!(
total_circulating + transfer_amount <= custodied_shares,
OtcmError::InsufficientCustody // Error 6001
);
emit!(CustodyVerified { timestamp: Clock::get()?.unix_timestamp });
Ok(())
}Hook 3 — AML Risk Scoring:
The AML verification hook implements a three-tier risk scoring system:
Risk Score | Action | Result |
|---|---|---|
✅ 0-30 | Automatic approval | Transaction proceeds without delay |
⚠️ 31-70 | Enhanced review | Transaction proceeds but flagged for compliance team review |
🚫 71-100 | Automatic rejection | Transaction reverts with error 6003 |
2.3.3 💹 Layer 3: Trading & Liquidity Infrastructure
The Trading & Liquidity Infrastructure layer implements CEDEX (Centralized-Decentralized Exchange) mechanics and the OTCM Liquidity Pool. This layer leverages Solana's Sealevel parallel execution to process multiple trades concurrently while maintaining atomic state updates.
🏦 CEDEX Engine
CEDEX operates as a purpose-built trading infrastructure combining centralized order matching efficiency with decentralized settlement guarantees:
📈 Bonding Curve Trading (Pre-Graduation):
New ST22 tokens begin trading on bonding curves using a modified constant product formula:
// Bonding Curve Price Formula
price = (SOL_reserve + delta_SOL) / (token_supply - delta_tokens)
// With 5% protocol fee:
effective_price = price * 1.05
// Graduation triggers when market_cap >= $250,000 USD🔢 CPMM Trading (Post-Graduation):
Upon graduation (market cap ≥ $250,000), tokens transition to Constant Product Market Maker (CPMM) mechanics with deeper liquidity:
rust
// CPMM Invariant: k = x * y (constant product)
// Where x = SOL reserves, y = token reserves
fn calculate_output(
input_amount: u64,
input_reserve: u64,
output_reserve: u64,
) -> u64 {
let input_with_fee = input_amount * 9955; // 0.45% fee
let numerator = input_with_fee * output_reserve;
let denominator = (input_reserve * 10000) + input_with_fee;
numerator / denominator
}💧 OTCM Liquidity Pool
The OTCM Liquidity Pool aggregates capital from four sources, creating unified market depth across all ST22 tokens:
Capital Source | Contribution Rate | Lock Status |
|---|---|---|
🎓 Bonding Curve Graduations | $1M-$5M per issuer | 🔒 Permanent |
💵 Trading Fee Allocation | 0.44% of volume | 🔒 Permanent |
🥩 Staking Reward Reinvestment | 2% of rewards | 🔒 Permanent |
🏦 Initial Protocol Deposit | $2M at launch | 🔒 Permanent |
📈 Projected LP Growth:
Year 1 | Year 2 | Year 3 | Year 4 | Year 5 |
|---|---|---|---|---|
💰 $12.5M | 💰 $27.3M | 💰 $41.8M | 💰 $53.2M | 🚀 $64.3M |
2.3.4 ⛓️ Layer 4: Blockchain Infrastructure
Layer 4 encompasses the Solana blockchain infrastructure providing the settlement layer for all OTCM operations. This layer integrates the eight core Solana innovations (detailed in Section 2.2.2) into a cohesive infrastructure supporting securities trading requirements.
📡 RPC Node Architecture
OTCM operates dedicated RPC infrastructure with the following specifications:
Component | Specification |
|---|---|
🥇 Primary RPC | Helius dedicated nodes (500 req/sec, 100 sendTx/sec tier) |
🔄 Failover RPC | Triton/QuickNode backup cluster |
🌍 Geographic Distribution | US-East, US-West, EU-West, APAC nodes |
🛡️ MEV Protection | Jito bundle integration for frontrunning protection |
🔄 Transaction Lifecycle on Solana
Understanding Solana's transaction lifecycle is essential for comprehending OTCM's settlement guarantees:
Step | Phase | Description |
|---|---|---|
1️⃣ | Submission | Transaction submitted to RPC node, forwarded via Gulf Stream to upcoming leader |
2️⃣ | Processing | Leader includes transaction in block, Sealevel executes Transfer Hooks in parallel with non-conflicting transactions |
3️⃣ | Propagation | Turbine distributes block shreds across validator network |
4️⃣ | Voting | Validators vote on block validity using Tower BFT |
5️⃣ | Confirmation | Transaction confirmed after 1 block (~400ms) |
6️⃣ | Finality | Practical finality achieved after 32 blocks (~13 seconds) |
2.3.5 🔌 Layer 5: External Data & Custody Integration
Layer 5 provides the critical bridge between on-chain operations and off-chain data sources required for securities compliance. This layer implements oracle patterns ensuring data integrity while maintaining the performance requirements of blockchain-based trading.
🏛️ Empire Stock Transfer Integration
Empire Stock Transfer serves as OTCM's qualified custodian, providing SEC-registered transfer agent services for Series M share custody:
Integration Point | Function |
|---|---|
🔍 Custody Oracle API | Real-time balance verification, cryptographically signed attestations, updated every block (~400ms) |
📋 Share Registration | Series M share issuance recording, beneficial ownership tracking, corporate action processing |
🔄 Redemption Processing | KYC-verified token-to-share conversions, DRS registration, certificate issuance |
📊 Audit Reporting | Quarterly custody attestations, regulatory examination support, transaction audit trails |
🔮 Compliance Oracle Network
OTCM's compliance verification relies on a network of specialized oracles:
Oracle | Function |
|---|---|
🚫 OFAC/SDN Oracle | Updates hourly from Treasury Department Specially Designated Nationals list. Implements fuzzy matching algorithms for name variations and aliases. |
🔬 Blockchain Analytics Oracle | Integrates Chainalysis KYT (Know Your Transaction) and TRM Labs data. Provides wallet risk scoring based on transaction history, counterparty analysis, and pattern detection. |
📋 SEC EDGAR Integration | Pulls company financial data, filing status, and corporate action information. Used for issuer onboarding verification and ongoing compliance monitoring. |
2.4 🔄 Data Flow Specification
This section provides detailed specifications for transaction data flow through OTCM Protocol's five-layer architecture. Understanding this flow is essential for developers integrating with the protocol and auditors verifying compliance implementation.
2.4.1 📊 Transaction Lifecycle
Every ST22 token transaction follows a deterministic lifecycle from user initiation through settlement and post-transaction monitoring:
┌──────────────────────────────────────────────────────────────────────────┐
│ 🔄 ST22 TRANSACTION LIFECYCLE │
└──────────────────────────────────────────────────────────────────────────┘
User Action 📍 PHASE 1: INITIATION (0-50ms)
│ • Parameter validation
│ • Wallet signature
▼ • RPC submission
┌────────┐
│ Submit │──────────► Gulf Stream forwards to leader validator
└────────┘
│
▼
┌────────────────────────────────────────────────────────────┐
│ ⚖️ PHASE 2: VERIFICATION (750-1,350ms) │
│ │
│ 🪝 TRANSFER HOOKS EXECUTION (Sequential) │
│ │
│ Hook 1: 🔍 Custody │
│ ▼ │
│ Hook 2: 🚫 OFAC │
│ ▼ │
│ Hook 3: 🕵️ AML │
│ ▼ │
│ Hook 4: ✅ KYC │
│ ▼ │
│ Hook 5: 🛑 Circuit Breaker │
│ ▼ │
│ Hook 6: 💧 LP │
└────────────────────────────────────────────────────────────┘
│
├─── ❌ FAIL ───► Atomic Revert + Error Code
│
▼ ✅ PASS
┌────────────────────────────────────────────────────────────┐
│ 💹 PHASE 3: EXECUTION (400-600ms) │
│ • CPMM calculation • Fee deduction (5%) │
│ • Reserve update • Token transfer │
│ • Event emission • State commitment │
└────────────────────────────────────────────────────────────┘
│
▼
┌────────────────────────────────────────────────────────────┐
│ ✅ PHASE 4: SETTLEMENT (~13 seconds) │
│ • Block confirmation • Tower BFT voting │
│ • 32-block finality • Compliance recording │
│ • Fee distribution • Audit trail creation │
└────────────────────────────────────────────────────────────┘
│
▼
┌────────────────────────────────────────────────────────────┐
│ 👁️ PHASE 5: MONITORING (Ongoing) │
│ • Pattern analysis • SAR evaluation │
│ • Regulatory reporting • Anomaly detection │
└────────────────────────────────────────────────────────────┘2.4.2 📋 Five-Phase Processing Model
📍 Phase 1: Initiation (0-50ms)
Transaction initiation begins when a user submits an ST22 transfer through the CEDEX interface:
typescript
// Transaction Parameters (TypeScript)
interface TransactionParams {
tokenMint: PublicKey; // ST22 token address
amount: u64; // Transfer amount in base units
maxPrice: u64; // Slippage protection (0 = market)
recipientWallet: PublicKey; // Destination wallet
deadline: i64; // Unix timestamp expiry
}⚖️ Phase 2: Verification (750-1,350ms)
The verification phase executes all six Transfer Hooks sequentially. Each hook:
- 🔍 Queries its designated oracle or data source
- ⚙️ Performs verification logic against compliance rules
- 📝 Records verification result in compliance log
- ✅ Returns PASS to continue or ❌ ERROR to revert
💹 Phase 3: Execution (400-600ms)
Upon successful verification, transaction execution proceeds atomically:
rust
// Swap Execution (Rust/Anchor)
fn execute_swap(ctx: Context<Swap>, params: SwapParams) -> Result<()> {
// Calculate output using CPMM formula
let output = calculate_cpmm_output(
params.input_amount,
ctx.accounts.pool.sol_reserve,
ctx.accounts.pool.token_reserve,
)?;
// Apply 5% protocol fee
let fee = output * 500 / 10000; // 5% = 500 basis points
let net_output = output - fee;
// Atomic state updates
ctx.accounts.pool.sol_reserve += params.input_amount;
ctx.accounts.pool.token_reserve -= output;
// Transfer tokens to recipient
transfer_tokens(ctx.accounts.recipient, net_output)?;
// Distribute fees
distribute_fees(fee, &ctx.accounts.fee_recipients)?;
emit!(SwapExecuted { ... });
Ok(())
}✅ Phase 4: Settlement (~13 seconds)
Settlement occurs through Solana's Tower BFT consensus mechanism. After 32 block confirmations, the transaction achieves practical finality with cryptographic guarantees against reversal.
👁️ Phase 5: Post-Transaction Monitoring (Ongoing)
Post-transaction monitoring implements continuous compliance oversight:
Function | Description |
|---|---|
🔬 Real-time pattern analysis | Machine learning models analyze transaction patterns for suspicious activity |
🚩 Flagging queue | Transactions meeting review thresholds enter compliance team queue |
📋 SAR evaluation | Suspicious Activity Report filing determination for flagged transactions |
📊 Regulatory reporting | Automated generation of required regulatory filings |
2.4.3 ⚠️ Error Handling & Recovery
OTCM implements comprehensive error handling with specific error codes enabling rapid diagnosis:
Code | Error Type | 🔧 Recovery Action |
|---|---|---|
❌ 6001 | Insufficient Custody Backing | Wait for oracle update or reduce amount |
🚫 6002 | OFAC Sanctioned Address | Transaction permanently blocked |
⚠️ 6003 | AML Risk Threshold Exceeded | Contact compliance for review |
🪪 6004 | KYC/Accreditation Invalid | Complete verification via portal |
🛑 6006 | Circuit Breaker Triggered | Reduce order size or wait for TWAP reset |
💧 6007 | Liquidity Ratio Violation | Reduce order size below pool limits |
2.5 🔌 System Integration Architecture
OTCM Protocol integrates with multiple external systems to deliver comprehensive securities trading functionality. This section documents API specifications, authentication protocols, and data exchange formats.
2.5.1 🏛️ Empire Stock Transfer Integration
The Empire Stock Transfer integration provides the custody verification foundation for all ST22 token operations:
typescript
// Custody Oracle API Specification
interface CustodyOracleResponse {
issuer_cik: string; // SEC CIK number
cusip: string; // CUSIP identifier
share_class: 'SERIES_M'; // Always Series M
custodied_balance: u64; // Verified share count
last_verification: i64; // Unix timestamp
attestation_signature: string; // Ed25519 signature
audit_hash: string; // SHA-256 of audit data
}
// API Endpoint
GET https://api.empirestocktransfer.com/v1/custody/{issuer_cik}
Authorization: Bearer {api_key}
X-Oracle-Signature: {signature}2.5.2 🔮 Compliance Oracle Network
🚫 OFAC Screening API:
json
// OFAC Screening Request
POST https://oracle.otcm.io/v1/ofac/screen
{
"wallet_address": "7xKXt...",
"transaction_type": "transfer",
"counterparty": "9yMPs..."
}
// Response
{
"status": "CLEAR" | "MATCH" | "PARTIAL_MATCH",
"sdn_match_confidence": 0.0 - 1.0,
"last_list_update": "2025-12-22T00:00:00Z",
"verification_id": "uuid"
}2.5.3 📋 External API Specifications
System | Protocol | Auth Method | Rate Limit |
|---|---|---|---|
🏛️ Empire Stock | REST/JSON | API Key + Signature | 1,000/min |
🔬 Chainalysis | REST/JSON | OAuth 2.0 | 10,000/hour |
📋 SEC EDGAR | REST/XML | User-Agent ID | 10/sec |
📡 Helius RPC | JSON-RPC 2.0 | API Key | 500/sec |
2.6 ⚡ Performance Engineering
OTCM Protocol's performance engineering balances compliance verification requirements with user experience expectations. This section documents throughput optimization strategies, latency management approaches, and scalability architecture.
2.6.1 📊 Throughput Optimization
While Solana theoretically supports 65,000+ TPS, OTCM's compliance verification overhead reduces effective throughput to 400-600 TPS. This remains substantially higher than required for securities trading while ensuring every transaction passes compliance checks.
Throughput Analysis:
Metric | ☀️ Solana Theoretical | 🏦 OTCM Effective |
|---|---|---|
⚡ Peak TPS | 65,000+ | 400-600 |
📅 Daily Capacity | 5.6B transactions | ~50M transactions |
⏱️ Compliance Overhead | N/A | 750-1,350ms/tx |
2.6.2 ⏱️ Latency Management
End-to-end latency for a typical CEDEX trade:
Phase | Latency |
|---|---|
📤 User submission to RPC | 50-100ms |
🪝 Transfer Hook verification | 750-1,350ms |
💹 Swap execution | 400-600ms |
✅ Block confirmation (first) | ~400ms |
⏱️ TOTAL (to confirmation) | 1.6-2.5 seconds |
🔒 Full finality (32 blocks) | ~13 seconds |
2.6.3 📈 Scalability Architecture
OTCM's scalability strategy leverages Solana's Sealevel parallel execution for horizontal scaling of non-conflicting transactions:
Strategy | Description |
|---|---|
🔀 Token Pair Isolation | Trades in different ST22 tokens execute in parallel (no account overlap) |
💾 Oracle Caching | Compliance oracle results cached for 1 block (~400ms) to reduce redundant queries |
📦 Batch Processing | Off-chain systems aggregate compliance data for efficient on-chain verification |
🌍 Geographic Distribution | Multi-region RPC deployment minimizes network latency globally |
2.7 🔒 Security Architecture
OTCM implements a defense-in-depth security model with multiple overlapping protection layers. This approach ensures that compromise of any single security control does not result in system-wide vulnerability.
2.7.1 🛡️ Defense-in-Depth Model
Layer | Protection Mechanism | Threat Mitigated |
|---|---|---|
🌐 Network | WAF, DDoS protection, rate limiting | Network-level attacks, flooding |
🖥️ Application | Input validation, CSRF protection, CSP | Injection, XSS, session hijacking |
📜 Smart Contract | Formal verification, audit, bug bounty | Logic bugs, reentrancy, overflow |
⚖️ Compliance | Transfer Hooks, 42-point security | Unauthorized trading, sanctions evasion |
🔐 Custody | Multi-sig, HSM, custody verification | Asset misappropriation, insider threat |
2.7.2 🔐 Cryptographic Standards
OTCM employs industry-standard cryptographic primitives:
Function | Standard |
|---|---|
🔑 Key Derivation | Ed25519 for Solana wallet signatures (128-bit security equivalent) |
#️⃣ Hashing | SHA-256 for transaction verification, Blake3 for high-performance hashing |
🔒 Encryption | AES-256-GCM for data at rest, TLS 1.3 for data in transit |
✍️ Oracle Signatures | Ed25519 signatures on all oracle attestations for non-repudiation |
2.7.3 🎯 Attack Surface Analysis
The following attack vectors have been analyzed and mitigated:
Attack Vector | Mitigation |
|---|---|
🥪 MEV/Frontrunning | Jito bundle integration routes transactions through validator bundles that resist frontrunning. Circuit breakers (2% TWAP deviation) limit profitability of sandwich attacks. |
🔮 Oracle Manipulation | Multi-oracle architecture requires consensus across Empire Stock Transfer, OFAC, and blockchain analytics sources. Single oracle compromise cannot affect transaction verification. |
🚨 Rug Pull Attempts | Permanent liquidity locks enforced by smart contract make liquidity withdrawal mathematically impossible. Override requires 2/3 DAO supermajority plus 48-hour timelock. |
🐛 Smart Contract Exploits | Formal verification using Certora, security audits by Quantstamp and Halborn, active bug bounty program with up to $100K rewards. |
2.8 🌐 Deployment Topology
OTCM Protocol deploys across multiple regions with redundant infrastructure ensuring high availability:
┌─────────────────────────────────────────────────────────────────────────┐
│ 🌐 OTCM DEPLOYMENT TOPOLOGY │
└─────────────────────────────────────────────────────────────────────────┘
┌───────────────┐ ┌───────────────┐
│ 🇺🇸 US-EAST │ │ 🇺🇸 US-WEST │
│ (Primary) │◄─────►│ (Secondary) │
└───────┬───────┘ └───────┬───────┘
│ │
└───────────┬───────────┘
│
┌───────────┴───────────┐
│ ⚖️ GLOBAL LOAD │
│ BALANCER │
└───────────┬───────────┘
│
┌───────────────────────────┼───────────────────────────┐
│ │ │
┌──────┴──────┐ ┌──────┴──────┐ ┌──────┴──────┐
│ 🇪🇺 EU-WEST │ │ 🇯🇵 APAC │ │ 🇧🇷 LATAM │
│ (DR Site) │ │ (Edge) │ │ (Edge) │
└─────────────┘ └─────────────┘ └─────────────┘
🏗️ Infrastructure: Kubernetes (K8s)
🌐 CDN: Cloudflare
📡 RPC: Helius + Triton━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
© 2025 OTCM Protocol, Inc. | All Rights Reserved