Signing Flow
End-to-end transaction signing sequence in DALP, from on-chain compliance validation through the unified signer interface to MPC custody providers (DFNS and Fireblocks), including custodian policy evaluation and blockchain broadcast.
Purpose: Describes the end-to-end path a DALP transaction takes from initiation through dual-layer policy enforcement to on-chain execution.
Doc type: Explanation
What you'll find here:
- End-to-end signing sequence with diagram
- Step-by-step flow breakdown (compliance simulation, custody signing, broadcast)
- Two-layer policy model (on-chain compliance + custodian policies)
- Failure modes and resolution
See also: Key Guardian | Transaction Signer | Identity & compliance
Overview
Every DALP transaction passes through two independent policy layers before reaching the blockchain:
- On-chain compliance --- the SMART Protocol verifies identity claims, transfer restrictions, and supply limits via simulation.
- Custodian policy --- the configured custody provider (DFNS or Fireblocks) applies operational controls (amount limits, multi-party approval) before MPC signing.
Neither layer can be bypassed independently. A transaction must pass both to complete.
End-to-end sequence
Flow steps
-
Initiate transaction --- The operation enters the Execution Engine, which builds the payload, estimates gas, and assigns a nonce. No signing or state change occurs yet.
-
On-chain compliance pre-check --- The engine simulates via
eth_callagainst the SMART Protocol'scanTransfer. This checks identity claims, compliance modules, and amount/volume limits without spending gas. If simulation reverts, the failure surfaces immediately. -
Unified signer interface --- The Transaction Signer delegates to a provider-agnostic layer abstracting over DFNS, Fireblocks, and local key backends. Switching providers requires only configuration.
-
Custody provider MPC signing --- The active provider evaluates its own policy rules before combining MPC key shares. If policy requires approval, the transaction enters a pending state until actioned out-of-band.
-
Broadcast and on-chain execution --- The signed transaction is submitted via
eth_sendRawTransaction. The compliance engine enforcescanTransferagain on-chain. If compliance state changed between simulation and broadcast, the transaction reverts.
Two-layer policy model
| Layer | Where enforced | What it controls | Configured by |
|---|---|---|---|
| On-chain compliance | SMART Protocol contracts | Identity/KYC claims, country restrictions, blocklists, supply caps, investor counts, time locks, volume modules | Issuer / compliance manager via DALP API |
| Custodian policies | DFNS policy engine or Fireblocks TAP | Per-transaction amount limits, rolling spend limits, approver workflows, IP/time restrictions, destination allowlists | Operations team in provider dashboard |
Key invariants:
- Layer 1 (on-chain) enforces regulatory compliance at protocol level and cannot be bypassed off-chain
- Layer 2 (custodian) provides operational controls and approval workflows at infrastructure level
- Both layers must pass for a transaction to complete
- On-chain amount limits (via custom compliance modules) are auditable on-chain; custodian limits are off-chain operational controls
Failure modes
| Failure point | Cause | Resolution |
|---|---|---|
| Simulation revert | On-chain compliance module blocked the transaction | Check compliance status, claims, and module configuration |
| Custodian policy block | Transaction exceeds custodian amount limit or rule | Adjust policy thresholds or request approval |
| Pending approval timeout | Approvers have not actioned the request | Escalate or configure auto-reject after timeout |
| MPC signing failure | Network or provider issue | Automatic retry with exponential backoff |
| Broadcast failure | Gas underpricing or nonce conflict | Transaction Signer resubmits with increased gas |
| On-chain revert | Compliance state changed between simulation and broadcast | Surface revert reason; re-evaluate compliance |
See also
- Key Guardian --- key storage backends including DFNS and HSM
- Transaction Signer --- gas management, nonce coordination, and retry logic
- Identity & compliance --- on-chain compliance modules including amount and volume controls
- Chain Gateway --- EVM RPC node access and transaction broadcast
Overview
Index of the primary operational flows in the Digital Asset Lifecycle Platform, covering platform-level transaction sequences and capability-specific distribution and settlement workflows.
Asset Issuance
Step-by-step flow for issuing a new digital asset on the DALP platform, from infrastructure deployment through identity setup, compliance configuration, and initial token operations.