📈 Section 5: CEDEX — Centralized-Decentralized Exchange

📈 The OTCM trading interface — a purpose-built Centralized-Decentralized Exchange combining Web2 order matching with Web3 settlement finality, natively supporting SPL Token-2022 Transfer Hooks.

📈 SECTION 5: CEDEX — CENTRALIZED-DECENTRALIZED EXCHANGE

💡 5.1 🚀 Architectural Innovation

~~SPL~~CEDEX ~~Token-2022~~(Centralized-Decentralized ~~Transfer~~Exchange) ~~Hooks~~ ~~represent~~represents a fundamental ~~architectural~~reimagining ~~innovation~~of indecentralized ~~blockchain-based~~exchange architecture, purpose-built from inception for trading tokenized securities infrastructure, enabling execution of arbitrary smart contract code during token transfers on the Solana blockchain. This capability transforms compliance from a discretionary administrative function into an ~~immutable, mathematically-enforced property of the token itself~~.

~~OTCM Protocol leverages Transfer Hooks to implement~~within federal securities law ~~requirements~~frameworks. Unlike existing DEX platforms that were designed for permissionless cryptocurrency trading and subsequently face irreconcilable conflicts with securities regulation, CEDEX implements compliance verification as ~~non-discretionary~~a ~~smart~~foundational ~~contract~~architectural ~~code,~~constraint rather than retrofitted functionality.

This section provides comprehensive technical documentation of CEDEX's architectural innovations, explaining why existing DEX solutions cannot serve the tokenized securities market and how CEDEX's compliance-first design creates categorical advantages for institutional adoption.

🔹 5.1.1 The DEX Incompatibility Problem

Standard decentralized exchanges—including market leaders Raydium, Orca, Jupiter, and Meteora—were architected around three foundational design principles that create irreconcilable conflict with securities law compliance:

Principle 1: Computational Minimalism

Traditional DEXs optimize for maximum throughput by minimizing computational overhead per transaction. Every additional instruction reduces theoretical TPS capacity, creating astrong ~~paradigm~~architectural ~~where~~pressure ~~regulatory~~against compliance verification. A typical Raydium swap executes in approximately 200,000 compute units; adding six Transfer Hook verifications would increase this to 800,000+ compute units, fundamentally changing the economic model.

Principle 2: Compliance Agnosticism

DEX protocols intentionally refuse implementation of securities-specific procedures such as KYC verification, accreditation checking, OFAC screening, and investor qualification. This design choice reflects ideological commitment to permissionless trading and practical recognition that compliance creates liability exposure for protocol developers.

Principle 3: Economic Incentive Misalignment

Traditional DEX economics depend on maximizing trading volume with minimal friction. Compliance verification introduces friction (latency), complexity (integration requirements), and cost (oracle fees). These factors directly reduce profitability under existing DEX business models, creating structural resistance to compliance implementation.

💡 Critical Insight

The incompatibility between existing DEXs and securities compliance is not a ~~matter~~technical limitation that can be solved with additional development. It represents a fundamental architectural conflict where the design goals of ~~corporate~~permissionless ~~policy~~trading ~~but~~and ofregulated ~~cryptographic~~securities ~~certainty~~.trading ~~Every~~are mutually exclusive.

🔹 5.1.2 Why Existing DEXs Cannot Support ST22 transfer triggers sequential execution of six independent verification hooks, completing comprehensive compliance verification before transaction settlement.

5.1.1 📋 SPL Token-2022 Standard OverviewTokens

~~SPL~~Beyond ~~Token-2022~~philosophical ~~(also~~design ~~known~~conflicts, asexisting ~~Token~~DEX ~~Extensions~~codebases ~~Program)~~face isconcrete ~~Solana's~~technical ~~next-generation~~barriers preventing ST22 token ~~standard, introducing programmable extensions that enable sophisticated token functionality impossible with the original SPL Token Program:~~support:

~~Extension~~DEX Platform	~~Capability~~Token-2022 Support	~~OTCM~~Transfer ~~Usage~~Hook Support
🪝 ~~Transfer Hook~~Raydium	~~Execute~~Partial ~~custom~~(basic ~~logic~~transfers ononly)	None ~~every~~— hooks disabled
Orca	Limited (whitelist)	None — not implemented
Jupiter	Aggregates underlying DEXs	None — inherits limitations
Meteora	Basic support	None — bypassed
CEDEX	Full native support	Full — 6 hooks per transfer

The core technical issue: existing DEX codebases were written before SPL Token-2022 existed. Their smart contracts interact directly with the original SPL Token Program, which lacks Transfer Hook extensions. Retrofitting Transfer Hook support would require complete protocol rewrites—a multi-year effort that these protocols have no economic incentive to undertake.

⚠️ Critical Limitation

If ST22 tokens were traded on existing DEXs (assuming technical compatibility), Transfer Hooks would be bypassed during swaps. This would disable all 42 security controls, ~~compliance~~including ~~verification~~

🔑custody

~~Permanent~~verification, ~~Delegate~~

~~Irrevocable~~OFAC ~~transfer~~screening, ~~authority~~

~~Protocol-level~~and ~~recovery~~AML ~~capability~~

🔒

~~Confidential Transfers~~

~~Zero-knowledge encrypted amounts~~

~~Future: Privacy-preserving compliance~~

💵

~~Transfer Fee~~

~~Protocol-level fee collection~~

~~5% fee distribution automation~~

📋

~~Metadata Pointer~~

~~On-chain token metadata~~

~~Security details, issuer info, CUSIP~~

🎫

~~Non-Transferable~~

~~Soulbound token capability~~

~~Compliance NFTs, investor credentials~~

5.1.2 ⚙️ Transfer Hook Extension Mechanism

~~The Transfer Hook extension enables token mints to specify a program that must be invoked during every token transfer. This mechanism operates at~~checks—making the ~~Solana runtime level~~~~, making it impossible to transfer~~ tokens ~~without~~non-compliant ~~executing the hook program:~~securities.

~~rust~~

🔹

// Transfer Hook Extension Data Structure
pub struct TransferHook {
    /// The program ID that implements the transfer hook
    pub program_id: Pubkey,
    /// Optional: Authority that can update the hook program
    pub authority: Option<Pubkey>,
}

// When a transfer occurs, Solana runtime automatically:
// 1. Checks if mint has TransferHook extension
// 2. If yes, invokes the specified program_id with transfer context
// 3. If hook returns error, ENTIRE transaction reverts
// 4. If hook succeeds, transfer completes

// ⚠️ This is MANDATORY - there is no way to bypass the hook
// The token literally cannot move without hook approval

5.1.3 📜The Compliance-as-CodeCEDEX Design Philosophy

~~OTCM's~~CEDEX ~~Transfer~~inverts ~~Hook~~traditional ~~implementation~~DEX ~~embodies~~design priorities. Rather than implementing compliance verification as bolted-on functionality to existing trading infrastructure, CEDEX implements compliance verification as the foundational architectural constraint shaping every element of trading system design.

"We didn't add compliance to a DEX. We built a compliance engine that happens to execute trades."

~~"Compliance-as-Code"~~This philosophical inversion creates three categorical advantages:

~~philosophy:~~

Compliance ~~regulatory~~Integration ~~requirements~~at ~~are~~Design ~~translated~~Phase: ~~into~~Verification ~~deterministic~~logic integrates at system design phase rather than being retrofitted. Every smart contract ~~logic that executes identically~~instruction, every ~~time,~~data ~~without~~structure, ~~human~~every ~~discretion,~~execution ~~administrative~~path ~~override,~~was ordesigned ~~interpretation variability.~~

~~"Traditional~~with compliance ~~asks:~~verification ~~'Did~~as ~~you~~a ~~follow~~first-class ~~the~~requirement.
Optimized ~~rules?'~~Smart ~~OTCM's~~Contract ~~Transfer~~Architecture: ~~Hooks~~Smart ~~ask:~~contract ~~'Can~~architecture ~~you~~optimizes ~~mathematically~~for ~~prove~~compliance ~~compliance?'~~execution from inception. Compute budget allocation, account structure, and instruction ordering all prioritize successful compliance verification over raw trading speed.
Aligned Economic Incentives: Economic incentive structure aligns operator profitability with successful compliance implementation. CEDEX generates revenue from compliant trades; non-compliant trades generate zero revenue because they cannot execute.

🔹 5.1.4 Compliance-First vs Compliance-Retrofitted

The ~~answer~~distinction isbetween ~~always~~compliance-first ~~verifiable~~and ~~on-chain."~~compliance-retrofitted architecture has profound implications for system reliability, security, and regulatory acceptance:

Aspect	❌Compliance-First ~~Traditional Compliance~~(CEDEX)	~~✅ Transfer Hook Compliance~~Compliance-Retrofitted
⚖️Verification ~~Enforcement~~Timing	~~Policy-based,~~Before ~~discretionary~~execution (blocking)	~~Code-based,~~After ~~deterministic~~execution (non-blocking)
🔓Non-Compliant ~~Override Capability~~Trades	~~Admin~~Cannot ~~can~~execute ~~bypass~~(impossible)	NoExecute ~~bypass~~then ~~possible~~flag for review
📝Regulatory ~~Audit Trail~~Posture	~~Mutable~~Preventive ~~logs, editable~~control	~~Immutable~~Detective ~~blockchain record~~control
✅Audit ~~Verification~~Trail	~~Requires~~Every ~~trust~~trade inverified ~~operator~~on-chain	~~Cryptographically~~Off-chain ~~verifiable~~logs (mutable)
🔄System ~~Consistency~~Complexity	~~Varies~~Integrated by(single ~~analyst/day~~system)	~~100%~~Fragmented ~~identical~~(multiple ~~execution~~systems)
⏱️Failure ~~Timing~~Mode	~~Post-trade review~~Fail-safe (~~T+n)~~no trade)	~~Pre-~~Fail-open (trade ~~blocking (T-0)~~executes)

4.2

5.1.4Custom ⚖️AMM Regulatory Advantages

Architecture

~~Transfer~~CEDEX ~~Hook~~implements ~~execution~~a ~~provides~~modified ~~regulatory~~Automated ~~advantages~~Market ~~unattainable~~Maker ~~through~~(AMM) ~~traditional~~architecture ~~compliance~~engineered ~~procedures:~~

~~Advantage~~	~~Description~~
📋 ~~Immutable Audit Trails~~	~~Every compliance check is recorded on-chain with cryptographic proof of execution timestamp, inputs, and outcomes~~
🎯 ~~Zero Discretion~~	~~Compliance decisions are algorithmic—no analyst judgment, no selective enforcement, no regulatory arbitrage~~
⚡ ~~Real-Time Enforcement~~	~~Non-compliant transfers are blocked before execution, not flagged~~specifically for ~~review after the fact~~
🔐 ~~Cryptographic Proof~~	~~Regulators can independently verify any historical compliance decision by replaying on-chain data~~
🌐 ~~Continuous Operation~~	~~24/7/365 enforcement with no business hours, holidays, or staffing gaps~~

💡 ~~SEC Modernization Alignment:~~ ~~OTCM's~~ Transfer Hook ~~architecture~~integration. ~~aligns~~Unlike ~~with~~traditional ~~SEC~~AMMs ~~Chair~~that ~~Gensler's~~execute ~~stated~~token ~~goal~~swaps ofas ~~'bringing~~atomic ~~crypto~~operations, CEDEX separates compliance verification from trading execution into ~~compliance'~~distinct ~~and~~architectural ~~the~~layers, ~~SEC~~enabling ~~Crypto Task Force's exploration of blockchain-native~~asynchronous compliance ~~mechanisms.~~

checking

without

5.2 🔄 Transfer Hook Execution Flow

~~This section details the precise execution sequence when an ST22 token transfer is initiated, from~~blocking user ~~action through final settlement.~~interaction.

🔹

5.2.1 🪝Dual-Layer HookExecution Invocation SequenceModel

~~When~~The adual-layer ~~user~~execution ~~initiates~~model anrepresents ~~ST22~~CEDEX's ~~transfer,~~core ~~the~~architectural ~~following~~innovation: ~~sequence~~segregating ~~executes:~~compliance verification from trading execution while maintaining atomic transaction guarantees.

// Dual-Layer Architecture Diagram
┌─────────────────────────────────────────────────────────────────────────┐
│                   🪝CEDEX ST22 TRANSFER HOOKDUAL-LAYER EXECUTION SEQUENCEMODEL                      │
└─────────────────────────────────────────────────────────────────────────┘

👤

User ~~Initiates~~Request

~~Transfer~~

│
▼
┌────────────────────────────────────────────────────────────────────┐
│              ☀️COMPLIANCE SOLANAVERIFICATION RUNTIME: Detects TransferHook extension on ST22 mintLAYER                         │
│  Invokes┌──────────────────────────────────────────────────────────────┐  OTCM│
Transfer│  │  Asynchronous Execution (2,000-3,000ms)                      │  │
│  │                                                              │  │
│  │  Hook Program1: Custody ──► Hook 2: OFAC ──► Hook 3: AML            │  │
│  │  Hook 4: KYC ──► Hook 5: Price Impact ──► Hook 6: LP Ratio   │  │
│  │                                                              │  │
│  │  Result: VERIFIED | REJECTED (with transfererror contextcode)               │  │
│  └────────────────────────────┬──────────────────────────────────┘  │
└────────────────────────────────┬───────────────────────────────────┘
│
▼
┌────────────────────────────────────────────────────────────────────┐
│                🔍TRADING HOOKEXECUTION 1: CUSTODY VERIFICATIONLAYER                             │
│  ⏱️ (100-150ms)┌──────────────────────────────────────────────────────────────┐  │
│  Query│  EmpireSynchronous StockExecution Transfer(400-600ms)                           →│  Verify│
1:1│  backing│                                                              →│  Error│
6001│  │  1. Receive verification confirmation                        │  │
│  │  2. Calculate CPMM output amount                             │  │
│  │  3. Update pool reserves atomically                          │  │
│  │  4. Execute token transfer                                   │  │
│  │  5. Distribute fees                                          │  │
│  │                                                              │  │
│  │  Result: EXECUTED | REVERTED                                 │  │
│  └────────────────────────────┬─────────────────────────────────────┘  │
✅└────────────────────────────────────────────────────────────────────┘

~~PASS~~

🔹 ▼5.2.2 Compliance Verification Layer

The Compliance Verification Layer executes during every ST22 token transfer, implementing OTCM's six Transfer Hooks in sequential order. This layer operates asynchronously from the user's perspective—verification completion occurs independently of user action, enabling a responsive interface despite comprehensive compliance checking.

Verification Flow

// Compliance Verification Data Structure (Rust)

pub struct ComplianceVerification {

pub transfer_id: Pubkey, // Unique transfer identifier

pub sender: Pubkey, // Source wallet

pub recipient: Pubkey, // Destination wallet

pub token_mint: Pubkey, // ST22 token address

pub amount: u64, // Transfer amount

pub verification_start: i64, // Unix timestamp

pub hook_results: [HookResult; 6], // Results from each hook

pub final_status: VerificationStatus,

}

pub enum VerificationStatus {

Pending, // Verification in progress

Verified, // All hooks passed

Rejected { // At least one hook failed

hook_number: u8,

error_code: u16,

reason: String,

}

Hook Execution Sequence

Each Transfer Hook executes in strict sequence, with failure at any point causing immediate transaction reversion:

Order	Hook Name	Oracle Source	Latency	Fail Action
1	Custody Verification	Empire Stock API	100-150ms	Revert 6001
2	OFAC Screening	SDN List Oracle	200-500ms	Revert 6002
3	AML Analytics	Chainalysis/TRM	300-400ms	Revert 6003
4	Redemption Eligibility	KYC Registry	50-100ms	Revert 6004
5	Price Impact Limit	TWAP Oracle	50-100ms	Revert 6006
6	Liquidity Ratio	Pool State	50-100ms	Revert 6007

🔹 5.2.3 Trading Execution Layer

The Trading Execution Layer receives verified tokens and executes trades only upon successful completion of all compliance verification. This layer implements the Constant Product Market Maker (CPMM) formula for price discovery and liquidity provision.

CPMM Core Formula

CEDEX implements the constant product formula (x × y = k) where x represents SOL reserves, y represents ST22 token reserves, and k is the invariant constant:

// CPMM Swap Calculation (Rust)
pub fn calculate_swap_output(

input_amount: u64,

input_reserve: u64,

output_reserve: u64,

fee_bps: u16, // Basis points (500 = 5%)

) -> Result<SwapResult> {

// Apply fee to input
let fee_multiplier = 10000 - fee_bps as u64;
let input_with_fee = input_amount

.checked_mul(fee_multiplier)

.ok_or(SwapError::Overflow)?;

// Calculate output using constant product formula
// output = (input_with_fee × output_reserve) / (input_reserve × 10000 + input_with_fee)
let numerator = input_with_fee

.checked_mul(output_reserve)

.ok_or(SwapError::Overflow)?;

let denominator = input_reserve

.checked_mul(10000)

.ok_or(SwapError::Overflow)?

.checked_add(input_with_fee)

.ok_or(SwapError::Overflow)?;

let output_amount = numerator / denominator;
let fee_amount = input_amount - (input_amount * fee_multiplier / 10000);
Ok(SwapResult {

output_amount,

fee_amount,

new_input_reserve: input_reserve + input_amount,

new_output_reserve: output_reserve - output_amount,

})

}

🔹 5.2.4 Layer Synchronization Protocol

The two layers synchronize through a handoff protocol ensuring atomic execution guarantees:

Verification Request: User initiates swap, generating unique transfer_id
Parallel Processing: UI displays "Verifying compliance..." while hooks execute
Verification Complete: All hooks pass, verification_status set to VERIFIED
Execution Authorization: Trading layer receives signed verification confirmation
Atomic Swap: CPMM calculation and token transfer execute in single transaction
Settlement: Transaction finalizes after 32 Solana blocks (~13 seconds) 💡 Atomicity Guarantee

If verification completes but execution fails (e.g., slippage exceeded), the entire transaction reverts. Users never face situations where compliance verification succeeds but tokens transfer incorrectly.

🏗️ 5.2 Dual-Layer Execution Architecture

🔹 5.2.1 Dual-Layer Execution Model

CEDEX implements a dual-layer architecture combining a centralized order management system with decentralized on-chain settlement. The centralized layer handles order matching, price discovery, and user interface at sub-100ms latency. The decentralized layer handles actual asset custody, transfer execution, and Transfer Hook enforcement on Solana. This architecture delivers Web2-grade user experience with Web3-grade settlement finality.

Layer	Function	Technology
Centralized OMS	Order matching, price feeds, UI	OTCM matching engine + REST API
Compliance Verification	KYC/AML status, accreditation check	Layer 2 Transfer Hook pre-check
Decentralized Settlement	Asset transfer, Transfer Hook execution, finality	Solana + SPL Token-2022

🔹 5.2.2 Compliance Verification Layer

Before any trade executes on-chain, CEDEX runs a pre-flight compliance check against the investor's current verification status. This check queries the Issuers Portal compliance state in real-time. Traders with lapsed KYC, expired accreditation, or flagged AML status are blocked at the order entry stage — before any on-chain transaction is attempted — preventing failed transactions and wasted gas.

🔹 5.2.3 Trading Execution Layer

Approved orders are submitted to the Solana network as signed transactions. The SPL Token-2022 Transfer Hook extensions execute atomically with settlement — there is no separation between trade execution and compliance enforcement. If any of the 42 Transfer Hook controls reject the transaction, it reverts entirely with a specific error code enabling rapid diagnosis.

🔹 5.2.4 Layer Synchronization Protocol

The centralized OMS maintains a real-time synchronized view of on-chain state through OTCM's dedicated Helius RPC node cluster. Order book updates reflect confirmed on-chain settlements within 400ms (one Solana block). This synchronization ensures no price discrepancy between displayed quotes and executable on-chain prices during normal network conditions.

📉 5.3 Bonding Curve Bootstrap Phase

Upon deployment, each new ST22 token initially trades on a bonding curve rather than the permanent CPMM-based AMM. This bootstrap phase serves critical functions: enabling initial price discovery in a controlled environment, preventing flash crashes and wash trading during early trading, and providing favorable entry prices for early community participants.

🔹 5.4.1 Initial Price Discovery Mechanism

The bonding curve creates a mathematically predictable relationship between token supply and price, eliminating the need for external price oracles during the bootstrap phase. As tokens are purchased, the price increases along a predetermined curve; as tokens are sold, the price decreases.

// Bonding Curve Price Discovery
┌─────────────────────────────────────────────────────────────────────────┐
│                    🚫BONDING HOOK 2: OFAC SCREENING                     │
│                         ⏱️ (200-500ms)                           │
│  Check SDN List → Address clustering → Error 6002                │
└────────────────────────────┬─────────────────────────────────────┘
                             │ ✅ PASS
                             ▼
┌──────────────────────────────────────────────────────────────────┐
│                    🕵️ HOOK 3: AML ANALYTICS                      │
│                         ⏱️ (300-400ms)                           │
│  ML risk scoring → 200+ features → Error 6003                    │
└────────────────────────────┬─────────────────────────────────────┘
                             │ ✅ PASS
                             ▼
┌──────────────────────────────────────────────────────────────────┐
│                    🪪 HOOK 4: REDEMPTION ELIGIBILITY             │
│                         ⏱️ (50-100ms)                            │
│  KYC status → Accreditation → 72hr cooling → Error 6004          │
└────────────────────────────┬─────────────────────────────────────┘
                             │ ✅ PASS
                             ▼
┌──────────────────────────────────────────────────────────────────┐
│                    📉 HOOK 5:CURVE PRICE IMPACT LIMIT                 │
│                         ⏱️ (50-100ms)                            │
│  Calculate impact → Compare TWAP → 2% threshold → Error 6006     │
└────────────────────────────┬─────────────────────────────────────┘
                             │ ✅ PASS
                             ▼
┌──────────────────────────────────────────────────────────────────┐
│                    💧 HOOK 6: LIQUIDITY SUFFICIENCY              │
│                         ⏱️ (50-100ms)                            │
│  Check LP ratio → 150% minimum → Error 6007                      │
└────────────────────────────┬─────────────────────────────────────┘
                             │ ✅ PASS
                             ▼
┌──────────────────────────────────────────────────────────────────┐
│                    ✅ ALL HOOKS PASSED                           │
│              Transfer executes, transaction commits              │
│                 Settlement: ~13 seconds (32 blocks)DISCOVERY                        │
└─────────────────────────────────────────────────────────────────────────┘

Price

5.2.2 📊 Sequential vs Parallel Execution

~~OTCM implements~~ ~~sequential hook execution~~ ~~rather than parallel for critical security reasons:~~

~~Mode~~	~~✅ Advantage~~	~~⚠️ Trade-off~~
🔄 ~~Sequential~~│ (~~OTCM)~~	~~Early~~USD) ~~exit~~│ on╭────── ~~failure,~~Graduation ~~deterministic~~│ ~~order,~~╭──╯ ~~simpler~~Threshold ~~debugging~~	~~Higher~~$0.15│ ~~latency~~╭──╯ (~~750-1,350ms~~$250K ~~total)~~
⚡MC) ~~Parallel~~	~~Lower~~│ ~~latency~~╭──╯ ~~(~500ms~~$0.10│ ~~total)~~	~~Non-deterministic,~~╭──╯ ~~race~~│ ~~conditions,~~╭──╯ ~~wasted~~$0.05│ ~~compute~~╭──╯ on│ ~~early~~╭──╯ ~~failures~~

~~Mode~~

~~✅ Advantage~~

~~⚠️ Trade-off~~

🔄

~~Sequential~~│ (~~OTCM)~~

~~Early~~USD) ~~exit~~│ on╭────── ~~failure,~~Graduation ~~deterministic~~│ ~~order,~~╭──╯ ~~simpler~~Threshold ~~debugging~~

~~Higher~~$0.15│ ~~latency~~╭──╯ (~~750-1,350ms~~$250K ~~total)~~

⚡MC)

~~Parallel~~

~~Lower~~│ ~~latency~~╭──╯ ~~(~500ms~~$0.10│ ~~total)~~

~~Non-deterministic,~~╭──╯ ~~race~~│ ~~conditions,~~╭──╯ ~~wasted~~$0.05│ ~~compute~~╭──╯ on│ ~~early~~╭──╯ ~~failures~~

$0.01│_____________________╭───╯

~~Sequential~~│ ~~execution~~╭──╯ ~~ensures~~$0.001│______________╭───╯ ~~that if Hook 1 (Custody Verification) fails,~~ ~~Hooks 2-6 never execute~~~~—saving oracle costs and compute resources. It also provides deterministic error reporting: users always know which specific hook rejected their transaction.~~

5.2.3 ⚛️ Atomic Transaction Guarantees

~~Solana's account model provides~~ ~~atomic transaction guarantees~~~~: if any hook fails, the entire transaction reverts as if it never occurred. There is no intermediate state where tokens have transferred but compliance verification is incomplete.~~

┌└──────────────┴──────────────────────────────────────────────►

Tokens Issued (millions)

│◄── Early Buyers ──►│◄──── Growth Phase ────►│◄─ Graduation ──────────┐► │

⚛️

🔹 ATOMIC5.4.2 EXECUTIONLinear GUARANTEEBonding │Curve └─────────────────────────────────────────────────────────────────┘Mathematics

CEDEX implements a linear bonding curve formula providing predictable price appreciation as token adoption increases:

// Bonding Curve Price Formula
// ScenarioLinear A:Bonding AllCurve hooksFormula

~~pass~~

P(n) ✅= initialPrice + (priceGradient × tokensIssued)

// Parameters:
// Result:initialPrice Transaction= commits,$0.001 tokensper move,token state(starting updatesprice)
// ScenariopriceGradient B:= Hook0.001% 3per (AML)token rejects due to risk score ❌sold
// Result:Example ENTIRE transaction revertscalculations:
// •At No0 tokens movedsold:      P = $0.001 + (0.00001 × 0) = $0.001
// •At No1M feestokens chargedsold:     P = $0.001 + (0.00001 × 1,000,000) = $0.011
// •At No10M statetokens changessold:    P = $0.001 + (0.00001 × 10,000,000) = $0.101
// •At Error25M returnedtokens tosold:    user:P 6003= $0.001 + (AML_RISK_EXCEEDED)0.00001 × 25,000,000) = $0.251

Implementation

// Bonding Curve Implementation (Rust)

pub struct BondingCurve {

pub token_mint: Pubkey,

pub initial_price: u64, // ⚠️In ~~There~~lamports is(0.001 NOSOL ~~partial~~= ~~execution~~1,000,000 ~~state~~lamports)

pub price_gradient: u64, // ~~This~~Price isincrease ~~guaranteed~~per bytoken ~~Solana~~(in ~~runtime,~~lamports)

~~not~~

pub ~~OTCM~~tokens_issued: ~~code~~u64, // Current tokens in circulation

pub sol_reserve: u64, // SOL collected from purchases

pub is_graduated: bool, // Whether curve has graduated

pub graduation_timestamp: Option<i64>,

}

impl BondingCurve {

pub fn current_price(&self) -> u64 {

self.initial_price + (self.price_gradient * self.tokens_issued / 1_000_000)

}

pub fn buy_tokens(&mut self, sol_amount: u64) -> Result<u64> {
// Calculate tokens receivable at current price
let current_price = self.current_price();
let tokens = sol_amount * 1_000_000_000 / current_price; // 9 decimals
// Update state

self.tokens_issued += tokens;

self.sol_reserve += sol_amount;

Ok(tokens)

}

🔹 5.2.43.3 ⏱️Graduation ExecutionCriteria

~~Timing~~

ST22 ~~Diagram~~tokens graduate from bonding curve to permanent CPMM trading upon satisfying either of two criteria:

~~Hook~~Criterion	~~⏱️ Min (ms)~~Threshold	~~⏱️ Max (ms)~~	~~⏱️ Avg (ms)~~	~~🔧 Primary Bottleneck~~Rationale
~~1️⃣~~Market ~~Custody Oracle~~Cap	~~100~~≥ $250,000 USD	~~150~~	~~125~~	~~Empire~~Sufficient ~~API~~liquidity ~~latency~~for CPMM stability
~~2️⃣~~Holder ~~OFAC Screening~~Count	~~200~~≥ 127,000 unique wallets	~~500~~	~~350~~	~~SDN~~Mathematical ~~list~~proof ~~size,~~of ~~clustering~~community adoption (~0.5% of Solana active wallets)
~~3️⃣~~Time ~~AML Analytics~~Elapsed	~~300~~≥ 72 hours since deployment	~~400~~	~~350~~	MLMinimum ~~inference~~stabilization ~~time~~
~~4️⃣~~period ~~Redemption~~regardless ~~Eligibility~~	50	~~100~~	75	~~KYC~~of ~~database lookup~~
~~5️⃣ Price Impact~~	50	~~100~~	75	~~TWAP calculation~~
~~6️⃣ LP Sufficiency~~	50	~~100~~	75	~~Pool state read~~
~~⏱️ TOTAL~~	~~750~~	~~1,350~~	~~1,050~~	~~Sequential sum~~volume

Graduation

occurs automatically when ANY criterion is met (OR logic). The 127,000 holder threshold represents approximately 0.5% of Solana's active wallet base, providing mathematical proof of genuine community adoption rather than artificial inflation.

🔹 5.34.4 🔍Transition Hookto 1:Permanent Custody Verification Oracle

AMM

~~The~~Upon ~~Custody~~graduation, ~~Verification~~the ~~Oracle~~following ~~confirms~~irreversible ~~that~~state ~~all~~transitions ~~circulating~~occur:

~~ST22~~

Bonding ~~tokens~~Curve ~~are~~Deactivation: ~~backed~~Smart contract permanently disables bonding curve purchase/sale functions through immutable state flag
Liquidity Migration: All SOL accumulated in bonding curve reserve transfers to CEDEX CPMM pool
Pool Initialization: CPMM pool initializes with graduated token supply and migrated SOL reserve
Permanent Lock: Liquidity becomes permanently locked—cannot be withdrawn by ~~equivalent~~any ~~equity~~party ~~shares~~including ~~held~~protocol atadministrators

~~Empire Stock Transfer~~~~, the SEC-registered transfer agent providing qualified custody services for OTCM Protocol.~~

5.3.1 🏗️ Oracle Architecture

~~The custody oracle operates as a~~ ~~cryptographically-signed data feed~~ ~~from Empire Stock Transfer's registry systems:~~

~~rust~~

// CustodyGraduation Oracle Data Structure
pub struct CustodyOracleData {
    /// CIK number of the issuing company
    pub issuer_cik: [u8; 10],
    /// CUSIP identifier for the security
    pub cusip: [u8; 9],
    /// Share class (Series M preferred)
    pub share_class: ShareClass,
    /// Total shares held in custody
    pub custodied_balance: u64,
    /// Total ST22 tokens in circulation
    pub circulating_tokens: u64,
    /// Ed25519 signature from Empire's HSM
    pub attestation_signature: [u8; 64],
    /// Merkle root of current shareholder registry
    pub registry_hash: [u8; 32],
    /// Unix timestamp of attestation
    pub attestation_timestamp: i64,
    /// Block height when attestation was recorded
    pub attestation_slot: u64,
}

5.3.2 🏛️ Empire Stock Transfer Integration

~~Empire Stock Transfer provides real-time custody attestations through a dedicated API integration:~~

~~Component~~	~~Specification~~
🌐 ~~API Endpoint~~	`https://api.empirestocktransfer.com/v1/custody/verify`
🔐 ~~Authentication~~	~~API Key + Ed25519 request signing~~
✍️ ~~Response Signing~~	~~HSM-secured Ed25519 signature on every attestation~~
⏱️ ~~Update Frequency~~	~~Every Solana slot (~400ms)~~
🔄 ~~Failover~~	~~Multi-region deployment with automatic failover~~

5.3.3 ⚠️ Discrepancy Detection

~~The hook implements strict discrepancy detection with configurable thresholds:~~

~~rust~~

// Custody Verification ImplementationFunction (Rust/Anchor)
pub const MAX_DISCREPANCY_BPS: u64 = 1;  // 0.01% maximum discrepancy

pub fn verify_custody(graduate_to_amm(ctx: oracle_data: &CustodyOracleData,
    transfer_amount: u64,
Context<Graduate>) -> Result<()> {
let curve = &mut ctx.accounts.bonding_curve;
let pool = &mut ctx.accounts.cpmm_pool;
// Verify signaturegraduation authenticitycriteria verify_ed25519_signature(met
&oracle_data.attestation_signature,require!(

~~&EMPIRE_PUBLIC_KEY, &oracle_data.serialize(),~~

curve.check_graduation_criteria()?,

CedexError::GraduationCriteriaNotMet

);

// CheckPermanently attestationdisable freshnessbonding (maxcurve

~~10 minutes old) let current_time~~

curve.is_graduated = true;

curve.graduation_timestamp = Some(Clock::get()?.~~unix_timestamp;~~unix_timestamp);

~~require!(~~

// current_timeInitialize -CPMM oracle_data.attestation_timestamppool <with migrated liquidity

pool.sol_reserve = ~~600,~~curve.sol_reserve;

~~CustodyError::StaleAttestation~~

pool.token_reserve = curve.tokens_issued;

pool.k_invariant = pool.sol_reserve * pool.token_reserve;

pool.liquidity_locked = true; // ~~6001~~PERMANENT - cannot be unlocked

// Transfer SOL to pool

transfer_sol(curve.sol_reserve, &ctx.accounts.pool_vault)?;

emit!(GraduationEvent {

token_mint: curve.token_mint,

final_market_cap: calculate_market_cap(curve),

holder_count: get_holder_count(curve.token_mint)?,

sol_migrated: curve.sol_reserve,

});

Ok(())

}

⚠️ Irreversibility

Smart contract explicitly prevents bonding curve re-activation post-graduation through permanent disabling of bonding curve contract functions. This is enforced at the bytecode level—not through administrative controls that could be overridden.

🔁 5.4 Constant Product Market Maker (CPMM)

Post-graduation, ST22 tokens trade on CEDEX's Constant Product Market Maker implementation. The CPMM model, pioneered by Uniswap, provides continuous liquidity at algorithmically determined prices without requiring traditional order books or market makers.

🔹 5.4.1 CPMM Mathematical Foundation

The CPMM maintains the invariant k = x × y, where:

x = SOL reserve in the liquidity pool
y = ST22 token reserve in the liquidity pool
k = constant product (invariant) Every swap changes reserves while maintaining the invariant:

// CPMM Swap Example
// CalculatePre-swap discrepancystate:

k = x × y = 100 SOL × 1,000,000 tokens = 100,000,000

// User swaps 10 SOL for tokens:

new_x = 100 + 10 = 110 SOL

new_y = k / new_x = 100,000,000 / 110 = 909,091 tokens

tokens_received = 1,000,000 - 909,091 = 90,909 tokens

// Post-swap state:

k = 110 × 909,091 ≈ 100,000,000 (invariant maintained)

🔹 5.4.2 Price Impact Calculation

Price impact measures how much a trade moves the market price. Larger trades relative to pool reserves create larger price impacts:

// Price Impact Calculation
pub fn calculate_price_impact(

input_amount: u64,

input_reserve: u64,

output_reserve: u64,

) -> f64 {

// Spot price before trade
let expected_tokensspot_price = oracle_data.custodied_balance;output_reserve letas actual_tokens = oracle_data.circulating_tokens;
    let discrepancy = if expected_tokens > actual_tokens {
        expected_tokens - actual_tokens
    } else {
        actual_tokens - expected_tokens
    };
    
    let discrepancy_bps = discrepancy * 10000f64 / expected_tokens;input_reserve require!(as discrepancy_bps <= MAX_DISCREPANCY_BPS,
        CustodyError::CustodyDiscrepancyf64;
// 6001Effective );
    
    // Verify sufficient custodyprice for this transfertrade
require!(let oracle_data.custodied_balanceoutput_amount >= transfer_amount,calculate_output(input_amount, CustodyError::InsufficientCustodyinput_reserve, output_reserve);
let effective_price = output_amount as f64 / input_amount as f64;
// 6001Price );impact Ok(as percentage
let impact = ())spot_price }- effective_price) / spot_price * 100.0;

📋 ~~Regulatory Reference:~~ ~~17 CFR Section 240.17a-1 et seq. — Transfer Agent Custody Requirements~~

❌ ~~Error Code 6001: CUSTODY_VERIFICATION_FAILED~~ Indicates custody verification failure. Possible causes: stale attestation (>10 min), discrepancy >0.01%, insufficient custodied shares, or invalid Empire signature. User should wait for fresh attestation or contact issuer.

5.4 🚫 Hook 2: OFAC Sanctions Screening

~~The OFAC Sanctions Screening hook prevents transactions to or from wallets associated with the~~ ~~Office of Foreign Assets Control's Specially Designated Nationals (SDN) list~~~~, implementing federal sanctions law requirements at the protocol level.~~

5.4.1 📋 SDN List Integration

~~OTCM maintains an on-chain oracle updated hourly from OFAC's official SDN list, supplemented by blockchain-specific address intelligence:~~impact.abs()

~~rust~~

// OFAC Screening Implementation
pub struct OfacOracleData {
    /// Merkle root of current SDN list
    pub sdn_merkle_root: [u8; 32],
    /// Number of entries in SDN list
    pub sdn_entry_count: u32,
    /// Blockchain-specific blocked addresses
    pub crypto_sdn_addresses: Vec<Pubkey>,
    /// Last update timestamp
    pub last_update: i64,
    /// OFAC publication reference
    pub publication_id: [u8; 16],
}

// Screening checks BOTH sender and recipient
pub fn screen_ofac(
    sender: &Pubkey,
    recipient: &Pubkey,
    oracle: &OfacOracleData,
) -> Result<OfacScreeningResult> {
    // Direct address matching
    let sender_blocked = oracle.crypto_sdn_addresses.contains(sender);
    let recipient_blocked = oracle.crypto_sdn_addresses.contains(recipient);
    
    if sender_blocked || recipient_blocked {
        return Err(OfacError::SanctionedAddress.into());  // 6002
    }
    
    // Address clustering analysis (see 5.4.2)
    check_cluster_association(sender, recipient, oracle)?;
    
    Ok(OfacScreeningResult::Clear)
}

5.4.2 🔗 Address Clustering Analysis

~~Beyond direct SDN address matching, OTCM implements sophisticated~~ ~~address clustering analysis~~ ~~to detect wallets associated with sanctioned entities:~~

~~Analysis~~	~~Description~~
💰 ~~Funding Source Analysis~~	~~Traces wallet funding sources to identify indirect SDN connections~~
👥 ~~Common Ownership Detection~~	~~Identifies wallets controlled by same entity through transaction pattern analysis~~
🔀 ~~Mixer/Tumbler Detection~~	~~Flags wallets with significant exposure to known mixing services~~
🌍 ~~High-Risk Jurisdiction Exposure~~	~~Elevated scrutiny for wallets with connections to OFAC-sanctioned jurisdictions~~

5.4.3 📜 Implementation

~~rust~~

// Cluster Analysis Implementation
pub fn check_cluster_association(
    sender: &Pubkey,
    recipient: &Pubkey,
    oracle: &OfacOracleData,
) -> Result<()> {
    // Query clustering oracle for both addresses
    let sender_cluster = get_cluster_data(sender)?;
    let recipient_cluster = get_cluster_data(recipient)?;
    
    // Check for SDN cluster membership
    if sender_cluster.sdn_association_score > 70 {
        return Err(OfacError::ClusterAssociation {
            address: *sender,
            score: sender_cluster.sdn_association_score,
            reason: "High SDN cluster association".to_string(),
        }.into());
    }
    
    if recipient_cluster.sdn_association_score > 70 {
        return Err(OfacError::ClusterAssociation {
            address: *recipient,
            score: recipient_cluster.sdn_association_score,
            reason: "High SDN cluster association".to_string(),
        }.into());
    }
    
    Ok(())
}

📋 ~~Regulatory Reference:~~ ~~31 CFR § 500-598 — OFAC Sanctions Administration Regulations~~

❌ ~~Error Code 6002: OFAC_SANCTIONS_MATCH~~ ~~Indicates wallet is blocked due to OFAC sanctions. This is a~~ ~~PERMANENT~~ ~~block—the wallet cannot transact ST22 tokens. There is no appeal process through OTCM; affected parties must resolve sanctions status with OFAC directly.~~

5.5 🕵️ Hook 3: Blockchain Analytics Screening

~~The Blockchain Analytics Screening hook implements~~ ~~Bank Secrecy Act Anti-Money Laundering (AML) requirements~~ ~~through machine learning-based risk assessment, analyzing 200+ transaction features to identify money laundering patterns, sanctions evasion, theft proceeds, and coordinated suspicious activity.~~

5.5.1 🤖 ML Risk Assessment

~~OTCM integrates with institutional-grade blockchain analytics providers to execute real-time risk assessment on every transfer:~~

~~rust~~

// AML Risk Assessment Data Structure
pub struct AmlRiskAssessment {
    /// Overall risk score (0-100)
    pub risk_score: u8,
    /// Risk category breakdown
    pub categories: AmlRiskCategories,
    /// Specific risk flags triggered
    pub triggered_flags: Vec<AmlFlag>,
    /// Confidence in assessment
    pub confidence: u8,
    /// Model version used
    pub model_version: [u8; 8],
}

pub struct AmlRiskCategories {
    pub sanctions_evasion: u8,      // 0-100
    pub money_laundering: u8,       // 0-100
    pub theft_proceeds: u8,         // 0-100
    pub darknet_exposure: u8,       // 0-100
    pub mixer_exposure: u8,         // 0-100
    pub gambling_exposure: u8,      // 0-100
    pub coordinated_activity: u8,   // 0-100
}

5.5.2 📊 Risk Scoring Model

~~The risk scoring model classifies transactions into~~ ~~three tiers~~ ~~with automated responses:~~

~~Score~~Trade Size	~~Risk~~% ~~Level~~of Pool	⚙️Price ~~Automated Action~~Impact	📋Circuit ~~Follow-up~~Breaker
🟢1 ~~0-30~~SOL	~~Low~~1%	~~Auto-approve~~~0.99%	~~None~~✓ ~~required~~Allowed
🟡2 ~~31-70~~SOL	~~Medium~~2%	~~Enhanced review queue~~~1.96%	~~Manual~~✓ ~~analyst review within 24h~~Allowed
🔴3 ~~71-100~~SOL	~~High~~3%	~~Auto-reject (Error 6003)~~~2.91%	~~SAR~~✗ ~~filing~~Blocked
5 ~~evaluation~~SOL	5%	~4.76%	✗ Blocked

Note: Examples assume 100 SOL pool reserve. Circuit breaker activates at >2% price impact.

🔹 5.5.4.3 🔬Slippage Chainalysis/TRM IntegrationProtection

~~OTCM~~CEDEX ~~integrates~~provides ~~with~~configurable ~~industry-leading~~slippage ~~blockchain~~protection ~~analytics~~ensuring ~~providers:~~users receive expected value:

~~Provider~~	~~Capability~~
🔬 ~~Chainalysis KYT~~	~~Real-time transaction screening with 15-second SLA~~
🔍 ~~TRM Labs Forensics~~	~~Deep historical analysis and entity resolution~~
🌐 ~~Elliptic Navigator~~	~~Cross-chain exposure analysis for multi-chain actors~~

~~Provider~~

~~Capability~~

🔬

~~Chainalysis KYT~~

~~Real-time transaction screening with 15-second SLA~~

🔍

~~TRM Labs Forensics~~

~~Deep historical analysis and entity resolution~~

🌐

~~Elliptic Navigator~~

~~Cross-chain exposure analysis for multi-chain actors~~

5.5.4 📜 Implementation

~~rust~~

// AMLSlippage ScreeningProtection Implementation

pub ~~const~~struct ~~LOW_RISK_THRESHOLD:~~SwapParams u8{

~~= 30;~~

pub ~~const~~input_amount: ~~HIGH_RISK_THRESHOLD:~~u64,

~~u8 = 71;~~

pub ~~fn screen_aml( sender: &Pubkey, recipient: &Pubkey, amount:~~min_output: u64, ~~) -> Result<AmlScreeningResult> {~~ // ~~Query~~Minimum ~~analytics~~acceptable ~~providers~~output

~~let~~

pub ~~sender_risk~~max_slippage_bps: ~~= query_chainalysis(sender)?; let recipient_risk = query_chainalysis(recipient)?;~~u16, // ~~Use~~Maximum higher of two risk scores let max_risk = sender_risk.risk_score.max(recipient_risk.risk_score); match max_risk { 0..=30 => Ok(AmlScreeningResult::AutoApprove), 31..=70 => { // Queue for enhanced review but allow transaction emit!(EnhancedReviewQueued { sender: *sender, recipient: *recipient, risk_score: max_risk, amount, }); Ok(AmlScreeningResult::ApproveWithReview) }, 71..=100 => { // Auto-reject high-risk transactions Err(AmlError::RiskThresholdExceeded { score: max_risk, threshold: HIGH_RISK_THRESHOLD, }.into()) // 6003 }, _ => unreachable!(), } }

📋 ~~Regulatory Reference:~~ ~~31 CFR § 1010 — Bank Secrecy Act AML Requirements~~

❌ ~~Error Code 6003: AML_RISK_EXCEEDED~~ Transaction rejected due to high AML risk score (71-100). Wallet may have exposure to: money laundering, sanctions evasion, theft proceeds, darknet markets, or coordinated suspicious activity. Appeal requires compliance review.

5.6 🪪 Hook 4: Redemption Eligibility Verification

~~The Redemption Eligibility Verification hook implements a critical distinction~~slippage in ~~OTCM's~~basis ~~compliance architecture: while~~ ~~permissionless trading~~ ~~allows any wallet to purchase and transfer ST22 tokens,~~ ~~redemption~~ ~~(conversion to underlying equity shares) requires investor verification in accordance with federal securities law.~~

5.6.1 📋 KYC/AML Requirements

~~Before a wallet can redeem ST22 tokens for underlying shares, the beneficial owner must complete comprehensive verification:~~

~~Requirement~~	~~Verification Method~~
🪪 ~~Identity Verification~~	~~Government-issued photo ID + liveness check via Jumio/Onfido~~
🏠 ~~Address Verification~~	~~Utility bill or bank statement within 90 days~~
🔢 ~~SSN/TIN Verification~~	~~IRS W-9 form with SSN/TIN matching~~
🚫 ~~Sanctions Screening~~	~~72-hour waiting period after initial OFAC/SDN clear~~
👔 ~~PEP Screening~~	~~Politically Exposed Person database check~~

5.6.2 🎖️ Accredited Investor Verification

~~For offerings conducted under~~ ~~SEC Regulation D Rule 506(c)~~~~, additional accreditation verification is required:~~points

~~rust~~

// Accreditation Status Types
pub enum AccreditationStatus {
    /// Not verified - cannot redeem Reg D offerings
    NotVerified,
    /// Verified accredited investor
    Accredited {
        method: AccreditationMethod,
        verification_date: i64,
        expiration_date:deadline: i64, // TypicallyUnix 90timestamp days
        verifier: String,      // e.g., "VerifyInvestor.com"
    },
    /// Non-accredited but permitted (Reg A+ or Reg CF)
    NonAccreditedPermitted {
        regulation: OfferingRegulation,
        investment_limit: u64,
    },
}

pub enum AccreditationMethod {
    Income,         // $200K/$300K annual income
    NetWorth,       // $1M+ net worth excluding residence
    Professional,   // Series 7, 65, or 82 license
    Entity,         // Qualified entity (bank, trust, etc.)
    KnowledgeTest,  // SEC proposed "accreditation exam"
}

5.6.3 📜 Implementation

~~rust~~expiry

}

// Redemption Eligibility Verification
pub fn verify_redemption_eligibility(execute_swap_with_protection(

~~wallet:~~

ctx: ~~&Pubkey,~~Context<Swap>,

~~token_mint:~~

params: ~~&Pubkey,~~SwapParams,

~~amount: u64,~~

) -> Result<()> {

// LoadCheck investordeadline
recordrequire!(

Clock::get()?.unix_timestamp <= params.deadline,

SwapError::DeadlineExceeded

);

// Calculate output
let investoroutput = get_investor_record(wallet)calculate_output(...)?;
// CheckVerify KYCslippage completiontolerance
require!(

investor.kyc_status == KycStatus::Verified, RedemptionError::KycIncomplete // 6004 ); // Check 72-hour sanctions cooling period let current_time = Clock::get()?.unix_timestamp; let cooling_period = 72 * 60 * 60; // 72 hours in seconds require!( current_time - investor.sanctions_clear_timestamp

output >= ~~cooling_period,~~params.min_output,

~~RedemptionError:~~

SwapError::~~SanctionsCoolingPeriod~~SlippageExceeded

);

// 6004Execute );swap

~~// Load offering details let offering = get_offering_details(token_mint)~~

execute_swap(output)?;

// Check accreditation if Reg D 506(c) if offering.regulation == Regulation::RegD506c { match &investor.accreditation { AccreditationStatus::Accredited { expiration_date, .. } => { require!( current_time < *expiration_date, RedemptionError::AccreditationExpired // 6004 ); }, _ => { return Err(RedemptionError::AccreditationRequired.into()); } } }

Ok(())
}

📋}
~~Regulatory~~
🔹 ~~Reference:~~5.4.4 17Liquidity ~~CFR~~Depth ~~230.506(c)~~Analysis
—
Pool ~~Regulation~~liquidity Ddepth ~~Accredited~~determines ~~Investor~~trading ~~Requirements~~efficiency. CEDEX targets minimum liquidity levels ensuring acceptable price impacts:

❌Pool ~~Error~~TVL
Max ~~Code 6004: REDEMPTION_ELIGIBILITY_FAILED~~ ~~Wallet not eligible for redemption. Possible causes: KYC incomplete, sanctions cooling period active~~Trade (~~<72h)~~2%)
Market Depth
Classification
$100K
~$2,000
Low
Early Stage
$500K
~$10,000
Moderate
Developing
$1M
~$20,000
Good
Mature
$5M+
~$100,000+
Deep
Institutional

🏗️ 5.5 Circuit Breaker Architecture

CEDEX implements a comprehensive circuit breaker system protecting markets from manipulation, flash crashes, and coordinated attacks. Inspired by traditional securities exchange mechanisms (NYSE Rule 80B, NASDAQ halt procedures), ~~accreditation~~these ~~expired/missing~~protections ~~for~~operate ~~Reg~~at Dthe ~~offerings.~~smart ~~Note:~~contract ~~Trading~~level iswith ~~still~~no ~~permitted;~~administrative ~~only~~override ~~redemption~~capability.
to
🔹 ~~shares is blocked.~~

❌Pool ~~Error~~TVL	Max ~~Code 6004: REDEMPTION_ELIGIBILITY_FAILED~~ ~~Wallet not eligible for redemption. Possible causes: KYC incomplete, sanctions cooling period active~~Trade (~~<72h)~~2%)	Market Depth	Classification
$100K	~$2,000	Low	Early Stage
$500K	~$10,000	Moderate	Developing
$1M	~$20,000	Good	Mature
$5M+	~$100,000+	Deep	Institutional

5.7 📉 Hook 5:5.1 Price Impact Circuit Breaker

Limits

~~The~~CEDEX ~~Price~~enforces ~~Impact~~a ~~Circuit~~hard ~~Breaker~~limit ~~prevents~~on price impact per transaction. Any single ~~transactions from causing excessive market movement, implementing regulatory objectives prohibiting manipulative trading devices. Any~~ transaction causing greater than 2% price movement against the Time-Weighted Average Price (TWAP) oracle is automatically ~~rejected.~~rejected:

Dimension	Analysis Method	Suspicious Threshold
Wallet Clustering	Graph analysis of funding sources	>5 wallets sharing funding source
Timing Correlation	Transaction timestamp clustering	>3 sells within 10-second window
Amount Correlation	Statistical analysis of sale sizes	<5% variance across multiple sales
Price Impact Correlation	Sequential impact accumulation	Cumulative >5% within 1 hour

Parameter	Specification
Execution Speed	Immediate (subject to compliance verification ~2-3 seconds)
Price ~~Impact~~Guarantee	None — executes at current pool price
Slippage Protection	Configurable (default 1%, max 5%)
Partial Fills	Not supported — all-or-nothing execution
Circuit Breaker	Rejects if price impact exceeds 2% TWAP deviation

Fee Component	Rate	Purpose
Issuer Allocation	2.00%	Revenue share to issuing company treasury
Staking Rewards	1.50%	Distributed to OTCM token stakers (8-60% APY)
Protocol Operations	1.06%	Infrastructure, compliance oracles, development
Liquidity Pool Growth	0.44%	Permanently locked in OTCM LP for depth
TOTAL	5.00%	Complete fee structure

//
5.7.1Price 📊Impact Limit Implementation

pub const MAX_PRICE_IMPACT_BPS: u16 = 200; // 2% maximum

pub fn check_price_impact(

ctx: Context<PriceImpactCheck>,

proposed_trade: &SwapParams,

) -> Result<()> {

let twap = ctx.accounts.twap_oracle.get_price()?; let expected_price = calculate_expected_price(proposed_trade)?; // Calculate deviation from TWAP let deviation_bps = ((twap - expected_price).abs() * 10000) / twap; require!(

deviation_bps <= MAX_PRICE_IMPACT_BPS as u64,

CedexError::PriceImpactExceeded // Error 6006

);

Ok(())

}

This mechanism forces market participants to provide liquidity gradually versus attempting sudden massive liquidation. Large sellers must split orders across multiple transactions, allowing the market to absorb supply incrementally.

🔹 5.5.2 Volume-Based Halts

If any single wallet attempts to sell greater than 30% of circulating ST22 supply within a 24-hour period, transaction execution pauses for 24 hours:

// Volume-Based Halt Implementation

pub const MAX_DAILY_SELL_PERCENT: u8 = 30; // 30% max daily sale

pub const HALT_DURATION_SECONDS: i64 = 86400; // 24 hours

pub struct WalletTrackingState {

pub wallet: Pubkey,

pub daily_sell_amount: u64,

pub tracking_window_start: i64,

pub is_halted: bool,

pub halt_expiry: Option<i64>,

}

pub fn check_volume_limit(

ctx: Context<VolumeCheck>,

sell_amount: u64,

) -> Result<()> {

let tracking = &mut ctx.accounts.wallet_tracking; let circulating_supply = ctx.accounts.mint.supply; // Reset tracking window if >24h elapsed let current_time = Clock::get()?.unix_timestamp;

if current_time - tracking.tracking_window_start > HALT_DURATION_SECONDS {

tracking.daily_sell_amount = 0;

tracking.tracking_window_start = current_time;

}

// Check if halt is active

if tracking.is_halted {

if current_time < tracking.halt_expiry.unwrap() {

return Err(CedexError::WalletHalted.into());

}

tracking.is_halted = false;

}

// Check if this sale would exceed limit let new_daily_total = tracking.daily_sell_amount + sell_amount; let threshold = circulating_supply * MAX_DAILY_SELL_PERCENT as u64 / 100;

if new_daily_total > threshold {

tracking.is_halted = true;

tracking.halt_expiry = Some(current_time + HALT_DURATION_SECONDS);

return Err(CedexError::DailySellLimitExceeded.into());

}

tracking.daily_sell_amount = new_daily_total;

Ok(())

}

🔹 5.5.3 Coordinated Activity Detection

CEDEX implements machine learning-based detection of coordinated selling patterns suggesting manipulative intent. The algorithm analyzes four correlation dimensions:

Dimension
Analysis Method
Suspicious Threshold
Wallet Clustering
Graph analysis of funding sources
>5 wallets sharing funding source
Timing Correlation
Transaction timestamp clustering
>3 sells within 10-second window
Amount Correlation
Statistical analysis of sale sizes
<5% variance across multiple sales
Price Impact Correlation
Sequential impact accumulation
Cumulative >5% within 1 hour

When coordinated activity is detected, affected wallets enter 24-hour cooldown periods, and the compliance team receives alerts for manual review.

🔹 5.5.4 Time-Weighted Average Price (TWAP) Oracle ~~Integration~~

The TWAP oracle provides manipulation-resistant ~~reference~~price ~~pricing:~~data for circuit breaker calculations:

~~rust~~

// TWAP Oracle Implementation

pub struct TwapOracle {

pub token_mint: Pubkey,

pub price_observations: Vec<PriceObservation>,

pub observation_window: i64, /// ~~Rolling~~1 1-hour ~~TWAP pub twap_1h: u64, /// Rolling 24-hour TWAP pub twap_24h: u64, /// Number of observations~~ in ~~window~~seconds
~~pub observation_count: u32, /// Minimum observations required~~
pub min_observations: u32, /// ~~Last~~Minimum ~~update~~60 ~~slot~~observations
~~pub~~
}
~~last_update_slot: u64, }~~
impl TwapOracle {

pub fn get_reference_price(calculate_twap(&self) -> Result<u64> { //let Usecurrent_time shorter= TWAPClock::get()?.unix_timestamp; forlet morewindow_start responsive= circuitcurrent_time breakers- self.observation_window; // but require minimumFilter observations towithin preventwindow manipulationlet valid_observations: Vec<_> = self.price_observations

.iter()

.filter(|o| o.timestamp >= window_start)

.collect();

require!(
~~self.observation_count~~
valid_observations.len() >= self.~~min_observations,~~min_observations as usize,

OracleError::InsufficientObservations ~~); Ok(self.twap_1h) } }~~

~~5.7.2 🛑 2% Threshold Enforcement~~

~~The 2% threshold forces large market participants to execute trades gradually, preventing sudden price dislocations:~~

~~rust~~);

// Time-weighted calculation let mut weighted_sum: u128 = 0; let mut total_time: u128 = 0;

for i in 1..valid_observations.len() {

let time_delta = valid_observations[i].timestamp -

valid_observations[i-1].timestamp;

weighted_sum += valid_observations[i-1].price as u128 * time_delta as u128;

total_time += time_delta as u128;

}

Ok((weighted_sum / total_time) as u64)

}

}

📋 5.6 Order Types and Execution

CEDEX supports multiple order types optimized for different trading strategies while maintaining compliance verification for all executions.

🔹 5.6.1 Market Orders

Market orders execute immediately at current pool prices, subject to slippage tolerance:

Parameter
Specification
Execution Speed
Immediate (subject to compliance verification ~2-3 seconds)
Price ~~Impact~~Guarantee
None — executes at current pool price
Slippage Protection
Configurable (default 1%, max 5%)
Partial Fills
Not supported — all-or-nothing execution
Circuit Breaker
Rejects if price impact exceeds 2% TWAP deviation

🔹 5.6.2 Limit Orders

Limit orders specify maximum buy price or minimum sell price, executing only when pool price reaches specified threshold:

// Limit Order Data Structure

pub struct LimitOrder {

pub order_id: u64,

pub owner: Pubkey,

pub token_mint: Pubkey,

pub side: OrderSide, // Buy or Sell

pub amount: u64, // Token amount

pub limit_price: u64, // Price threshold (lamports per token)

pub expiry: i64, // Unix timestamp

pub status: OrderStatus,

}

pub enum OrderSide {

Buy, // Execute when pool price <= limit_price

Sell, // Execute when pool price >= limit_price

}

pub enum OrderStatus {

Open,

Filled,

Cancelled,

Expired,

}

🔹 5.6.3 Swap Interface

The primary trading interface presents unified swap functionality:

// Swap Interface (TypeScript) // User-facing swap interface

interface SwapRequest {

inputToken: 'SOL' | ST22Address;

outputToken: 'SOL' | ST22Address;

inputAmount: bigint;

minOutputAmount: bigint;

slippageTolerance: number; // Basis points

deadline: number; // Unix timestamp

}

// Response includes compliance verification status

interface SwapResponse {

transactionId: string;

inputAmount: bigint;

outputAmount: bigint;

effectivePrice: number;

priceImpact: number;

fees: {

protocol: bigint;

network: bigint;

};

complianceVerification: {

status: 'VERIFIED' | 'PENDING' | 'REJECTED';

hooks: HookResult[];

duration: number; // milliseconds

};

}

💸 5.7 Fee Structure and Distribution

CEDEX implements a transparent fee structure aligned with protocol sustainability and participant incentives. Unlike traditional exchanges with complex fee tiers, CEDEX applies uniform fees ensuring equal treatment of all market participants.

🔹 5.7.1 Transaction Fee Breakdown

Every CEDEX swap incurs a 5% total transaction fee (500 basis points), distributed as follows:

Fee Component
Rate
Purpose
Issuer Allocation
2.00%
Revenue share to issuing company treasury
Staking Rewards
1.50%
Distributed to OTCM token stakers (8-60% APY)
Protocol Operations
1.06%
Infrastructure, compliance oracles, development
Liquidity Pool Growth
0.44%
Permanently locked in OTCM LP for depth
TOTAL
5.00%
Complete fee structure

🔹 5.7.2 Fee Distribution Mechanism

// Fee Distribution Implementation pub const MAX_PRICE_IMPACT_BPS: u64 = 200; // 2.00% pub fn check_price_impact(distribute_fees(
~~pool:~~
fee_amount: u64,

issuer_treasury: &~~LiquidityPool,~~Pubkey,
~~trade_amount:~~
staking_pool: ~~u64,~~&Pubkey,
~~trade_direction:~~
protocol_treasury: ~~TradeDirection,~~&Pubkey,

liquidity_pool: &Pubkey,

) -> Result<()> {

// Fee distribution ratios (basis points of 5% fee)

const ISSUER_SHARE: u64 = 4000; // ~~Get~~40% ~~TWAP~~of ~~reference~~5% ~~price~~= 2.00%

const STAKING_SHARE: u64 = 3000; // 30% of 5% = 1.50%

const PROTOCOL_SHARE: u64 = 2120; // 21.2% of 5% = 1.06%

const LP_SHARE: u64 = 880; // 8.8% of 5% = 0.44%

// Calculate individual amounts let twapissuer_amount = pool.twap_oracle.get_reference_price()fee_amount * ISSUER_SHARE / 10000; let staking_amount = fee_amount * STAKING_SHARE / 10000; let protocol_amount = fee_amount * PROTOCOL_SHARE / 10000; let lp_amount = fee_amount * LP_SHARE / 10000; // Execute transfers atomically

transfer_sol(issuer_amount, issuer_treasury)?;

transfer_sol(staking_amount, staking_pool)?;

transfer_sol(protocol_amount, protocol_treasury)?;

transfer_sol(lp_amount, liquidity_pool)?; // ~~Calculate~~Permanently ~~expected~~locked
~~post-trade price using CPMM formula let~~
emit!(new_sol_reserve, new_token_reserve) = match trade_directionFeeDistributed { TradeDirection::Buy => ( pool.sol_reserve + trade_amount, pool.token_reserve - calculate_output(trade_amount, pool)?, ), TradeDirection::Sell => ( pool.sol_reserve - calculate_output(trade_amount, pool)?, pool.token_reserve + trade_amount, ),... }; let post_trade_price = new_sol_reserve * 1_000_000_000 / new_token_reserve; // Calculate deviation from TWAP let deviation = if post_trade_price > twap { (post_trade_price - twap) * 10000 / twap } else { (twap - post_trade_price) * 10000 / twap }; require!( deviation <= MAX_PRICE_IMPACT_BPS, CircuitBreakerError::PriceImpactExceeded { expected_impact_bps: deviation, max_allowed_bps: MAX_PRICE_IMPACT_BPS, } // 6006 ); Ok(()) }

📋}
~~Regulatory~~
🔹 ~~Reference:~~5.7.3 17Fee ~~CFR~~Comparison ~~240.10b-5(b)~~Analysis
—
Platform
Swap ~~Prohibition~~Fee
Compliance
LP onRewards
Issuer ~~Manipulative~~Rev
CEDEX
5.00%
✓ ~~Trading~~Full
8-60% ~~Devices~~APY
2.00%
Raydium
0.25%
✗
None
❌Variable
0%
Orca
0.30%
✗ ~~Error~~None
Variable
0%
Pump.fun
1.00%
✗ ~~Code~~None
None
0%
~~6006:~~
💡 ~~PRICE_IMPACT_EXCEEDED~~Fee Justification

While CEDEX's 5% fee exceeds traditional DEX fees, it includes comprehensive compliance verification ($2-5 per transaction in oracle costs), issuer revenue sharing, and permanent liquidity growth. For institutional securities trading, this represents significant cost savings versus traditional broker-dealer infrastructure.

🤖 5.8 MEV Protection

Maximum Extractable Value (MEV) attacks represent one of the most significant threats to DeFi users, with an estimated $1.38 billion extracted from traders in 2023 alone. CEDEX implements multiple protection layers making MEV extraction economically unfeasible.

🔹 5.8.1 Frontrunning Prevention

Frontrunning occurs when malicious actors observe pending transactions and insert their own transactions ahead in the block order to profit from predictable price movements. CEDEX prevents frontrunning through:

Private Transaction ~~would~~Submission: ~~cause~~Transactions >route through Jito's private mempool, invisible to searchers until block inclusion
Slippage Enforcement: Strict slippage limits (default 1%) reduce profitability of frontrunning attempts
Circuit Breaker Integration: 2% price ~~movement~~impact limit prevents large frontrun trades from ~~TWAP.~~executing

🔹 5.8.2 Sandwich Attack Mitigation

Sandwich attacks bracket victim transactions with buy-before and sell-after trades, extracting value through induced price movements. CEDEX's protection mechanisms:

// Sandwich Attack Prevention // Sandwich Attack Scenario (Without Protection): // 1. Attacker sees: User shouldwants reduceto buy 10,000 tokens // 2. Attacker frontruns: Buys 50,000 tokens (price increases) // 3. User trade sizeexecutes: orBuys splitat into multiple smaller transactions. This protects all market participants from suddenhigher price manipulation.

Platform	Swap ~~Prohibition~~Fee	Compliance	LP onRewards	Issuer ~~Manipulative~~Rev
CEDEX	5.00%	✓ ~~Trading~~Full	8-60% ~~Devices~~APY	2.00%
Raydium	0.25%	✗ None	❌Variable	0%
Orca	0.30%	✗ ~~Error~~None	Variable	0%
Pump.fun	1.00%	✗ ~~Code~~None	None	0%

// 
4. 5.8Attacker 💧backruns: HookSells 6:50,000 Liquiditytokens Pool(profit Sufficiency
extracted)
The// LiquidityCEDEX PoolProtection:
Sufficiency// hook1. ensuresTransaction thein OTCMprivate LiquidityJito Poolmempool maintains adequate reserves(invisible to supportattacker)
all// outstanding2. ST22Even tokens.if Thevisible, hook2% confirmscircuit thebreaker poolblocks maintainsattacker's afrontrun
minimum// 150%3. ratioUser oftrade lockedprotected capitalby toslippage circulatingtolerance
ST22// value4. beforeSequential allowinglarge redemptiontrades transactions.
trigger 
coordinated activity detection

🔹 5.8.13 📊Jito 150%Bundle Ratio RequirementIntegration

~~The~~CEDEX ~~150%~~integrates ~~over-collateralization~~with ~~provides~~Jito's ablock-building ~~safety~~infrastructure ~~buffer~~for ~~ensuring~~institutional-grade ~~redemptions~~MEV ~~can always be honored:~~protection:

~~Component~~Feature	~~Calculation~~Implementation
💰Bundle ~~Locked Capital~~Submission	~~Total~~All ~~SOL~~CEDEX intrades ~~unified~~submitted LPas ~~(permanently~~Jito ~~locked)~~bundles with guaranteed atomicity
🎫Private ~~Circulating Value~~Mempool	~~Sum~~Transactions ofinvisible until block inclusion (~~ST22~~no ~~supply~~public ×mempool ~~current price) for all tokens~~exposure)
📊Priority ~~Sufficiency Ratio~~Fees	~~Locked~~Dynamic ~~Capital~~priority /fee ~~Circulating~~calculation ~~Value~~for ×reliable ~~100%~~inclusion
✅Backrun ~~Minimum Required~~Protection	≥Bundle ~~150%~~structure —prevents ~~redemptions~~insertion ~~pause~~between ifcompliance ~~below~~verification and execution

⚡

5.8.2 📜 Implementation

~~rust~~

// Liquidity Sufficiency Check
pub const MIN_SUFFICIENCY_RATIO_BPS: u64 = 15000;  // 150%

pub fn check_liquidity_sufficiency(
    pool: &UnifiedLiquidityPool,
    redemption_amount: u64,
) -> Result<()> {
    // Calculate current ratio
    let locked_capital = pool.total_sol_reserve;
    let circulating_value = calculate_total_circulating_value(pool)?;
    
    // Add redemption impact
    let post_redemption_capital = locked_capital - redemption_amount;
    let post_redemption_ratio = post_redemption_capital * 10000 / circulating_value;
    
    require!(
        post_redemption_ratio >= MIN_SUFFICIENCY_RATIO_BPS,
        LiquidityError::InsufficientLiquidity {
            current_ratio: post_redemption_ratio,
            required_ratio: MIN_SUFFICIENCY_RATIO_BPS,
        }  // 6007
    );
    
    Ok(())
}

📋 ~~Regulatory Reference:~~ ~~Securities Exchange Act Rule 15c2-11 — Capital Adequacy Requirements~~

❌ ~~Error Code 6007: LIQUIDITY_INSUFFICIENT~~ Pool ratio below 150% threshold. Redemptions temporarily paused until trading volume rebuilds reserves. Regular ST22 trading (non-redemption) remains permitted. Users can wait for ratio recovery or reduce redemption amount.

5.9 🛡️ Thirty-Six Supplementary Security Controls

~~Beyond the six primary Transfer Hooks, OTCM implements~~ ~~thirty-six supplementary security controls~~ ~~integrated into the transfer hook logic, creating a comprehensive~~ ~~42-point security framework~~.

5.9.1 📜 Smart Contract Controls (1-6)

#	~~Control~~	~~Description~~
~~1️⃣~~	~~Formal Verification~~	~~Certora Prover mathematical proof of contract correctness~~
~~2️⃣~~	~~Multi-Audit Requirement~~	~~Independent audits by Quantstamp, Halborn, and OtterSec~~
~~3️⃣~~	~~Immutable Bytecode~~	~~No proxy pattern—code cannot be changed post-deployment~~
~~4️⃣~~	~~Bug Bounty Program~~	~~Up to $500K rewards for critical vulnerabilities~~
~~5️⃣~~	~~Reentrancy Guards~~	~~Check-Effects-Interactions pattern enforcement~~
~~6️⃣~~	~~Integer Overflow Protection~~	~~Rust's checked arithmetic prevents overflow attacks~~

5.9.2 🔐 Access Control Framework (7-12)

#	~~Control~~	~~Description~~
~~7️⃣~~	~~Multi-Sig Administration~~	~~4-of-7 threshold for administrative actions~~
~~8️⃣~~	~~Timelock Delays~~	~~48-hour delay on all parameter changes~~
~~9️⃣~~	~~Role-Based Access~~	~~Granular permission system (operator, compliance, admin)~~
🔟	~~Emergency Pause~~	~~2-of-7 emergency pause with 24hr auto-unpause~~
~~1️⃣1️⃣~~	~~DAO Override~~	~~2/3 supermajority required for lock override~~
~~1️⃣2️⃣~~	~~Key Rotation~~	~~Quarterly key rotation with HSM backing~~

5.9.3 ⚛️ Transaction Integrity Controls (13-18)

#	~~Control~~	~~Description~~
~~1️⃣3️⃣~~	~~Atomic Execution~~	~~All-or-nothing transaction commitment~~
~~1️⃣4️⃣~~	~~Orphan Prevention~~	~~No partial execution states possible~~
~~1️⃣5️⃣~~	~~Replay Protection~~	~~Unique transaction signatures prevent replay~~
~~1️⃣6️⃣~~	~~Nonce Management~~	~~Sequential nonces prevent transaction ordering attacks~~
~~1️⃣7️⃣~~	~~Deadline Enforcement~~	~~Transactions expire after specified block height~~
~~1️⃣8️⃣~~	~~Slippage Protection~~	~~User-configurable maximum price deviation~~

5.9.4 🔮 Oracle & Data Controls (19-24)

#	~~Control~~	~~Description~~
~~1️⃣9️⃣~~	~~Multi-Oracle Consensus~~	~~Cross-reference multiple data sources~~
~~2️⃣0️⃣~~	~~Staleness Detection~~	~~Reject data older than threshold (10 min)~~
~~2️⃣1️⃣~~	~~Signature Verification~~	~~Ed25519 verification of all oracle data~~
~~2️⃣2️⃣~~	~~Rate Limiting~~	~~Maximum oracle queries per block per mint~~
~~2️⃣3️⃣~~	~~Fallback Oracles~~	~~Automatic failover to backup data sources~~
~~2️⃣4️⃣~~	~~Data Freshness Proofs~~	~~On-chain attestation of data recency~~

5.9.5 👁️ Monitoring & Alerting (25-30)

#	~~Control~~	~~Description~~
~~2️⃣5️⃣~~	~~Real-Time Monitoring~~	~~24/7 transaction pattern analysis~~
~~2️⃣6️⃣~~	~~Anomaly Detection~~	~~ML-based unusual activity identification~~
~~2️⃣7️⃣~~	~~SEC Notification~~	~~Automatic reporting of compliance failures~~
~~2️⃣8️⃣~~	~~Compliance Dashboard~~	~~Real-time visibility for regulators~~
~~2️⃣9️⃣~~	~~Audit Log Export~~	~~On-demand historical data retrieval~~
~~3️⃣0️⃣~~	~~Alert Escalation~~	~~Tiered notification for severity levels~~

5.9.6 🏛️ Governance & Recovery (31-36)

#	~~Control~~	~~Description~~
~~3️⃣1️⃣~~	~~Proposal System~~	~~On-chain governance for parameter changes~~
~~3️⃣2️⃣~~	~~Voting Mechanism~~	~~Token-weighted voting with delegation~~
~~3️⃣3️⃣~~	~~Quorum Requirements~~	~~Minimum participation thresholds~~
~~3️⃣4️⃣~~	~~Veto Power~~	~~Compliance officer veto on security-relevant proposals~~
~~3️⃣5️⃣~~	~~Migration Capability~~	~~Controlled upgrade path for critical fixes~~
~~3️⃣6️⃣~~	~~Disaster Recovery~~	~~Documented procedures for catastrophic scenarios~~

5.10 ⚠️ Error Handling and Recovery

~~Code~~	~~Hook~~	~~Condition~~	~~🔧 User Action~~
❌ ~~6001~~	~~🔍 Custody~~	~~Discrepancy >0.01%~~	~~Wait, retry, contact issuer~~
❌ ~~6002~~	~~🚫 OFAC~~	~~Sanctioned address~~	~~PERMANENT~~ ~~— contact OFAC~~
❌ ~~6003~~	~~🕵️ AML~~	~~Risk score 71-100~~	~~Request compliance review~~
❌ ~~6004~~	~~🪪 Redemption~~	~~KYC/accreditation issue~~	~~Complete verification~~
❌ ~~6006~~	~~📉 Price Impact~~	~~>2% TWAP deviation~~	~~Reduce size, split trade~~
❌ ~~6007~~	~~💧 Liquidity~~	~~<150% pool ratio~~	~~Wait for ratio recovery~~

5.11 📊 Performance Specifications

Metric	~~Value~~Specification	Notes
⏱️Throughput ~~Total Hook Latency~~(TPS)	~~750-1,350ms~~400-600	~~Sequential~~Limited ~~execution~~by compliance verification
🔢Compliance Latency	2,000-3,000ms	Six hooks + oracle queries
Execution Latency	400-600ms	CPMM swap post-verification
Block Finality	~13 seconds	32 Solana blocks
Compute Units	~800,000 CU	Per complete ~~transfer~~swap transaction
⚡Network ~~Effective TPS~~Fee	~~400-600~~~$0.01-0.05	~~Compliance~~Solana ~~overhead~~
💵base ~~Oracle~~+ ~~Cost/Transfer~~	~~$2-5~~	~~Chainalysis,~~priority ~~Empire APIs~~fee

🏗️

5.12 🔍10 Security Audit StatusArchitecture

~~Auditor~~CEDEX security combines smart contract hardening, economic attack resistance, and operational security measures:	~~Status~~Smart Contract Security
🔬 ~~Quantstamp~~	~~Audit~~ Formal ~~scheduled~~verification Q1using ~~2026~~
🔍 ~~Halborn~~	~~Engagement in progress~~
🦦 ~~OtterSec~~	~~Preliminary review complete~~
✅ Certora ~~Formal~~Prover Security ~~Verification~~	~~Specification~~audits ~~development~~by ~~underway~~
🐛Quantstamp, ~~Bug~~Halborn, ~~Bounty~~	~~$500K~~and OtterSec Active bug bounty program ~~launching~~(up ~~with~~to ~~mainnet~~

$100K

rewards)

Immutable core contracts post-deployment Economic Security

Circuit breakers prevent flash loan attacks

TWAP oracle resists price manipulation

Permanent liquidity locks prevent rug pulls

Volume limits prevent coordinated dumps Operational Security

Multi-signature admin keys (4-of-7 threshold)

48-hour timelock on parameter changes

Real-time monitoring and alerting

Incident response playbooks ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📈 Section 5: CEDEX — Centralized-Decentralized Exchange

📈 SECTION 5: CEDEX — CENTRALIZED-DECENTRALIZED EXCHANGE

💡 5.1 🚀 Architectural Innovation

🔹 5.1.1 The DEX Incompatibility Problem

🔹 5.1.2 Why Existing DEXs Cannot Support ST22 transfer triggers sequential execution of six independent verification hooks, completing comprehensive compliance verification before transaction settlement.

5.1.1 📋 SPL Token-2022 Standard OverviewTokens

5.1.2 ⚙️ Transfer Hook Extension Mechanism

5.1.3 📜The Compliance-as-CodeCEDEX Design Philosophy

🔹 5.1.4 Compliance-First vs Compliance-Retrofitted

5.1.4Custom ⚖️AMM Regulatory Advantages

5.2 🔄 Transfer Hook Execution Flow

🔹

5.2.1 🪝Dual-Layer HookExecution Invocation SequenceModel

🔹 ▼5.2.2 Compliance Verification Layer

🔹 5.2.3 Trading Execution Layer

🔹 5.2.4 Layer Synchronization Protocol

🏗️ 5.2 Dual-Layer Execution Architecture

🔹 5.2.1 Dual-Layer Execution Model

🔹 5.2.2 Compliance Verification Layer

🔹 5.2.3 Trading Execution Layer

🔹 5.2.4 Layer Synchronization Protocol

📉 5.3 Bonding Curve Bootstrap Phase

🔹 5.4.1 Initial Price Discovery Mechanism

5.2.2 📊 Sequential vs Parallel Execution

5.2.3 ⚛️ Atomic Transaction Guarantees

🔹 ATOMIC5.4.2 EXECUTIONLinear GUARANTEEBonding │Curve └─────────────────────────────────────────────────────────────────┘Mathematics

🔹 5.2.43.3 ⏱️Graduation ExecutionCriteria

occurs automatically when ANY criterion is met (OR logic). The 127,000 holder threshold represents approximately 0.5% of Solana's active wallet base, providing mathematical proof of genuine community adoption rather than artificial inflation.

🔹 5.34.4 🔍Transition Hookto 1:Permanent Custody Verification Oracle

5.3.1 🏗️ Oracle Architecture

5.3.2 🏛️ Empire Stock Transfer Integration

5.3.3 ⚠️ Discrepancy Detection

🔁 5.4 Constant Product Market Maker (CPMM)

🔹 5.4.1 CPMM Mathematical Foundation

🔹 5.4.2 Price Impact Calculation

5.4 🚫 Hook 2: OFAC Sanctions Screening

5.4.1 📋 SDN List Integration

5.4.2 🔗 Address Clustering Analysis

5.4.3 📜 Implementation

5.5 🕵️ Hook 3: Blockchain Analytics Screening

5.5.1 🤖 ML Risk Assessment

5.5.2 📊 Risk Scoring Model

🔹 5.5.4.3 🔬Slippage Chainalysis/TRM IntegrationProtection

5.5.4 📜 Implementation

5.6 🪪 Hook 4: Redemption Eligibility Verification

5.6.1 📋 KYC/AML Requirements

5.6.2 🎖️ Accredited Investor Verification

5.6.3 📜 Implementation

🔹 Reference:5.4.4 17Liquidity CFRDepth 230.506(c)Analysis

🏗️ 5.5 Circuit Breaker Architecture

🔹 shares is blocked.

5.7 📉 Hook 5:5.1 Price Impact Circuit Breaker

5.7.1Price 📊Impact Limit Implementation

🔹 5.5.2 Volume-Based Halts

🔹 5.5.3 Coordinated Activity Detection

🔹 5.5.4 Time-Weighted Average Price (TWAP) Oracle Integration

5.7.2 🛑 2% Threshold Enforcement

📋 5.6 Order Types and Execution

🔹 5.6.1 Market Orders

🔹 5.6.2 Limit Orders

🔹 5.6.3 Swap Interface

💸 5.7 Fee Structure and Distribution

🔹 5.7.1 Transaction Fee Breakdown

🔹 5.7.2 Fee Distribution Mechanism

🔹 Reference:5.7.3 17Fee CFRComparison 240.10b-5(b)Analysis

🤖 5.8 MEV Protection

🔹 5.8.1 Frontrunning Prevention

🔹 5.8.2 Sandwich Attack Mitigation

5.8Attacker 💧backruns: HookSells 6:50,000 Liquiditytokens Pool(profit Sufficiency

🔹 5.8.13 📊Jito 150%Bundle Ratio RequirementIntegration

⚡

5.8.2 📜 Implementation

5.9 🛡️ Thirty-Six Supplementary Security Controls

5.9.1 📜 Smart Contract Controls (1-6)

5.9.2 🔐 Access Control Framework (7-12)

5.9.3 ⚛️ Transaction Integrity Controls (13-18)

5.9.4 🔮 Oracle & Data Controls (19-24)

5.9.5 👁️ Monitoring & Alerting (25-30)

5.9.6 🏛️ Governance & Recovery (31-36)

5.10 ⚠️ Error Handling and Recovery

`5.7.1Price 📊Impact Limit Implementation`