๐๏ธ Section 2: Technical Architecture
โ๐๏ธSECTheCATEGORYcomplete1nine-layerCOMPLIANTinfrastructure|stackIssuer-SponsoredandTokenizedhowSecuritieseachpursuantlayer integrates toSECformDivisionaofunified,Corporationcompliance-nativeFinance,tradingDivisionplatformofforInvestmenttokenizedManagement, and Division of Trading and Markets Joint Statement dated January 28, 2026securities.
๐๏ธ SECTION 2: TECHNICAL ARCHITECTURE
๐๏ธ 2.1 ๐๏ธ Layered Architecture Overview
๐น 2.1.1 The Nine-Layer Technology Stack
The OTCM Protocol implementsL2 is not a sophisticatedsingle five-application but a comprehensive nine-layer architectureinfrastructure engineeredstack, specificallyeach forlayer institutional-grade,serving SEC-complianta securitiesdistinct tradingand onirreplaceable function. The stack is designed so that security enforcement occurs at the Solanalowest blockchain.possible layer (Layer 2), ensuring that no higher-layer component can bypass, override, or selectively apply the 42 Transfer Hook security controls. This architecture representseliminates athe fundamentalattack departuresurface fromthat traditionalexists DeFiin protocols,platforms which typically prioritize transaction speed over compliance. OTCM's design philosophy places regulatorywhere compliance andis investor protectionimplemented at the protocolapplication levellayer whilerather leveraging Solana's exceptional performance characteristics to deliver sub-second transaction finality.
The architectural decisions reflectthan the SEC'stoken Januarytransfer 28, 2026 guidance establishing Category 1 (Issuer-Sponsored Tokenized Securities) as the favored regulatory framework, combined with lessons learned from both traditional securities infrastructure and the cryptocurrency ecosystem:primitive.
|
|
|
|
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
| |
Layer |
| OTCM's | |
Layer | CEDEX | Centralized Exchange with Decentralized settlement โ the OTCM trading interface exclusively for ST22 tokens. Combines Web2 user experience with Web3 settlement finality. See Section 4. | |
Layer 6 | Oracle Network | Real-time oracles monitoring SEC EDGAR filings, OTC Markets data, custody verification feeds, and price discovery. Feeds are critical for Transfer Hook decision logic and Predictive AI Module scoring. | |
Layer 7 | DAO Governance | Decentralized Autonomous Organization with multi-tier on-chain voting for protocol upgrades, fee adjustments, and parameter changes. Prevents any single party from unilaterally altering security controls. | |
Layer 8 | Wallet Infrastructure | Native iOS and Android Web3 wallets enabling retail and institutional investors to hold, send, and receive ST22 tokens with full KYC/AML compliance enforced at the wallet level. | |
Layer 9 | Predictive Marketing AI Module | The intelligence layer powering the OTCM commercial engine. A proprietary AI system continuously monitors SEC EDGAR filings (Form D, 10-K/Q NLP, 8-K triggers, DEF 14A proxy data) and OTC Markets Group tier data across approximately 15,000 U.S. OTC companies, building a daily-refreshed Issuer Distress and Opportunity Score. The AI simultaneously operates an investor-side behavioral profiling engine targeting verified accredited wallets on Solana for ST22 launch campaigns. Launch Timing Optimization modeling forecasts optimal bonding curve windows by analyzing competing launch schedules, RPC congestion, sentiment cycles, and historical volume correlation. All AI capabilities are gated behind OTCM Security Token staking tiers and each operation burns tokens permanently โ creating deflationary demand driven by platform success. See Section 7 for full specification. |
The
nine-layer architecture represents a deliberate departure from existing DeFi infrastructure, which was designed for permissionless token movement rather than securities compliance. Each layer was purpose-built for tokenized securities โ integrating custody verification (Layer 6 Oracle Network), investor eligibility enforcement (Layer 2 Transfer Hooks), and intelligent issuer/investor discovery (Layer 9 Predictive Marketing AI) into a unified stack that functions as a single coherent system rather than a collection of third-party integrations.
๐น 2.1.12 ๐ฏProtocol Five-Layer Design Philosophy
The five-nine-layer architecture followsenforces the principle ofstrict separation of concerns, where each layer handles specifica responsibilitiesdistinct responsibility with well-defined interfaces to adjacent layers. This design enables independent scaling, testing, and upgrading of individual layers while maintaining system integrityโand ensures Category 1 compliance is enforced at every level.integrity.
Layer | Name | Primary Responsibility |
|
|---|---|---|---|
Layer 1 | Application Layer | User interfaces, portal access, experience management |
|
Layer 2 | Compliance Enforcement | Transfer Hooks, KYC/AML, OFAC, securities law automation |
|
Layer 3 | Trading & Liquidity | CEDEX engine, bonding curves, CPMM, liquidity pools |
|
Layer 4 | Blockchain Infrastructure | Solana L1, RPC nodes, consensus, finality |
|
Layer 5 | External Integration | Custody verification, oracles, SEC EDGAR, analytics |
|
๐น 2.1.2 ๐3 Architecture Diagram
The following diagram illustrates the nine-layer logical architecture and directional data flows:
// OTCM Protocol โ Nine-Layer Architecture
// (Layer 1 = Foundation / Layer 9 = Intelligence)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ฅ๏ธ LAYER 1:9: APPLICATIONPREDICTIVE MARKETING AI MODULE โ
โ EDGAR NLP โ IDOS Scoring โ Investor Targeting โ Launch Timing Optimizer โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Feeds issuer + investor pipeline
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโดโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โLAYER โ8: IssuersWALLET INFRASTRUCTURE โ
โ CEDEXiOS Wallet โ โAndroid StakingWallet โ โKYC/AML Investorat wallet โ โHW โVault โ Portal โ โ Trading โ โ Interface โ โ Portal โ โsupport โ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโฌโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Governance
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 7: DAO GOVERNANCE โ
โ On-chain proposals โ 48hr timelock โ Security param governance โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Trade routing + settlement
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 5: CEDEX (CategoryCentralized-Decentralized 1Exchange) Issuerโ
Onboardingโ &Bonding CompliantCurve Trading)โ CPMM post-grad โ Order matching โ Compliance UI โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AMM execution
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 4: CUSTOM AMM ENGINE โ
โ Token-2022 native โ Price discovery โ Fee routing (5% protocol) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Liquidity depth
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 3: FEDERATED LIQUIDITY PROTOCOL (FLP) โ
โ Per-issuer sovereign pools โ Cross-pool federation โ Permanent locks โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Oracle feeds for hook logic
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 6: ORACLE NETWORK โ
โ EST Custody โ OFAC/SDN โ Chainalysis/TRM โ SEC EDGAR โ Price Feeds โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Enforces 42 controls on every transfer
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 2: SECURITY ENFORCEMENT โ SPL TOKEN-2022 TRANSFER HOOKS โ
โ Hook 1: Custody โ Hook 2: OFAC โ Hook 3: AML โ Hooks 4-6 + 36 Supp. โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Consensus + settlement finality
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LAYER 1: SOLANA FOUNDATION โ
โ 65,000+ TPS โ 400ms blocks โ PoH + Tower BFT โ Gulf Stream โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ LAYER 2: COMPLIANCE ENFORCEMENT โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ SPL Token-2022 Transfer Hooks โ โ
โ โ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โ โ
โ โ โCustody โโโ OFAC โโโ AML โโโ KYC โโโ Price โโโLiquidityโ โ โ
โ โ โ Oracle โ โScreeningโ โ Check โ โVerify โ โ Impact โ โ Ratio โ โ โ
โ โ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ (42 Security Controls โ Investor Protection Enforcement) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐น LAYER 3: TRADING & LIQUIDITY โ
โ โโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CEDEX Engine โ โ OTCM Liquidity โ โ
โ โ โโโโโโโโโโโโโโโโโโ โ โ Pool โ โ
โ โ โ Bonding Curves โ โ โโโโโโโโโโโ โ โโโโโโโโโโโโโโโโโโ โ โ
โ โ โ CPMM โ โ โ โ Permanent Lock โ โ โ
โ โ โโโโโโโโโโโโโโโโโโ โ โ โโโโโโโโโโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ โ
โ (Full Token-2022 Transfer Hook Support) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ LAYER 4: BLOCKCHAIN INFRASTRUCTURE โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Solana Layer 1 โ โ
โ โ PoH + Tower BFT + Sealevel + Turbine + Gulf Stream + Cloudbreak โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ (Settlement Certainty for Securities) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ LAYER 5: EXTERNAL INTEGRATION โ
โ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ โ Empire โ โ OFAC โ โ Chainalysisโ โ SEC โ โ
โ โStock Trans.โ โ Oracle โ โ /TRM Labs โ โ EDGAR โ โ
โ โ(SEC-Reg'd) โ โ โ โ โ โ โ โ
โ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ (SEC-Registered Custody + Compliance Data Sources) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโNote:
Layer 6 (Oracle Network) feeds Layer 2 (Security Enforcement) directly with real-time custody, sanctions, and AML data. Layer 9 (AI Module) operates as an intelligence overlay โ consuming Layer 6 oracle feeds and populating the issuer pipeline that feeds qualified candidates into the Issuers Portal and Layer 5 CEDEX launch mechanism.
๐น 2.1.3 ๐4 Cross-Layer Communication
Inter-layer communication follows strict protocols ensuring data integrity,integrity and system reliability, and continuous Category 1 compliance verification:reliability:
โฌ๏ธ
Downward Communication (Request Flow):
ApplicationActions layerat requestsLayer traverse9 (AI Module), Layer 8 (Wallet), or Layer 5 (CEDEX) flow downward through compliance,Layer trading,2 blockchain,(Security andEnforcement) externalfor layersTransfer sequentially.Hook Eachverification, layerdrawing validates inputs, performs its specific function, and passes validatedoracle data tofrom theLayer next layer. Compliance verification occurs6, before anysettling tradingon execution.Layer 1 (Solana).Downward Communication (Request Flow): Actions at Layer 9 (AI Module), Layer 8 (Wallet), or Layer 5 (CEDEX) flow downward through Layer 2 (Security Enforcement) for Transfer Hook verification, drawing oracle data from Layer 6, before settling on Layer 1 (Solana).
โฌ๏ธ
Upward Communication (Response Flow):
ResultsSettlement confirmations propagate upward from Layer 1 through Layer 2 compliance acknowledgement, Layer 6 oracle confirmation, and into the sameuser-facing path,interfaces at Layer 5 / Layer 8, with full on-chain audit trail written at each layer.Upward Communication (Response Flow): Settlement confirmations propagate upward from Layer 1 through Layer 2 compliance acknowledgement, Layer 6 oracle confirmation, and into the user-facing interfaces at Layer 5 / Layer 8, with full on-chain audit trail written at each layer.
Horizontal Communication: Horizontal Communication: Components within each layer addingcommunicate itsvia processingdefined results.internal TheAPIs. applicationLayer layer receives comprehensive transaction status including compliance verification results7 (allDAO 42Governance) controls),has tradinga executionunique details,horizontal relationship: passed governance proposals write directly to parameter configurations in Layer 2, Layer 3, and blockchainLayer confirmation.4 via a 48-hour timelock mechanism โ the only cross-layer write path not triggered by a token transfer event.
โ๏ธโก Horizontal Communication
Within each layer, components communicate through defined APIs. The compliance layer's Transfer Hooks execute sequentially, sharing state through Solana's account model. The trading layer's CEDEX and Liquidity Pool components share price and reserve data through on-chain state.
2.2 โ๏ธLayer 1: Solana Layer 1Blockchain Foundation
OTCM Protocol's technical foundation rests on Solana, a monolithic Layer 1 blockchain protocol designed for high-throughput, low-latency transaction processing. Unlike modular blockchains (such as Ethereum) that offload scaling to Layer 2 solutions, Solana handles all transaction processing, state management, and consensus directly on its base layerโa critical characteristic for securities trading where settlement certainty and deterministic execution are paramount.paramount.
๐น 2.2.1 ๐ฏ Why Solana: Technical Rationale for Category 1 Compliance
The selection of Solana as OTCM's blockchain infrastructure reflects careful analysis of securities trading requirements mapped against available blockchain capabilities:
Requirement |
|
|
|
|---|---|---|---|
Transaction Throughput | Ethereum: 15-30 TPS | 65,000+ TPS theoretical |
|
Block Time | Ethereum: ~12 seconds | 400ms slots |
|
Transaction Cost | Ethereum: $1-$50+ | $0.0001 - $0.0025 |
|
Finality Time | Ethereum: ~6 minutes | ~13 seconds (32 blocks) |
|
Smart Contract Model | Ethereum: Sequential EVM | Parallel Sealevel execution |
|
Token Standard | ERC-20/ERC-1400 | SPL Token-2022 + Transfer Hooks |
|
๐ก Critical Design
Decision:DecisionSPL Token-2022's Transfer Hook extension enables OTCM to execute compliance verification during every token transfer at the protocol levelโa capability not available on Ethereum or most other blockchains without complex, gas-intensive proxy patterns.
This๐น
is essential forCategory 1 investor protection requirements.
2.2.2 ๐ Core Protocol Innovations
Solana achieves its exceptional performance through eight core innovations within its base layer. Understanding these innovations is essential for comprehending how OTCM's compliance-intensive operations execute efficiently while satisfying Category 1 requirements:efficiently:
โฑ๏ธ 1.
Proof of History (PoH)
Proof of History functions as a "cryptographic clock" that timestamps transactions before they enter consensus. Traditional blockchains require nodes to communicate extensively to agree on transaction ordering and timing. PoH pre-establishes a verifiable sequence of events through a SHA-256 hash chain, where each hash depends on the previous output.
// PoH Sequence Generation // Proof of History Hash Chain
๐ฆhash_nCategory= SHA256(hash_n-1)hash_n+1 = SHA256(hash_n)
// Each hash proves a specific amount of time has passed // Validators can verify order without communicationOTCM Application: Transfer Hook verification benefits from PoH's pre-established ordering. Compliance checks execute in deterministic sequence without consensus delays, enabling the 750-1,250ms total verification time despite six sequential hooks.
This ensures investor protection checks complete before any transfer executes.
๐ผ 2.
Tower BFT
Tower BFT represents Solana's custom implementation of Practical Byzantine Fault Tolerance (PBFT) consensus, optimized to leverage PoH as its clock source. Traditional PBFT requires O(nยฒ) message complexity for n validators; Tower BFT reduces this through PoH-synchronized voting.
Consensus Parameters:
|
|
|
|---|---|---|
| Lockout: Validators commit to votes with exponentially increasing lockout periods |
|
| Cost: Switching votes becomes exponentially more expensive over time |
|
| 32-block confirmation provides practical finality (~13 seconds) |
|
โก 3. Sealevel: Parallel Smart Contract Execution
Sealevel is Solana's parallel execution engine that processes thousands of smart contracts simultaneously. Unlike Ethereum's sequential EVM, Sealevel identifies non-overlapping transactions and executes them in parallel across available CPU cores.
// Sealevel identifiesParallel Scheduling
// Transaction Parallelization Logic
fn schedule_transactions(txs: Vec<Transaction>) -> ExecutionPlan {
// Group transactions by account dependenciesaccess automaticallypatterns
let read_only: Vec<&Transaction> = filter_read_only(txs);
let write_sets: HashMap<Account, Vec<Transaction>> = group_by_writes(txs);
// Transactions touching different accounts execute in parallel
// Transactions touching same accountsaccount serializeexecute for atomicity
// OTCM leverages this for:
// - Parallel compliance verification across different token pairs
// - Concurrent custody oracle queries
// - Simultaneous trading operations in non-overlapping marketssequentially
๐ฆExecutionPlan::optimize(read_only,Categorywrite_sets)1}
OTCM Application: CEDEX trading transactions touching different ST22
TokenizedtokenSecuritiespairs execute in parallel, enabling the platform to handle hundreds of concurrent trades. Transactions involving the same token pair serialize automatically, ensuring atomic stateupdatesupdates.andconsistent compliance enforcement.
๐ 4.
Turbine: Block Propagation Protocol
Turbine addresses the bandwidth bottleneck of block propagation by breaking blocks into smaller packets distributed through a tree structure. Each validator receives partial data and forwards it to downstream validators, achieving O(log n) propagation complexity.
Block Propagation Specifications:
|
|
|---|---|
| Size: 64KB shreds (erasure-coded fragments) |
| Factor: Each node forwards to 200 downstream nodes |
| 67% of shreds required to reconstruct complete block |
๐ 5. Gulf Stream: Mempool-less Transaction Forwarding
Gulf Stream eliminates the traditional mempool by forwarding transactions to upcoming leader validators before the current block finalizes. This reduces confirmation latency and memory pressure across the network.
๐ฆCategory 1OTCM Application: CEDEX transactions forward immediately to the next leader, reducing the time between user submission and inclusion in a block. This enables the sub-second user experience despite comprehensive complianceverificationโinvestorverification.protection without user experience degradation.
โ๏ธ 6.
Cloudbreak: Horizontally Scaled Account Database
Cloudbreak implements Solana's account database using memory-mapped files optimized for concurrent reads and writes. The system supports parallel access patterns essential for high-throughput trading operations.
๐ง 7.
Pipelining: Transaction Processing Unit
Solana's transaction processing pipeline operates similarly to CPU instruction pipelining, with distinct stages for data fetching, signature verification, banking (state changes), and recording. Different transactions occupy different pipeline stages simultaneously.
Stage 1 | Stage 2 | Stage 3 | Stage 4 |
|---|---|---|---|
|
|
|
|
GPU | GPU | CPU | Kernel |
๐ 8.
Archivers: Distributed Ledger Storage
Archivers are specialized nodes responsible for distributed ledger storage, keeping transaction history accessible without overburdening validators. This separation of concerns enables validators to maintain high performance while ensuring complete historical data availability for compliance and audit purposesโessential for securities law requirements.purposes.
๐น 2.2.3 ๐ Consensus Mechanism Deep Dive
Solana employs a hybrid consensus mechanism combining Proof of History (PoH) with Delegated Proof of Stake (dPoS). This hybrid approach achieves Byzantine Fault Tolerance while maintaining the throughput necessary for SEC-compliant securities trading applications.applications.
๐
Consensus Flow:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ- Leader
โSelection: 1๏ธโฃA TRANSACTIONdeterministic SUBMISSIONschedule โrotates โleader Userresponsibility signsamong ST22validators transferbased โon stake weight - Block Production: The leader validator receives transactions via Gulf Stream
forwardsand toproduces leaderblocks โwith โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโPoH โtimestamps - Block
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโPropagation: โTurbine 2๏ธโฃ POH TIMESTAMPING โ
โ Transaction receives cryptographic timestamp โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 3๏ธโฃ TRANSFER HOOK EXECUTION โ
โ All 42 compliance controls verified (750-1,350ms) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 4๏ธโฃ BLOCK INCLUSION โ
โ Leader includes verified transaction indistributes block โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 5๏ธโฃ TURBINE PROPAGATION โ
โ Block shreds distributedthrough acrossthe validator network โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 6๏ธโฃ TOWER BFT VOTING โ
โ - Voting: Validators vote on block validity
โusing โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโTower โBFT โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโwith โexponential 7๏ธโฃlockout - Finality:
FINALITYAfter 32 confirmations (~13 seconds), โtransactions โachieve 32-blockpractical confirmationfinality
โ๐น Securities settlement complete โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
2.2.4 ๐ Network Performance Specifications
Metric | Specification | OTCM Utilization |
|
|---|---|---|---|
Theoretical TPS | 65,000+ | 400-600 TPS (compliance overhead) |
|
Block Time (Slot) | 400ms | Used for PoH synchronization |
|
Finality Time | ~13 seconds (32 blocks) | Settlement certainty for trades |
|
Transaction Cost | $0.0001 - $0.0025 | ~5,000 lamports base fee |
|
Architecture Type | Monolithic L1 | No L2 dependency for settlement |
|
Consensus | PoH + dPoS (Tower BFT) | Deterministic ordering |
|
๐ 2.3 ๐ฒ Layer-by-Layer Technical Specifications
This section provides detailed technical specifications for each architecturallayer layer,of the nine-layer architecture, including interface definitions, performance requirements, and implementationintegration detailsโallprotocols. designedLayers toare satisfygrouped Categoryby 1functional compliancerelationship requirements.where appropriate.
๐น 2.3.1 ๐ฅ๏ธLayers Layer1, 1:8 Application& Layer
9: Application, Wallet & AI Module
The Application Layer provides user-facing interfaces enabling interaction with OTCM Protocol. All interfaces share common authentication, state management, and API connectivity patterns while presenting specialized functionality for different user typesโwith Category 1 compliance integrated throughout.types.
๐ช
Issuers Portal
Purpose: Comprehensive onboarding and management interface for companies tokenizing securities through OTCM Protocol under the Category 1 (Issuer-Sponsored) framework.Protocol.
Core Functions:
|
|
|
|---|---|---|
| Registration: SEC CIK validation, corporate document upload, authorized signatory verification |
|
| Configuration: Share class creation parameters, conversion ratios, custody arrangements |
|
| Management: Minting authorization, vesting schedule configuration, treasury management |
|
| Dashboard: Real-time trading analytics, regulatory reporting, investor cap table |
|
|
|
|
Technology Stack:
Component | Technology Stack |
|---|---|
Frontend Framework | React 18+ with TypeScript, TailwindCSS |
State Management | Redux Toolkit with RTK Query for API caching |
Wallet Integration | Solana Wallet Adapter (Phantom, Solflare, Ledger) |
Authentication | SIWS (Sign-In With Solana) + JWT sessions |
Document Processing | DocuSign API for legal signatures, S3 for storage |
๐ฆ
CEDEX Trading Interface
Purpose: Real-time trading interface enabling ST22 Tokenized Securitiestoken transactions with integrated Category 1 compliance verification.verification.
Core Functions:
|
|
|
|---|---|---|
| Discovery: Token listing, price charts, volume analytics, market depth visualization |
|
| Execution: Market orders, limit orders, swap interface with slippage protection |
|
| Management: Holdings display, transaction history, P&L tracking |
|
| Status: Real-time KYC status, verification requirements, restriction alerts |
|
๐ฅฉ Staking Interface
Purpose: Staking management dashboard for OTCM Utility Tokentoken holders participating in protocol governance and rewards.
๐Note:The OTCM Utility Token is structured and marketed as a utility token with functionality and governance rights, distinct from ST22 Tokenized Securities.
Core Functions:
|
|
|---|---|
| Management: Deposit/withdraw OTCM tokens, delegation to validator nodes |
| Tracking: APY display (8- |
| Management: 2.6-day epoch visualization, reward distribution timing |
| Voting on protocol proposals, delegation to representatives DAO Governance Interface (Layer 7) Purpose: On-chain governance portal for OTCM Security Token holders to propose and vote on protocol parameter changes, security control updates, and treasury decisions. |
Core Functions:
- Proposal Management: Submit, review, and vote on protocol governance proposals with quorum requirements
- Security Control Governance: Multi-tier voting required for any Transfer Hook parameter change
- Timelock Enforcement: 48-hour execution delay on all passed proposals
- Treasury Oversight: DAO governance over OTCM Protocol development fund allocation Web3 Wallet Application (Layer 8)
Purpose: Native iOS and Android wallet applications for compliant ST22 token management.
Core Functions:
- Portfolio Management: Multi-issuer ST22 holdings display, transaction history, P&L tracking
- Embedded KYC/AML: Inline accreditation verification and compliance status display
- Token Operations: Send, receive, stake, and redeem ST22 with full Transfer Hook enforcement
- Institutional Support: Ledger and Trezor hardware wallet integration; multi-sig custody Predictive Marketing AI Dashboard (Layer 9)
Purpose: Intelligence interface exposing AI module capabilities for issuers and operators.
Core Functions:
- IDOS Dashboard: Real-time Issuer Distress and Opportunity Score rankings across 15,000+ OTC companies
- Investor Pool Analytics: Qualified accredited wallet targeting for ST22 launch campaigns
- Launch Timing: Launch Readiness Score monitoring and optimal window recommendations
- Burn Analytics: Real-time on-chain tracking of OTCM token burns from AI module operations
๐น 2.3.2 โ๏ธ Layer 2: ComplianceSecurity Enforcement Layerโ SPL Token-2022 Transfer Hooks
TheLayer Compliance2 Enforcement(Security LayerEnforcement) implements OTCM's 42-pointcontrol security architecture through SPL Token-2022 Transfer Hooks.Hooks, Thisintercepting layerevery representsST22 transfer before it completes. Oracle data from Layer 6 feeds real-time custody balances, sanctions lists, and AML scores into each hook's decision logic. See Section 3 for the protocol'sfull core innovation: automated securities law compliance at the smart contract level, satisfying the SEC's Category 1 investor protection requirements.specification:
๐ช
Transfer Hook Architecture
SPL Token-2022's Transfer Hook extension enables custom program execution during every token transfer. OTCM leverages this capability to implement six sequential compliance verification hooks that satisfy Category 1 investor protection requirements:hooks:
Hook | Function | Data Source | Latency | Error |
|
|---|---|---|---|---|---|
Hook 1 | Custody Verification | Empire Stock API | 100-150ms | 6001 |
|
Hook 2 | OFAC Screening | SDN List Oracle | 200-500ms | 6002 |
|
Hook 3 | AML Analytics | Chainalysis/TRM | 300-400ms | 6003 |
|
Hook 4 | Redemption Eligibility | KYC Registry | 50-100ms | 6004 |
|
Hook 5 | Price Impact Limit | TWAP Oracle | 50-100ms | 6006 |
|
Hook 6 | Liquidity Ratio | Pool State | 50-100ms | 6007 |
|
TOTAL | Complete Verification Pipeline | โ | 750-1,350ms | โ |
|
๐ก Atomic Execution
Guarantee:GuaranteeIf any Transfer Hook returns an error, the entire transaction reverts atomically. This ensures that non-compliant transfers can never
execute,execute, even partially. Solana's account model and Sealevel's transaction isolation guarantee thisatomicityโinvestoratomicity.protection that cannot be circumvented.
๐
Hook Implementation Details
Hook 1 โ Custody Verification Oracle (Category 1: True Equity Backing):Oracle:
// Hook 1: Custody Verification Hook - Ensures 1:1 backing requirement(Rust/Anchor)
pub fn verify_custody(ctx: &Pubkey,Context<CustodyVerification>,
transfer_amount: u64,
) -> Result<(), ComplianceError> {
let custody_balanceoracle_data = empire_oracle::get_custody_balance(token_mint)ctx.accounts.custody_oracle.load()?;
let circulating_supplytotal_circulating = token::get_circulating_supply(token_mint)?;ctx.accounts.mint.supply;
let custodied_shares = oracle_data.verified_balance;
// VerifyEnsure 1:1tokens never exceed custodied backing
ratio (Category 1 requirement)
require!(total_circulating >+ transfer_amount <= circulating_supply,custodied_shares,
OtcmError::InsufficientCustodyBackingInsufficientCustody // Error 6001
);
emit!(CustodyVerified Verify{ transfertimestamp: won'tClock::get()?.unix_timestamp exceed custody capacity
require!(
custody_balance >= circulating_supply + transfer_amount,
ComplianceError::CustodyCapacityExceeded
});
Ok(())
}}
Hook 3 โ AML Risk Scoring:
The AML verification hook implements a three-tier risk scoring system:
|
|
|
|---|---|---|
0- | 30: Automatic approval |
|
Score 31- | 70: Enhanced review |
|
Score 71- | 100: Automatic rejection |
|
๐ก๏ธ๐น Additional Security Controls (42 Total)
Beyond the six Transfer Hooks, OTCM implements 36 additional security controls including:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.3.3 ๐นLayers 3, 4 & 5: Federated Liquidity, Custom AMM & CEDEX
Layers 3, 4, and 5 form the integrated trading and liquidity stack. Layer 3:3 Trading &(Federated Liquidity InfrastructureProtocol)
Themanages Tradingsovereign &per-issuer Liquidityliquidity Infrastructurepools. layerLayer implements CEDEX4 (Centralized-DecentralizedCustom Exchange)AMM) mechanicsis andOTCM's proprietary AMM, purpose-built for Token-2022 compliance. Layer 5 (CEDEX) is the OTCMtrading Liquidityinterface Pool.combining Thiscentralized layerorder leveragesmatching Solana'swith decentralized settlement:Sealevel parallel execution to process multiple trades concurrently while maintaining atomic state updatesโwith full Transfer Hook compliance on every transaction.updates.
๐ฆ
CEDEX Engine
CEDEX operates as a purpose-built trading infrastructure for ST22 Tokenized Securities, combining centralized order matching efficiency with decentralized settlement guarantees:
โ ๏ธWhy CEDEX Exists:Existing DEXs (Raydium, Orca, Meteora)disable Transfer Hooks upon graduation, eliminating all 42 security controls. This would remove all Category 1 investor protections. CEDEX maintains full Transfer Hook support on every trade, ensuring compliance controls remain active throughout the token lifecycle.
๐ Bonding Curve Trading (Pre-Graduation):
New ST22 Tokenized Securitiestokens begin trading on bonding curves using a modified constant product formula:
// CEDEX Bonding Curve Formula
// Bonding Curve Price Formula
price = k(SOL_reserve ร+ delta_SOL) / (Supply)^ntoken_supply Where:- kdelta_tokens)
// With 5% protocol fee:
effective_price = Base price coefficient* (calibrated1.05
per// issuer)Graduation ntriggers when market_cap >= Curve$250,000 steepness (typically 1.5-2.0)
Supply = Current circulating token supply๐ขUSD
CPMM Trading (Post-Graduation):
Upon graduation (market cap โฅ $250,000), tokens transition to Constant Product Market Maker (CPMM) mechanics with deeper liquidity:
// CPMM implementationSwap with Transfer Hook integration
pub fn execute_swap(
pool: &mut LiquidityPool,
amount_in: u64,
minimum_out: u64,
) -> Result<SwapResult, TradingError> {Calculation
// AllCPMM 42Invariant: compliancek controls verified via Transfer Hooks BEFORE swap executes
// (Hooks execute automatically via Token-2022 standard)
// Constant product formula:= x * y =(constant k
let k = pool.reserve_token.checked_mul(pool.reserve_sol)?;
let new_reserve_token = pool.reserve_token.checked_add(amount_in)?;
let new_reserve_sol = k.checked_div(new_reserve_token)?;
let amount_out = pool.reserve_sol.checked_sub(new_reserve_sol)?;product)
// SlippageWhere protectionx require!(amount_out >= minimum_out,SOL TradingError::SlippageExceeded);reserves, y = token reserves
fn calculate_output(input_amount: u64,
input_reserve: u64,
output_reserve: u64,
) -> u64 {
let input_with_fee = input_amount * 9955; // Fee0.45% distributionfee
let numerator = input_with_fee * output_reserve;
let denominator = (5%input_reserve total)* //10000) -+ 0.44% to OTCM LP (permanent liquidity)
// - 4.56% to protocol operations
Ok(SwapResult { amount_out, fee_collected })
}input_with_fee;๐ง
numerator / denominator
}
OTCM Liquidity Pool
The OTCM Liquidity Pool aggregates capital from four sources, creating unified market depth across all ST22 Tokenized Securitiesโwith permanent lock mechanisms that eliminate the counterparty risk identified in Category 2 models:tokens:
Capital Source | Contribution Rate | Lock Status |
|
|---|---|---|---|
Bonding Curve Graduations | $1M-$5M per issuer |
Permanent |
|
Trading Fee Allocation | 0.44% of volume |
Permanent |
|
Staking Reward Reinvestment | 2% of rewards |
Permanent |
|
Initial Protocol Deposit | $2M at launch |
Permanent |
|
๐ Projected LP Growth:
Year 1 | Year 2 | Year 3 | Year 4 | Year 5 |
|---|---|---|---|---|
|
|
|
|
|
โ๐น
Category 1 Alignment:Unlike Category 2 models where intermediary failure can strand investors, OTCM's permanent liquidity locks ensure markets cannot be "rugged"โcounterparty risk eliminated.
2.3.4 โ๏ธ Layer 4:1: Solana Blockchain Infrastructure
Foundation
Layer 41 encompasses(Solana Foundation) provides the Solanabase blockchain infrastructure providing theconsensus, settlement layerfinality, forand network security upon which all OTCMeight operations.higher layers depend. This layer integrates the eight core Solana innovations (detailed in Section 2.2.2) into a cohesive infrastructure supporting securities trading requirements and Category 1 compliance.requirements.
๐ก
RPC Node Architecture
OTCM operates dedicated RPC infrastructure with the following specifications:
|
|
|
|---|---|---|
| RPC: Helius dedicated nodes (500 req/sec, 100 sendTx/sec tier) |
|
| RPC: Triton/QuickNode backup cluster |
|
| Distribution: US-East, US-West, EU-West, APAC nodes |
|
| Protection: Jito bundle integration for frontrunning protection |
|
๐ Transaction Lifecycle on Solana
Understanding Solana's transaction lifecycle is essential for comprehending OTCM's settlement guarantees for tokenized securities:guarantees:
|
|
|
|
|---|---|---|---|
|
| Transaction submitted to RPC node, forwarded via Gulf Stream to upcoming leader |
|
|
| Leader includes transaction in block, Sealevel executes Transfer Hooks in parallel with non-conflicting transactions |
|
|
| Turbine distributes block shreds across validator network |
|
|
| Validators vote on block validity using Tower BFT |
|
|
| Transaction confirmed after 1 block (~400ms) |
|
|
| Practical finality achieved after 32 blocks (~13 seconds) |
|
2.3.5 ๐ Layer 5:6: Oracle Network & External Data & Custody Integration
Layer 56 (Oracle Network) provides the criticalreal-time data bridge between on-chain operationsTransfer Hook enforcement and the off-chain data sources required for Category 1 securities compliance. โ custody verification, sanctions screening, AML scoring, and SEC EDGAR intelligence. This layer implements oracle patterns ensuring data integrity while maintaining the performance requirements of blockchain-based trading.
๐๏ธ
Empire Stock Transfer Integration (SEC-Registered Custody)
Empire Stock Transfer serves as OTCM's qualified custodian,custodian, providing SEC-registered transfer agent services for Series M share custodyโsatisfying the Category 1 regulated custody requirement:custody:
Integration Point | Function |
|
|---|---|---|
Custody Oracle API | Real-time balance verification, cryptographically signed attestations, updated every block (~400ms) |
|
Share Registration | Series M share issuance recording, beneficial ownership tracking, corporate action processing |
|
Redemption Processing | KYC-verified token-to-share conversions, DRS registration, certificate issuance |
|
Audit Reporting | Quarterly custody attestations, regulatory examination support, transaction audit trails |
|
// Empire Stock Transfer Custody Verification API
interface CustodyVerification {
// Query current custody balance for Series M shares
async getCustodyBalance(cusip: string): Promise<CustodyBalance>;
// Verify specific share count at point in time (Category 1: 1:1 backing)
async verifyShareCount(
cusip: string,
expectedCount: number,
timestamp: Date
): Promise<VerificationResult>;
// Get cryptographically signed custody attestation
async getSignedAttestation(cusip: string): Promise<SignedAttestation>;
}
interface CustodyBalance {
cusip: string;
shareCount: number;
lastUpdated: Date;
transferAgentSignature: string; // Ed25519 signature
category1Compliant: boolean; // SEC Category 1 verification
}๐ฎ
Compliance Oracle Network
OTCM's compliance verification relies on a network of specialized oracles supporting Category 1 investor protectionoracles::
|
|
|
|---|---|---|
OFAC/SDN | Oracle: Updates hourly from Treasury Department Specially Designated Nationals list. Implements fuzzy matching algorithms for name variations and aliases. |
|
Blockchain Analytics | Oracle: Integrates Chainalysis KYT (Know Your Transaction) and TRM Labs data. Provides wallet risk scoring based on transaction history, counterparty analysis, and pattern detection. |
|
SEC EDGAR | Integration: Pulls company financial data, filing status, and corporate action information. Used for issuer onboarding verification and ongoing compliance monitoring. |
|
๐ External API Specifications
|
|
|
|
|
|---|---|---|---|---|
|
|
|
|
|
|
|
๐ 2. |
|
|
|
|
|
|
|
|
|
|
|
|
2.4 ๐ Data Flow Specification
This section provides detailed specifications for transaction data flow through OTCM Protocol's five-nine-layer architecture. Understanding this flow is essential for developers integrating with the protocol and auditors verifying Category 1 compliance implementation.implementation.
๐น 2.4.1 ๐ Transaction Lifecycle
Every ST22 Tokenized Securitiestoken transaction follows a deterministic lifecycle from user initiation through settlement and post-transaction monitoringโwith Category 1 compliance verified at each stage:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ PHASE 1: INITIATION (0-50ms) โ
โ User signs transaction โ Submitted to RPC โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ PHASE 2: COMPLIANCE VERIFICATION (750-1,350ms) โ
โ All 6 Transfer Hooks execute sequentially โ
โ 42 security controls verified โ
โ Category 1 requirements confirmed โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโ
โ โ
ALL CHECKS PASS โ โ โ ANY CHECK FAILS โ
โ Continue to Phase 3โ โ Transaction Reverts โ
โโโโโโโโโโโโโโโโโโโโโโโ โ (Investor Protected)โ
โ โโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐น PHASE 3: EXECUTION (400-600ms) โ
โ Swap executes atomically on CEDEX โ
โ Token balances updated โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
PHASE 4: SETTLEMENT (~13 seconds) โ
โ 32-block confirmation via Tower BFT โ
โ Securities settlement finality achieved โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐๏ธ PHASE 5: POST-TRANSACTION MONITORING (Ongoing) โ
โ Pattern analysis, SAR evaluation, regulatory reporting โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ2.4.2 ๐ Five-Phase Processing Model
๐ Phase 1: Initiation (0-50ms)
Transaction initiation begins when a user submits an ST22 transfer through the CEDEX interface:monitoring:
// Transaction initiationLifecycle withDiagram
Category 1 compliance metadata
interface ST22TransferRequest {
// Token identification
tokenMint: PublicKey; // ST22 token mint address
amount: bigint; // Transfer amount
// Parties
sender: PublicKey; // Source wallet
recipient: PublicKey; // Destination wallet
// Category 1 compliance data
complianceMetadata: {
kycVerified: boolean; // Investor verification status
accreditationStatus: AccreditationLevel;
jurisdictionCode: string;
};
// Execution parameters
slippageTolerance: number; // Maximum acceptable slippage
deadline: Date; // Transaction expiration
}โ๏ธ Phase 2: Verification (750-1,350ms)
The verification phase executes all six Transfer Hooks sequentially. Each hook:
๐ Queries its designated oracle or data sourceโ๏ธ Performs verification logic against compliance rules๐ Records verification result in compliance logโ Returns PASS to continue or โ ERROR to revert
๐ก๏ธCategory 1 Guarantee:If ANY hook fails, the ENTIRE transaction reverts atomically. Non-compliant transferscannot execute, even partially.
๐น Phase 3: Execution (400-600ms)
Upon successful verification, transaction execution proceeds atomically:
// Atomic swap execution (only reached after all compliance checks pass)
pub fn execute_verified_swap(
ctx: Context<SwapContext>,
amount_in: u64,
minimum_out: u64,
) -> Result<()> {
// Transfer Hooks have already verified:
// โ
Custody backing (1:1 ratio confirmed)
// โ
OFAC compliance (neither party sanctioned)
// โ
AML risk score (within acceptable range)
// โ
KYC/accreditation (investor verified)
// โ
Price impact (within 2% TWAP limit)
// โ
Liquidity ratio (above 150% minimum)
// Execute atomic swap
let swap_result = pool.execute_swap(amount_in, minimum_out)?;
// Emit compliance event for audit trail
emit!(ComplianceVerifiedSwap {
token_mint: ctx.accounts.token_mint.key(),
sender: ctx.accounts.sender.key(),
recipient: ctx.accounts.recipient.key(),
amount: amount_in,
compliance_timestamp: Clock::get()?.unix_timestamp,
category1_verified: true,
});
Ok(())
}โ
Phase 4: Settlement (~13 seconds)
Settlement occurs through Solana's Tower BFT consensus mechanism. After 32 block confirmations, the transaction achieves practical finality with cryptographic guarantees against reversalโsecurities settlement complete.
๐๏ธ Phase 5: Post-Transaction Monitoring (Ongoing)
Post-transaction monitoring implements continuous compliance oversight:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
2.4.3 โ ๏ธ Error Handling & Recovery
OTCM implements comprehensive error handling with specific error codes enabling rapid diagnosis:
|
|
|
|
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
โInvestor Protection:Every error represents acompliance control working as designedโprotecting investors from non-compliant transactions.
2.5 ๐ System Integration Architecture
OTCM Protocol integrates with multiple external systems to deliver comprehensive Category 1 compliant securities trading functionality. This section documents API specifications, authentication protocols, and data exchange formats.
2.5.1 ๐๏ธ Empire Stock Transfer Integration
The Empire Stock Transfer integration provides the custody verification foundation for all ST22 Tokenized Securities operationsโsatisfying the Category 1 regulated custody requirement:
// Empire Stock Transfer Integration Service
class EmpireStockIntegration {
private readonly apiKey: string;
private readonly baseUrl: string = 'https://api.empirestock.com/v2';
// Verify custody balance (Category 1: True Equity Backing)
async verifyCustodyBalance(
cusip: string,
expectedTokenSupply: bigint
): Promise<CustodyVerificationResult> {
const response = await this.signedRequest('/custody/verify', {
cusip,
expectedSupply: expectedTokenSupply.toString(),
verificationType: 'CATEGORY_1_BACKING'
});
return {
verified: response.shareCount >= expectedTokenSupply,
shareCount: BigInt(response.shareCount),
lastAuditDate: new Date(response.lastAudit),
transferAgentAttestation: response.signedAttestation,
category1Compliant: response.category1Status === 'COMPLIANT'
};
}
// Process redemption (token โ Series M shares)
async processRedemption(
request: RedemptionRequest
): Promise<RedemptionResult> {
// Verify KYC completion (required for redemption)
await this.verifyKycStatus(request.investorId);
// Initiate share transfer
return this.signedRequest('/redemption/initiate', {
cusip: request.cusip,
shareCount: request.tokenAmount,
recipientDrsAccount: request.drsAccount,
category1Verification: true
});
}
}2.5.2 ๐ฎ Compliance Oracle Network
๐ซ OFAC Screening API:
// OFAC Screening Request
POST /compliance/ofac/screen
{
"addresses": [
"7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
"Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS"
],
"screeningLevel": "ENHANCED",
"category1Compliance": true
}
// OFAC Screening Response
{
"results": [
{
"address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
"status": "CLEAR",
"confidenceScore": 0.99,
"lastUpdated": "2026-01-29T10:30:00Z"
},
{
"address": "Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS",
"status": "FLAGGED",
"matchType": "SDN_PARTIAL_NAME",
"confidenceScore": 0.72,
"requiresReview": true
}
],
"category1Verification": "COMPLETE"
}2.5.3 ๐ External API Specifications
|
|
|
|
|
|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.6 โก Performance Engineering
OTCM Protocol's performance engineering balances Category 1 compliance verification requirements with user experience expectations. This section documents throughput optimization strategies, latency management approaches, and scalability architecture.
2.6.1 ๐ Throughput Optimization
While Solana theoretically supports 65,000+ TPS, OTCM's compliance verification overhead reduces effective throughput to 400-600 TPS. This remains substantially higher than required for securities trading while ensuring every transaction passes Category 1 compliance checks.
Throughput Analysis:
|
|
|
|
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
๐กDesign Philosophy:We prioritize compliance certainty over raw throughput. 400-600 TPS with guaranteed investor protection is superior to 65,000 TPS without compliance verification.
2.6.2 โฑ๏ธ Latency Management
End-to-end latency for a typical CEDEX trade:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.6.3 ๐ Scalability Architecture
OTCM's scalability strategy leverages Solana's Sealevel parallel execution for horizontal scaling of non-conflicting transactions:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
2.7 ๐ Security Architecture
OTCM implements a defense-in-depth security model with multiple overlapping protection layers. This approach ensures that compromise of any single security control does not result in system-wide vulnerabilityโessential for Category 1 investor protection.
2.7.1 ๐ก๏ธ Defense-in-Depth Model
|
|
|
|
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.7.2 ๐ Cryptographic Standards
OTCM employs industry-standard cryptographic primitives:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
2.7.3 ๐ฏ Attack Surface Analysis
The following attack vectors have been analyzed and mitigatedโprotecting Category 1 investors:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
2.8 ๐ Deployment Topology
OTCM Protocol deploys across multiple regions with redundant infrastructure ensuring high availability for Category 1 compliant securities trading:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ST22 GLOBALTRANSACTION DEPLOYMENTLIFECYCLE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโUser Action Phase 1: INITIATION (0-50ms)
โ โข Parameter validation
โ โข Wallet signature
โผ โข RPC submission
โโโโโโโโโโ
โ Submit โโโโโโโโโโโโบ Gulf Stream forwards to leader validator
โโโโโโโโโโ
โ
โผ Phase 2: VERIFICATION (750-1,350ms)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ TRANSFER HOOKS EXECUTION (Sequential) โ
โ Hook 1: Custody โโโบ Hook 2: OFAC โโโบ Hook 3: AML โ
โ Hook 4: KYC โโโบ Hook 5: Circuit Breaker โโโบ Hook 6: LP โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโ FAIL โโโโบ Atomic Revert + Error Code
โ
โผ PASS Phase 3: EXECUTION (400-600ms)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โข CPMM calculation โข Fee deduction (5%) โ
โ โข Reserve update โข Token transfer โ
โ โข Event emission โข State commitment โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ Phase 4: SETTLEMENT (~13 seconds)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โข Block confirmation โข Tower BFT voting โ
โ โข 32-block finality โข Compliance recording โ
โ โข Fee distribution โข Audit trail creation โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ Phase 5: MONITORING (Ongoing)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โข Pattern analysis โข SAR evaluation โ
โ โข Regulatory reporting โข Anomaly detection โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ๐น 2.4.2 Nine-Layer Transaction Processing Model
Phase 1: Initiation (0-50ms)
Transaction initiation begins when a user submits an ST22 transfer through the CEDEX interface:
// Transaction Parameters (TypeScript)interface TransactionParams {
tokenMint: PublicKey; // ST22 token address
amount: u64; // Transfer amount in base units
maxPrice: u64; // Slippage protection (0 = market)
recipientWallet: PublicKey; // Destination wallet
deadline: i64; // Unix timestamp expiry
}
Phase 2: Verification (750-1,350ms)
The verification phase executes all six Transfer Hooks sequentially. Each hook:
- Queries its designated oracle or data source
- Performs verification logic against compliance rules
- Records verification result in compliance log
- Returns PASS to continue or ERROR to revert Phase 3: Execution (400-600ms)
Upon successful verification, transaction execution proceeds atomically:
// Swap Execution (Rust/Anchor)
fn execute_swap(ctx: Context<Swap>, params: SwapParams) -> Result<()> {
// Calculate output using CPMM formula
let output = calculate_cpmm_output(params.input_amount,
ctx.accounts.pool.sol_reserve,
ctx.accounts.pool.token_reserve,
)?;
// Apply 5% protocol fee
let fee = output * 500 / 10000; // 5% = 500 basis points
let net_output = output - fee;
// Atomic state updatesctx.accounts.pool.sol_reserve += params.input_amount;
ctx.accounts.pool.token_reserve -= output;
// Transfer tokens to recipienttransfer_tokens(ctx.accounts.recipient, net_output)?;
// Distribute feesdistribute_fees(fee, &ctx.accounts.fee_recipients)?;
emit!(SwapExecuted { ... });
Ok(())}
Phase 4: Settlement (~13 seconds)
Settlement occurs through Solana's Tower BFT consensus mechanism. After 32 block confirmations, the transaction achieves practical finality with cryptographic guarantees against reversal.
Phase 5: Post-Transaction Monitoring (Ongoing)
Post-transaction monitoring implements continuous compliance oversight:
- Real-time pattern analysis: Machine learning models analyze transaction patterns for suspicious activity
- Flagging queue: Transactions meeting review thresholds enter compliance team queue
- SAR evaluation: Suspicious Activity Report filing determination for flagged transactions
- Regulatory reporting: Automated generation of required regulatory filings
๐น 2.4.3 Error Handling & Recovery
OTCM implements comprehensive error handling with specific error codes enabling rapid diagnosis:
Code | Error Type | Recovery Action |
|---|---|---|
6001 | Insufficient Custody Backing | Wait for oracle update or reduce amount |
6002 | OFAC Sanctioned Address | Transaction permanently blocked |
6003 | AML Risk Threshold Exceeded | Contact compliance for review |
6004 | KYC/Accreditation Invalid | Complete verification via portal |
6006 | Circuit Breaker Triggered | Reduce order size or wait for TWAP reset |
6007 | Liquidity Ratio Violation | Reduce order size below pool limits |
2.5 System Integration Architecture
OTCM Protocol integrates with multiple external systems to deliver comprehensive securities trading functionality. This section documents API specifications, authentication protocols, and data exchange formats.
๐ 2.5 External System Integration
๐น 2.5.1 Empire Stock Transfer Integration
The Empire Stock Transfer integration provides the custody verification foundation for all ST22 token operations:
// Empire Stock Transfer API
// Custody Oracle API Specificationinterface CustodyOracleResponse {
issuer_cik: string; // SEC CIK number
cusip: string; // CUSIP identifier
custodied_balance: u64; // Verified share count
last_verification: i64; // Unix timestamp
attestation_signature: string; // Ed25519 signature
audit_hash: string; // SHA-256 of audit data
}
// API EndpointGET https://api.empirestocktransfer.com/v1/custody/{issuer_cik}
X-Oracle-Signature: {signature}
๐น 2.5.2 Compliance Oracle Network
OFAC Screening API:
// OFAC Screening API
// OFAC Screening RequestPOST https://oracle.otcm.io/v1/ofac/screen
{
"wallet_address": "7xKXt...",
"transaction_type": "transfer",
"counterparty": "9yMPs..."
}
// Response{
"status": "CLEAR" | "MATCH" | "PARTIAL_MATCH",
"sdn_match_confidence": 0.0 - 1.0,
"last_list_update": "2025-12-22T00:00:00Z",
"verification_id": "uuid"
}
๐น 2.5.3 External API Specifications
System | Protocol | Auth Method | Rate Limit |
|---|---|---|---|
Empire Stock | REST/JSON | API Key + Signature | 1,000/min |
Chainalysis | REST/JSON | OAuth 2.0 | 10,000/hour |
SEC EDGAR | REST/XML | User-Agent ID | 10/sec |
Helius RPC | JSON-RPC 2.0 | API Key | 500/sec |
โก 2.6 Performance Engineering
OTCM Protocol's performance engineering balances compliance verification requirements with user experience expectations. This section documents throughput optimization strategies, latency management approaches, and scalability architecture.
๐น 2.6.1 Throughput Optimization
While Solana theoretically supports 65,000+ TPS, OTCM's compliance verification overhead reduces effective throughput to 400-600 TPS. This remains substantially higher than required for securities trading while ensuring every transaction passes compliance checks.
Throughput Analysis:
Metric | Solana Theoretical | OTCM Effective |
|---|---|---|
Peak TPS | 65,000+ | 400-600 |
Daily Capacity | 5.6B transactions | ~50M transactions |
Compliance Overhead | N/A | 750-1,350ms/tx |
๐น 2.6.2 Latency Management
End-to-end latency for a typical CEDEX trade:
Phase | Latency |
|---|---|
User submission to RPC | 50-100ms |
Transfer Hook verification | 750-1,350ms |
Swap execution | 400-600ms |
Block confirmation (first) | ~400ms |
TOTAL (to confirmation) | 1.6-2.5 seconds |
Full finality (32 blocks) | ~13 seconds |
๐น 2.6.3 Scalability Architecture
OTCM's scalability strategy leverages Solana's Sealevel parallel execution for horizontal scaling of non-conflicting transactions:
- Token Pair Isolation: Trades in different ST22 tokens execute in parallel (no account overlap)
- Oracle Caching: Compliance oracle results cached for 1 block (~400ms) to reduce redundant queries
- Batch Processing: Off-chain systems aggregate compliance data for efficient on-chain verification
- Geographic Distribution: Multi-region RPC deployment minimizes network latency globally
๐๏ธ 2.7 Security Architecture
OTCM implements a defense-in-depth security model with multiple overlapping protection layers. This approach ensures that compromise of any single security control does not result in system-wide vulnerability.
๐น 2.7.1 Defense-in-Depth Model
Layer | Protection Mechanism | Threat Mitigated |
|---|---|---|
Network | WAF, DDoS protection, rate limiting | Network-level attacks, flooding |
Application | Input validation, CSRF protection, CSP | Injection, XSS, session hijacking |
Smart Contract | Formal verification, audit, bug bounty | Logic bugs, reentrancy, overflow |
Compliance | Transfer Hooks, 42-point security | Unauthorized trading, sanctions evasion |
Custody | Multi-sig, HSM, custody verification | Asset misappropriation, insider threat |
๐น 2.7.2 Cryptographic Standards
OTCM employs industry-standard cryptographic primitives:
- Key Derivation: Ed25519 for Solana wallet signatures (128-bit security equivalent)
- Hashing: SHA-256 for transaction verification, Blake3 for high-performance hashing
- Encryption: AES-256-GCM for data at rest, TLS 1.3 for data in transit
- Oracle Signatures: Ed25519 signatures on all oracle attestations for non-repudiation
๐น 2.7.3 Attack Surface Analysis
The following attack vectors have been analyzed and mitigated:
MEV/Frontrunning: Jito bundle integration routes transactions through validator bundles that resist frontrunning. Circuit breakers (2% TWAP deviation) limit profitability of sandwich attacks.
Oracle Manipulation: Multi-oracle architecture requires consensus across Empire Stock Transfer, OFAC, and blockchain analytics sources. Single oracle compromise cannot affect transaction verification.
Rug Pull Attempts: Permanent liquidity locks enforced by smart contract make liquidity withdrawal mathematically impossible. Override requires 2/3 DAO supermajority plus 48-hour timelock.
Smart Contract Exploits: Formal verification using Certora, security audits by Quantstamp and Halborn, active bug bounty program with up to $100K rewards.
๐ 2.8 Deployment Topology
OTCM Protocol deploys across multiple regions with redundant infrastructure ensuring high availability:
// Global Deployment Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ OTCM DEPLOYMENT TOPOLOGY โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ
โ US-EAST โ โ US-WEST โ
โ (Primary) โโโโโโโโบโ (Secondary) โ
โโโโโโโโโฌโโโโโโโโ โโโโโโโโโฌโโโโโโโโ
โ โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโดโโโโโโโโโโโโ
โ GLOBAL LOAD BALANCER โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐บ๐ธ US-EAST โ โ
๐บ๐ธโโโโโโโโดโโโโโโโ US-WESTโโโโโโโโดโโโโโโโ โโโโโโโโดโโโโโโโ
โ โ ๐ช๐บ EU-WEST โ โ Primary RegionAPAC โ โ Secondary Regionโ โ Secondary Regionโ
โโโโโโโโโโโโโโโโโโโค โโโโโโโโโโโโโโโโโโโค โโโโโโโโโโโโโโโโโโโค
โ โข Helius RPCLATAM โ
โ โข(DR Helius RPCSite) โ โ โข Helius RPC(Edge) โ โ โข CEDEX API โ โ โข CEDEX API โ โ โข CEDEX API โ
โ โข Oracle Nodes โ โ โข Oracle Nodes โ โ โข Oracle Nodes โ
โ โข Empire Stock โโโโโโ โข Failover โโโโโโ โข Failover โ
โ Integration โ โ Cluster โ โ Cluster(Edge) โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ SOLANA MAINNET (GLOBAL) โ
โ Settlement Layer for ST22 Tokenized Securities โ
โ (Category 1 Compliant Infrastructure) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโDeploymentInfrastructure: Specifications:
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
โ๏ธConclusion:OTCM Protocol's five-layer technical architecture is engineered from the ground up forSEC Category 1 compliance. Every architectural decisionโfrom the selection of Solana's SPL Token-2022 standard to the implementation of 42 Transfer Hook security controlsโserves the goal of delivering mathematically-enforced investor protection while providing the performance characteristics required for institutional-grade securities trading.
ยฉ 2026 OTCM Protocol, Inc.K8s) | AllCDN: RightsCloudflare Reserved| RPC: Helius + Triton
Aligned with SEC Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets Joint Statement dated January 28, 2026โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ST22 Tokenized Securities are securities under federal securities laws. This document is for informational purposes only and does not constitute an offer to sell or solicitation of an offer to buy any securities.