Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
TSI's architecture is designed with security, efficiency, and institutional needs in mind. It comprises three key components:
Fireblocks Embedded Wallet: This provides the foundational security layer. Using Multi-Party Computation (MPC), it ensures that no single party holds the complete private key, preventing unilateral actions and significantly reducing the risk of asset compromise. Key functionalities include:
Checking transaction stage conditions based on pre-set policies, ensuring all transactions adhere to predefined rules.
Requiring multiple signatures (from both the user and Fireblocks) for transaction execution, preventing unauthorized access and internal fraud.
TSI System: This is the core platform that orchestrates all borrowing, lending, matching, and liquidation processes according to pre-set rules. It acts as the central hub for all interactions within the TSI ecosystem, ensuring transparency and efficiency.
Client Web Application: This is the user interface through which borrowers, lenders, and liquidators interact with the TSI system. It provides functionalities for:
Placing borrow and lend orders.
Initiating asset transfers, leveraging the security of the MPC wallets for these actions.
Viewing order status, transaction history, and other relevant information.
Borrower/Lender: These users participate in the core borrowing and lending activities on the platform. Their responsibilities include:
Depositing assets from external wallets into their TSI-managed wallets.
Initiating order placement for borrowing or lending.
Initiating transfer requests.
Sign transactions (as part of the MPC signing process).
Liquidator: This specialized role manages the liquidation of collateral. The liquidators are automated liquidation bots with specific wallet addresses associated with whitelisted entities that have passed KYC verification performed by TSI. Their responsibilities include:
Monitoring on-chain data to identify liquidation opportunities.
Executing liquidations of collateral according to the bot's logic and in compliance with TSI contract rules.
Institutional Admin: This role manages institutional users and wallets within their organization. Their responsibilities include:
Inviting and managing users (borrowers, lenders, and liquidators) within their institution.
Managing the wallets associated with their institutional account.
Assigning wallets to specific users.
Initiating requests for whitelisting withdrawal wallets, which require co-signature from TSI Admin.
TSI Admin: This role manages the core platform infrastructure and ensures its smooth operation. Their responsibilities include:
Managing core markets, digital assets, and network parameters.
Co-signing sensitive operations initiated by Institutional Admins, such as whitelisting withdrawal wallets, adding an extra layer of security.
Fireblocks: As the security provider, Fireblocks plays a crucial role in safeguarding assets. Their responsibilities include:
Providing and managing the MPC wallet infrastructure.
Co-signing transactions with users, enforcing pre-set policies, and preventing unilateral actions.
Fireblocks Embedded Wallets in TSI
Key features of Fireblocks EW within TSI:
2-of-2 MPC Key Management: TSI leverages Fireblocks' 2-of-2 Multi-Party Computation (MPC) signature scheme for enhanced security. This cryptographic technique requires two parties to collaborate on every transaction signature. One key share is stored on the user's device (web or mobile), and the other is secured within an Intel SGX-enabled server managed by Fireblocks. Intel SGX (Software Guard Extensions) provides a hardware-based trusted execution environment, isolating and protecting the key material from unauthorized access, even if the server itself is compromised. This 2-of-2 MPC approach eliminates the single point of failure, ensuring that neither TSI nor Fireblocks can unilaterally access user funds.
Simplified Key Management: Users create a simple passphrase for key recovery, eliminating the need to manage complex seed phrases or mnemonics. This significantly improves the user experience.
Secure Transactions: All transactions within TSI are secured by the MPC protocol, requiring both the user's and Fireblocks' signatures for execution. This prevents unauthorized access and enhances the overall security of the platform.
Enhanced Security and Trust: By using embedded wallets and the 2-of-2 MPC scheme, TSI addresses key concerns regarding regulation, business risk, and user trust. Users have greater confidence in the security of their assets because they control a key share. This also reduces business risk for TSI by not requiring them to act as a custodian.
In essence, the Fireblocks EW integration within TSI provides a secure, user-friendly, and non-custodial solution for managing digital assets, aligning with the highest security standards expected by institutional clients.
The TSI system supports the Ethereum network in the first stage. Later, it will support more chains and aims to support cross-chain borrowing and lending.
TSI leverages Fireblocks (EW) to provide secure and user-controlled digital asset management. This technology empowers TSI users (borrowers, lenders, and liquidators) to maintain full control over their funds without relying on TSI as a custodian.
User Takeover Ability (full private key export): TSI provides clients with the ability to export their full cryptographic keys by utilizing Fireblocks' mechanism. This "User Takeover" feature gives users complete control over their assets, allowing them to move their funds to other wallets or services if they choose. While this feature emphasizes user autonomy, users should exercise caution and understand the potential security implications of managing their keys independently.
Reference:
The supported networks and tokens in TSI are constrained by Fireblocks Embedded Wallet. The supported networks are listed in .
The chart of organization account, wallet and user:
The organization account is the highest-level entity within TSI, representing an institution participating in the platform. An organization must first be created within the TSI system. This account acts as a container for wallets and users associated with that institution.
Wallets within TSI are used to hold and manage digital assets. The above chart shows two example wallets (Wallet A and Wallet B) associated with an organization. Key characteristics of wallets include:
Association with Organizations: Wallets are created and managed within the context of an organization account.
Asset Holding: Each wallet holds a variety of digital assets.
Unique Network-Token Addresses: Each network-token within a wallet has a unique address, ensuring proper tracking and management of assets across different blockchains. The network-token addresses are built automatically when a wallet is created.
The TSI Admin is responsible for the overall management and maintenance of the TSI system. Their key responsibilities include:
Organization Creation: The TSI Admin creates new organization accounts within the system.
Admin Invitation: The TSI Admin invites individuals to become Organization Admins for specific organizations.
The Organization Admin manages the users and wallets within their respective organization. Their key responsibilities include:
Wallet Creation: The Organization Admin creates wallets under their organization's account.
Wallet Assignment: The Organization Admin assigns users to those wallets, granting them appropriate access.
MPC Key Share #2: Similar to users, the Organization Admin also possesses a unique MPC key share (#2) for co-signing transactions related to their administrative duties.
Whitelist Wallets Management: The Organization Admin can create and delete whitelist wallets. The assets in all of the organizational wallets can only be withdrawn to the whitelisted wallets. After the Organization Admin creates a whitelist wallet, the TSI side will confirm the operation with the client and approve the operation, ensuring security and minimizing risk.
Withdrawal: An Organization Admin can withdraw assets from any wallets to any of the whitelist wallets.
Users are individuals who interact with the TSI platform on behalf of an organization. Users are Traders or Trader Viewer.
Trader:
Functionality: Traders can place both borrowing and lending orders within TSI, sign related transactions, manage loans and collaterals.
Wallets: The Organization Admin can associate specific wallets to each trader. A trader can only place orders from the associated wallets.
Withdrawal: Traders can withdraw assets from the associated wallets to any whitelist wallets.
MPC Key Share #2: Each Trader possesses a unique MPC key share (#2), used in conjunction with Fireblocks' key share (#1) to co-sign transactions.
Trader Viewer:
Functionality: Trader Viewers cannot perform any actions in the TSI system. They can only view information like wallet balances, order statuses, transaction statuses, market order books, etc.
Wallets: The Organization Admin can associate specific wallets to each Trader Viewer. A Trader Viewer can only view the associated wallets' information.
A new organization is created within the TSI system by the TSI Admin.
The TSI Admin invites an individual to become the Organization Admin for that organization.
The Organization Admin creates wallets and users under the organization's account.
The Organization Admin assigns users to those wallets, granting them access to manage the assets within the wallets.
MPC Key Generation and Use: Both users and the Organization Admin own and securely store their unique MPC key share (#2). This key share is generated the first time the user or admin signs in to TSI and is securely stored within their device's browser. Each encrypted key share is unique and stored only on the user's or admin's own device. When a transaction is initiated, this key share is used in conjunction with Fireblocks' key share (#1) to create a valid transaction signature. This 2-of-2 MPC scheme ensures that both the user/admin and Fireblocks must participate in signing the transaction, preventing unauthorized access and enhancing security.
This section explains the key security concepts and procedures related to passphrases and MPC keys within TSI. Understanding these concepts is crucial for securely managing your digital assets on the platform.
TSI utilizes Fireblocks' 2-of-2 Multi-Party Computation (MPC) scheme to enhance the security of digital signatures. This means that two key shares are required to sign any transaction:
Key Share #1: This key share is securely held and managed by Fireblocks within a secure enclave.
Key Share #2: This key share is generated by the user (trader/liquidator) or organization admin through Fireblocks' SDK and securely stored within their device's browser.
When a transaction is initiated, the user signs first using their key share (#2). Fireblocks then co-signs the transaction using its key share (#1). This two-step process ensures that no single party can unilaterally authorize a transaction, significantly reducing the risk of unauthorized access or fraud.
Encrypted Storage: The user's MPC key share (#2) is encrypted and stored in two locations:
The user's browser local storage on the associated device.
The Fireblocks server.
Decryption with Passphrase: To use the encrypted key share for signing transactions, it needs to be decrypted using the user's unique passphrase. This passphrase is never transmitted over the network and is only stored in the user's local browser storage and any backups the user may have created.
Local Decryption: When signing a transaction, the decryption process happens entirely within the user's local browser. This ensures that the passphrase is not exposed outside the user's device and browser, enhancing security.
User Responsibility: Users are solely responsible for securely storing and managing their passphrase. TSI ensures that the passphrase is never exposed outside the user's local environment.
Irrecoverable: If a user loses their passphrase, neither Fireblocks nor TSI can recover it. This means the assets in the associated wallets will be locked and irrecoverable. Users must take full responsibility for preserving their passphrase.
Initial Generation: When an organization admin is invited to join TSI, they must generate their MPC key and passphrase. This MPC key contains both an ECDSA key and an EdDSA key, used for signing transactions on EVM and non-EVM chains, respectively. The admin is then prompted to download a JSON file containing their encrypted key share, passphrase information, and a key ID. This file should be stored securely as a backup.
Device and Browser Binding: Once generated, the MPC key is bound to the specific browser and device used during the creation process. If a user wants to access TSI from a different browser or device, they need to recover their MPC key using the downloaded JSON file.
Key Limits: Each organization account can have a maximum of 10 MPC keys generated, a limitation imposed by Fireblocks' Embedded Wallet.
User Invitation and Activation: When an organization admin invites a user, the user must also generate their MPC key. The user then sends a code to the admin for approval, activating the key. This process ensures secure key generation and activation.
Wallet-User Association: Organization admins can associate specific wallets with different users.
Transaction Signing: A user's MPC key can sign transactions and transfer assets from the wallets associated with their account.
By understanding these key aspects of passphrase and MPC key management, TSI users can confidently and securely manage their digital assets on the platform.
Locate the Loan: Before the maturity date, borrowers can find the "Repay" button next to the associated loan in the Wallets -> Liability (Borrower) tab.
Maturity Time: The exact maturity time is 00:00 on the maturity date plus one day, coordinated in UTC+0. For example, if the maturity date is January 30, 2025, the maturity time is 00:00 on January 31, 2025, UTC+0.
Repayment Process:
Before Maturity: Borrowers can repay their loans at any time before maturity by following these steps:
Approve the transfer of debt to the lender
Call the smart contract to execute the transaction
After Maturity: If the loan is not repaid before maturity, the liquidation process will be automatically triggered.
Smart Contract Execution: When the borrower initiates repayment, the smart contract:
Transfers the debt (principal plus accrued interest) from the borrower to the lender
Transfers the collateral from the lender's wallet back to the borrower's wallet
Collateral Return: The collateral return is executed automatically by the smart contract based on the lender's pre-approval that was provided during the loan creation. The borrower does not need to wait for manual action from the lender to receive their collateral back.
Transaction Monitoring: Both the borrower and lender can monitor the status of the repayment and collateral transfer transactions in the Transfers page.
The smart contract ensures that the collateral is only returned to the borrower after confirming the full repayment has been made.
The peer-to-peer nature of the repayment process means assets move directly between user wallets, not through an intermediary.
The TSI system sends reminder notifications to borrowers as the maturity date approaches to help them avoid late repayments.
If the borrower fails to repay by maturity, the liquidation process will be triggered automatically to protect the lender's interests.
If any issues arise during the repayment process, users should contact TSI support for assistance.
Organization Admin Initiation: Organization admins and traders can initiate withdrawals from TSI wallets.
Whitelisted Addresses: Withdrawals can only be made to whitelisted wallet addresses. These are pre-approved addresses, typically belonging to hot wallets, cold wallets or centralized exchange (CEX) wallets.
Creating Whitelist Wallets: Organization admins can create new whitelist entries. To ensure security and minimize the risk of unauthorized access, the creation of whitelist entries requires co-signature from TSI administrators. This dual-control mechanism adds an extra layer of protection against potential hacking attempts.
Network Consistency: The network of the target wallet must match the network of the source wallet for a successful withdrawal. For example, you cannot directly withdraw assets from an Ethereum wallet on TSI to a Solana wallet address. If you need to perform a cross-chain transfer, you must initiate a separate cross-chain transaction using an external service or platform.
Available Asset Balance: The amount of assets available for withdrawal may be less than the total balance displayed in your TSI wallet. This is because a portion of your assets may be locked as collateral for active or pending orders. While these locked assets still belong to you, they cannot be withdrawn until the associated order is canceled or fulfilled.
Always double-check the recipient's wallet address before initiating a withdrawal to prevent any loss of funds.
Be aware of the network compatibility requirements and any potential fees associated with cross-chain transfers.
If you encounter any issues during the withdrawal process, contact TSI support for assistance.
Respond to Margin Calls: Adding collateral is the primary way to respond to margin calls when your position approaches the risk threshold, helping you avoid potential liquidation.
Manage Market Volatility: Adding collateral can increase your health factor, making your loan position more resistant to liquidation. This is beneficial if you anticipate potential market volatility that could decrease the value of your existing collateral.
Capital Efficiency: Removing excess collateral can free up capital for other uses, such as reinvesting or deploying it in other opportunities. However, the remaining collateral after removal should still maintain a healthy level below the risk threshold.
Initiate Addition: As a borrower, you can initiate the collateral addition process by:
Approving the collateral transfer
Calling the smart contract to execute the transaction
Smart Contract Execution: Once you've initiated the process, the smart contract:
Transfers the additional collateral from your wallet to the lender's wallet
Locks the collateral in the lender's wallet, preventing withdrawal
Updates the loan's collateral amount in the system
Health Factor Update: The TSI system automatically recalculates your position's health factor after the additional collateral is confirmed, improving your resistance to liquidation.
Collateral Addition Limits
10x Initial Collateral Limit: Borrowers can add collateral up to a maximum total of 10 times the initial collateral amount used when the loan was created.
For example, if you initially provided 1 BTC as collateral, you can add additional collateral until the total reaches 10 BTC.
Pre-approval Alignment: This 10x limit directly aligns with the lender's pre-approved collateral transfer allowance. When a loan is created, the lender approves a transfer allowance of 10x the initial collateral to the smart contract.
System-Enforced Ceiling: The TSI system enforces this 10x limit to:
Ensure all collateral transfers remain within the lender's pre-approved allowance
Maintain predictable security parameters for both borrowers and lenders
Prevent potential issues where a borrower adds more collateral than the lender has approved for management
Benefit to Borrowers: This design provides borrowers with significant flexibility to increase collateral during market volatility without requiring additional actions from the lender.
Repayment as an Alternative
Partial or Full Repayment: When loan LTV is significantly elevated or market price changes are dramatic, borrowers are encouraged to consider partial or full repayment of the loan instead of simply adding more collateral.
Benefits of Partial Repayment:
Directly reduces your debt principal, immediately improving your loan's LTV ratio
Can be more capital efficient than adding collateral in many scenarios
Provides better protection against continued market volatility
Initiate Removal: As a borrower, you can initiate the collateral removal process by:
Calling the smart contract to transfer the collateral from the lender to you
System Verification: Before processing your request, the TSI system verifies that:
The removal won't push your LTV ratio above the risk threshold
You maintain adequate collateralization after the removal
Smart Contract Execution: If verification passes, the smart contract:
Unlocks the specified amount of collateral in the lender's wallet
Transfers it back to your wallet
Updates the loan's collateral amount in the system
Automated Process: This entire process is executed automatically based on the lender's pre-approval at loan creation, requiring no action from the lender.
LTV Ratio Monitoring: When adding or removing collateral, be mindful of your Loan-to-Value (LTV) ratio. The TSI platform will show you how the adjustment will affect your position before you confirm the transaction.
Risk Management: Carefully assess market conditions before removing collateral. A lower health factor increases your vulnerability to liquidation if the market moves against your position.
Collateral Types: You can only add collateral of the same type originally used for the loan. Different collateral types cannot be mixed within the same loan.
Transaction Timing: Collateral adjustments are processed on-chain and may take some time to be confirmed. Plan your adjustments with sufficient time to respond to market conditions.
Monitoring: It is crucial to monitor your loan status and the value of your collateral, especially after adjusting your collateral levels or during periods of market volatility.
TSI employs a robust on-chain settlement mechanism to ensure the secure, efficient, and trustless execution of all transactions on the platform. This mechanism utilizes smart contracts to orchestrate peer-to-peer transfers, guaranteeing the simultaneous exchange of assets and minimizing counterparty risk for borrowers and lenders.
Direct Peer-to-Peer Transfers:
Assets are transferred directly between user wallets, not through the smart contract.
The smart contract's detector function confirms that both parties have signed their respective transactions.
Only after both signatures are confirmed does the smart contract trigger the actual transfers.
Smart Contract Orchestration:
The smart contract coordinates the timing and execution of transfers to ensure they occur simultaneously.
This ensures that neither party can receive assets without also transferring their corresponding assets.
All transfers are atomic - they either all succeed together or all fail together.
Guaranteed Settlement:
The system ensures that either both sides of the transaction are completed, or neither is, eliminating the risk of loss for either party.
This applies to all transaction types: loan creation, repayment, liquidation, and collateral adjustments.
Transaction Cancellation:
If one party fails to sign their transaction within the designated timeframe, the associated transactions are automatically cancelled. This ensures their assets remain in their wallet.
Security Without Custody:
The settlement mechanism provides security without requiring TSI to take custody of user assets.
All assets remain in user wallets until transfers are executed, eliminating custodial risk.
Reduced Counterparty Risk: TSI's design significantly minimizes counterparty risk by ensuring that TSI never has direct control over client assets. Even though TSI deploys the smart contracts, the platform cannot access or manipulate the funds involved in the settlement process. This is achieved through:
Restricted Smart Contract Functionality: The smart contracts are purpose-built for settlement with predefined rules encoded in their code. Their execution is automated, triggered only when specific conditions are met. This removes any manual intervention or discretion by TSI in the settlement process. The contracts have limited access and cannot arbitrarily transfer assets outside the predefined settlement flow.
Transparency and Auditability: The smart contract code will be transparent to TSI clients, allowing clients to verify the functionality of the smart contract and ensure that it adheres to the stated rules.
Strict audit: The smart contract will be audited by reputational companies, minimizing the risk.
Updates and Notifications: If any updates are made to the smart contract code, TSI clients will be informed to ensure transparency and maintain trust.
Increased Efficiency: The automated nature of smart contracts streamlines the settlement process, reducing manual intervention and potential delays.
Atomic Settlement: Guarantees that both sides of a transaction are executed simultaneously, preventing any party from experiencing a loss due to non-completion.
Automatic Asset Return: If one party fails to fulfill their transfer obligation, the smart contract automatically returns any previously transferred assets to the initiating party. This ensures that funds are not lost due to a counterparty's failure to complete their part of the transaction.
Secure Asset Handling: Assets are not deposited into the smart contract for settlement. Instead, the contract facilitates direct transfers between parties, eliminating concerns about assets being locked in the contract or potential rug-pull risks. This approach prioritizes the security and control of user funds.
TSI's on-chain settlement mechanism is a core component of its institutional-grade platform, providing a secure, efficient, and reliable framework for all transactions.
TSI charges borrowers a fee based on the matched amount, matched interest rate, and days to maturity. The formula for calculating the borrow fee is:
borrowFee = matchedAmount * matchedInterest * (0.1)feeRate * dayToMaturity / 365
where the 0.1 fee rate may vary depending on the TSI's decision and other factors.
Lenders also pay a transaction fee based on the matched amount, fee rate, and days to maturity. The formula for calculating the lend fee is:
lendFee = matchedAmount * (0.1)feeRate * dayToMaturity / 365
TSI imposes a minimum transaction fee to cover rollup and data availability costs. This minimum fee is calculated as:
minFeeAmount = fee * ethPrice / targetPrice
For example, if the minimum fee is 0.0007 ETH, the ETH price is 3000 USD, and the USDC price is 1 USD, the minimum fee in USDC would be: 0.0007 ETH * 3000 USD / 1 USD = 2.1 USDC.
Different order types have different minimum fees:
Lend order: 0.0007 ETH
Borrow order: 0.006 ETH
The exact fee percentage for both borrowers and lenders is determined dynamically based on market conditions and other factors.
The transaction fee is automatically calculated and deducted from the loan transfer after the orders are matched. This means the borrower receives the loan amount minus the borrower's transaction fee. In a separate transaction, the lender pays both their own and the borrower's transaction fees to TSI.
Users can view the details of the transaction fees in their transaction history.
Fixed Income Markets within Custodian Infrastructure for Cryptos and Digital Assets
Term Structure Institutional (TSI) is an institutional-grade platform enabling clients to borrow and lend digital assets at fixed rates within a secure Fireblocks multi-party computation (MPC) wallet environment and a reliable TSI Electronic Communication Network (ECN). By combining transparent and flexible cryptocurrency financing with robust security and institutional-grade features, TSI empowers institutions, lenders, borrowers, and traders to participate in fixed-income markets with greater efficiency and confidence.
Institutions: Gain access to a TradFi-standard ECN, enabling efficient price discovery and transparent market access. TSI offers a familiar trading experience with clear benchmarks, facilitating informed investment decisions.
Lenders & Borrowers: Benefit from fixed interest rates and fixed loan terms, providing predictability and stability for financial planning and strategy execution. This eliminates the uncertainty often associated with open-term lending.
Traders: Trade digital assets securely on a platform powered by Fireblocks' cutting-edge Multi-Party Computation (MPC) wallets. This ensures the highest level of asset protection and mitigates counterparty risk.
Traditional and existing digital asset lending markets present several challenges for institutional participants:
Uncertain Funding on Open Terms: Open-term loans expose institutions to fluctuating interest rates and unpredictable funding conditions, making it difficult to develop and execute long-term strategies. TSI's fixed-rate, fixed-term loans provide the necessary predictability for effective financial planning.
Insecure On-Chain Environment: The DeFi ecosystem, while innovative, has faced security vulnerabilities and hacking risks. This deters institutional adoption. TSI addresses this by leveraging Fireblocks' robust security infrastructure, including MPC key management and transaction signing process.
Limited Strategies in Custodian Wallets: Traditional custodian solutions often lack the functionality required for executing complex trading strategies. TSI overcomes this limitation by providing a platform designed for active participation in borrowing and lending markets.
Inefficient OTC Borrowing Markets: Over-the-counter (OTC) markets for borrowing and lending lack transparency and standardized benchmarks. This leads to inefficiencies in price discovery and creates information asymmetry. TSI's ECN introduces transparency and facilitates efficient price discovery through a centralized order book.
TSI offers a comprehensive suite of solutions to address these challenges:
Fixed-Rate and Fixed-Term Borrowing/Lending: Provides predictable interest rates and loan terms, allowing institutions to manage their finances with greater certainty.
Assets under Secure Custody at All Times: Leverages Fireblocks' institutional-grade MPC wallets to ensure the security of user assets at all times, mitigating counterparty risk.
Secure Over-Collateralized Lending: Offers an additional layer of security by requiring borrowers to provide collateral exceeding the loan value. This protects lenders from potential losses in case of borrower default.
Efficient Collateral Liquidation Process: In the event of a borrower default, TSI provides a transparent and efficient process for liquidating collateral and recovering outstanding debt. This process is designed to minimize losses for lenders and maintain market stability.
TSI prioritizes the security of user accounts and MPC key shares to protect digital assets from unauthorized access and potential threats. We employ a multi-layered approach that combines robust authentication measures, device binding, and the cryptographic strength of MPC.
Mandatory 2FA: All user accounts are required to configure 2FA using an authenticator app. This adds an extra layer of security during login, as users need to provide a unique, time-based code from their authenticator app in addition to their password.
Enhanced Login Security: Even if a user's password is compromised, their account remains secure because a hacker cannot log in from another device without the 2FA code. This significantly reduces the risk of unauthorized account access.
Device and Browser Binding: Each MPC key share is uniquely bound to the specific device and browser used during its generation. This prevents the key share from being used on any other unauthorized device, even if the encrypted key share is compromised.
Organization Admin Approval: All MPC key attachments to a device require approval from the organization admin. This adds another layer of control and oversight to the key management process.
Local Storage: The passphrase, which is crucial for decrypting the MPC key share, is only stored within the user's local browser storage and any backups they create.
No Server-Side Storage: Fireblocks and TSI do not store or have access to the user's passphrase. This eliminates the risk of the passphrase being compromised from the server-side.
Decentralized Decryption: The decryption of the MPC key share using the passphrase happens exclusively within the user's local browser environment. This ensures that the passphrase is never exposed over the network or to any external parties.
Restricted API Access: Even if a hacker obtains both the encrypted MPC key share and the passphrase, they cannot initiate transactions or withdraw assets solely through API calls. TSI's security mechanisms require user interaction within the platform's interface for transaction authorization.
While TSI implements robust security measures to protect user accounts and MPC keys, users also have a responsibility to:
Securely Store Passphrase: Keep your passphrase confidential and store it securely. Consider using a password manager or other secure storage methods.
Regularly Back Up Passphrase: Create backups of your passphrase and store them in a safe location. This ensures you can recover your key share if you lose access to your primary device or browser.
Note: Although TSI takes significant measures to protect your assets, losing your passphrase will result in the permanent loss of access to your funds. It is crucial to keep your passphrase safe and secure.
To proactively monitor and safeguard our platform, we will partner with a top-tier security service provider Hypernative to implement 24/7 on-chain security analysis:
Real-Time Monitoring: Continuous surveillance of our smart contracts and wallets detects any unusual or risky activities immediately.
Immediate Response: Our team is alerted to potential threats as they occur, allowing us to take swift action to mitigate risks.
Advanced Tools: Utilizing state-of-the-art security tools and analytics, we stay ahead of potential vulnerabilities and attacks.
TSI will run a smart contract audit competition that invites top-tier security researchers and white hat hackers from around the world to review our code. This approach offers several key benefits:
Diverse Expertise: Drawing on varied backgrounds and specializations to identify vulnerabilities that might be missed in traditional audits
Incentivized Security: Offering substantial rewards for discovering critical issues, aligning incentives to maximize security
Real-world Testing: Simulating potential attack vectors in a controlled environment before deployment
Community Involvement: Building trust through transparency and open participation
The competition will run for a defined period, giving participants sufficient time to thoroughly review the code and implementation. Rewards will be tiered based on the severity of identified vulnerabilities. We will also have senior researchers review the fixed codes based on the findings to ensure the issues are properly addressed.
We believe in complete transparency regarding our security measures:
Audit reports will be made available to clients
The smart contract code will be accessible for review
Clear documentation of contract functionality and limitations
Timely communication about any security updates or changes
Through this comprehensive approach to smart contract auditing, TSI establishes a secure foundation for our institutional-grade borrowing and lending platform, providing our clients with confidence in the integrity and reliability of our settlement mechanism.
This section explains the liquidation process on the TSI platform, which occurs when a borrower's collateral value falls below a certain threshold or when a loan is not repaid by maturity, triggering a risk mitigation process to protect lenders.
TSI employs a multi-tiered Loan-to-Value (LTV) threshold system to manage risk and ensure the security of lenders' assets. These thresholds trigger specific actions at different stages, providing a structured approach to risk management.
Initial LTV (ILTV):
This is the maximum allowed LTV when a borrower places an order.
For order placement, the collateral value must be sufficient to ensure that loan LTV ≤ Initial LTV.
This threshold helps establish a safe starting point for loans with adequate collateralization.
Maintenance LTV (MTLTV):
This serves as the margin call threshold.
When loan LTV ≥ MTLTV, the TSI system automatically sends a margin call notification to the borrower.
Upon receiving this notification, borrowers must either add additional collateral or repay a portion of the loan to reduce the LTV below this threshold.
This early warning system helps prevent liquidations by prompting borrowers to take action before their position becomes too risky.
Liquidation LTV (LLTV):
This is the critical threshold that triggers the liquidation process.
When loan LTV ≥ LLTV, the liquidation protocol is automatically initiated.
The TSI system sends notifications to both the lender and borrower informing them of the liquidation.
At this point, the collateral is automatically prepared for liquidation as described in the Liquidation section.
Physical Delivery LTV (PDLTV):
This is the threshold for physical delivery of collateral.
When loan LTV ≥ 1, the physical delivery process is triggered.
The TSI system sends notifications to both the lender and borrower about this action.
This threshold represents a situation where the collateral value has fallen to or below the loan value, necessitating immediate action to protect the lender.
These LTV thresholds form a progressive risk management system that:
Provides multiple opportunities for borrowers to maintain healthy collateralization
Creates a structured approach to handling deteriorating loan positions
Ensures lenders' assets are protected through timely interventions
Maintains the overall stability and security of the TSI platform
Initial Loan-to-Value (Initial LTV or ILTV) is a critical parameter in the TSI system that helps manage risk for both borrowers and lenders. It serves as a buffer to prevent excessive risk exposure and frequent liquidations.
The ILTV represents the allowable ratio between the loan amount and the collateral value when a borrower is placing the order. This ratio is expressed as a percentage and varies depending on the market and the specific collateral type being used.
Order Placement Constraint
When a borrower places an order with collateral, the TSI system automatically checks if the order's LTV is lower than the ILTV for the specific market and collateral combination.
If the calculated LTV is equal to or higher than the ILTV, the borrower cannot place the order. The system will reject the order and prompt the borrower to either:
Increase the collateral amount
Decrease the borrowed amount
Use a different collateral type with a higher ILTV
Liquidation Completion Requirement
Whenever a liquidation is triggered, the liquidation process must result in the loan's LTV being lower than the ILTV after execution.
If the liquidation cannot reduce the LTV below the ILTV threshold, the liquidation will fail, and the system may proceed to alternative resolution methods such as physical delivery.
This requirement ensures that partial liquidations result in a healthier position rather than leaving the loan in a vulnerable state.
Each market with different collaterals has a unique Initial LTV setting based on:
The volatility of the collateral asset
The liquidity of the collateral asset
The correlation between the borrowed asset and the collateral
Market depth and trading volume
For example:
Stablecoin collateral for stablecoin borrowing might have a higher ILTV (e.g., 90%)
Volatile cryptocurrency collateral for stablecoin borrowing might have a lower ILTV (e.g., 70%)
Reduced Liquidation Frequency: By maintaining a buffer between the current LTV and liquidation threshold, the system reduces the likelihood of frequent liquidations due to minor market fluctuations.
Enhanced System Stability: ILTV helps maintain overall platform stability by preventing excessive risk accumulation.
Improved User Experience: Borrowers benefit from clearer risk parameters and reduced chances of unexpected liquidations.
Protection for Lenders: Ensures that loans are adequately collateralized, providing greater security for lenders' funds.
The ILTV mechanism works alongside other risk management features in TSI to create a robust and secure borrowing and lending environment.
The Maintenance Loan-to-Value (MTLTV) ratio is a critical risk management threshold within TSI's lending ecosystem. It serves as an early warning system for both borrowers and lenders, triggering proactive measures before a position approaches liquidation.
The Maintenance LTV represents the threshold at which a loan is considered at risk but still salvageable before liquidation procedures begin. When a loan's LTV ratio reaches or exceeds the MTLTV (e.g., set at 0.8 or 80%), the TSI system automatically initiates a margin call process.
When a loan's LTV crosses the MTLTV threshold, the following actions are taken:
Automated Notifications: Both the borrower and lender receive immediate notifications through the TSI platform, alerting them to the margin call situation.
Required Actions for Borrowers: The borrower must take one of the following actions to reduce their LTV ratio below the MTLTV threshold:
Add Collateral: The borrower can deposit additional collateral to increase the collateralization ratio and decrease the LTV.
Partial Repayment: The borrower can choose to repay a portion of the loan to reduce the outstanding debt and lower the LTV ratio.
Real-Time Dashboard: The TSI platform provides real-time visibility into the current LTV of all active loans, allowing borrowers to monitor their positions proactively.
Proximity Alerts: The system can also be configured to send alerts when a loan's LTV approaches the MTLTV, giving borrowers additional time to take preventive measures.
Liquidation Triggers: The liquidation process can be initiated under two conditions:
Collateral Value Decline: If the current Loan-to-Value (LTV) ratio rises above the predefined liquidation threshold (liquidation LTV or LLTV). For example, if the liquidation LTV is set at 85%, liquidation would be triggered when the loan value becomes greater than 85% of the collateral value.
Maturity Default: If the borrower fails to repay the loan before the maturity time.
Market Monitoring: The TSI system continuously monitors both the market price of collateralized assets and loan maturity dates.
Notification:
Margin Call: When the LTV ratio approaches the risk threshold MTLTV but has not yet reached the liquidation trigger, the TSI system will send a margin call notification to the borrower, alerting them to add more collateral or partially repay the loan to avoid liquidation.
Liquidation Notice: If the LTV crosses the liquidation threshold or the loan reaches maturity without repayment, all relevant parties (lender and borrower) are notified of the impending liquidation.
Liquidation Process Initiation:
The whitelisted liquidator (bot) initiates the liquidation by:
Approving to transfer the debt to the lender
Calling the smart contract to execute the liquidation
Smart Contract Execution:
The smart contract orchestrates the asset transfers according to the predetermined priority order:
Transfers the liquidated collateral payment (less reward) to the lender, covering their principal and interest
Transfers the collateral being liquidated to the liquidator
If sufficient funds remain, transfers the penalty fee to TSI
Returns any remaining collateral to the borrower
Distribution Priority:
Lenders receive first priority to recover their principal and interest
Liquidators receive their reward for executing the liquidation
TSI receives the penalty fee (if sufficient funds remain)
Borrowers receive any remaining collateral after all other obligations are satisfied
Automated Process: The entire liquidation is executed through smart contracts with no manual intervention required:
The collateral is automatically unlocked in the lender's wallet based on their pre-approval during loan creation
The liquidator swaps the collateral for debt tokens at a discount
All transfers occur directly between wallets, not through an intermediary
Transaction Monitoring: All parties can monitor the status of the liquidation transactions in the Transfers page.
In situations where liquidation occurs near the loan maturity time, the liquidation process takes precedence over the standard repayment process. The smart contract ensures that either the liquidation or the repayment is completed, but not both.
The TSI system calculates a penalty to be applied during the liquidation process. This penalty ensures fairness and incentivizes timely actions. The calculation steps are as follows:
Debt USD Value:
Debt USD Value = Debt Amount * Debt Price
This step determines the current USD value of the outstanding debt.
Discounted Collateral Price:
Discounted Price = Collateral Price * Discount Factor
Where Discount Factor = 0.97 (or the designated parameter)
This step calculates a discounted price for the collateral to account for potential market slippage during liquidation.
Collateral Amount to be Liquidated:
Collateral Amount to Liquidate = Debt USD Value / Discounted Price
This step determines the amount of collateral needed to cover the debt, considering the discounted price.
Estimated Maximum Collateral Sale Price:
Maximum Collateral Sale Price = Debt USD Value / Collateral Price
This step calculates the maximum price of collateral that would ideally be sold if there were no discounting.
Penalty Amount:
Collateral Difference = Collateral Amount to Liquidate - Maximum Collateral Sale
This step calculates the difference between the actual collateral liquidated and the ideal amount.
Penalty Amount = Collateral Difference * Protocol Penalty Factor
Where Protocol Penalty Factor = 0.2 (or the designated parameter)
This step applies the penalty factor to the collateral difference to determine the final penalty amount.
In certain scenarios where the standard liquidation process cannot be completed successfully, TSI implements a physical delivery mechanism to protect lenders and ensure they receive compensation. Physical delivery transfers the borrower's collateral directly to the lender as a form of settlement.
It's important to understand why standard liquidation might fail. Typically, liquidation bots will not perform liquidation when they determine there's no profit to be made, especially when the price of collateral has dropped dramatically. In such cases, the cost of executing the liquidation (including gas fees and operational costs) may exceed any potential profit from the price differential, making liquidation economically unfeasible for the bots. This is a key reason why the physical delivery mechanism exists as a failsafe.
Physical delivery is triggered under two specific conditions:
Default at Maturity
If the borrower fails to repay the loan before the maturity time, liquidation is automatically triggered.
If no liquidation bot successfully completes the liquidation process within a 2-hour liquidation window after triggering, the system will initiate physical delivery.
The collateral is transferred directly from the borrower to the lender as compensation for the unpaid debt.
Physical Delivery LTV (PDLTV) Threshold
If at any time before the borrower repays the debt, the Loan-to-Value (LTV) ratio reaches or exceeds the PDLTV, physical delivery will be triggered.
The PDLTV is set to 100% or 1 by default.
This situation occurs when the value of the collateral falls to or below the value of the loan, making liquidation impractical or impossible.
The system bypasses the standard liquidation process and initiates direct transfer of the collateral from the lender to the borrower.
Notification: Both the borrower and lender are immediately notified when physical delivery is triggered.
Automatic Transfer: The TSI system and the smart contract automatically executes the transfer of collateral from the lender's wallet to the borrower's wallet.
Debt Settlement: Upon completion of the physical delivery, the loan is considered settled, and the borrower's debt obligation is fulfilled.
Transaction Recording: The physical delivery transaction is recorded in both parties' transfer histories for transparency and record-keeping.
Automatic Process: All collateral transfers during liquidation are executed automatically based on your pre-approval during loan creation. No action is required from you.
Debt Recovery: The liquidation process prioritizes returning your principal and interest first before distributing any remaining value to other parties.
Potential for Loss: While liquidation aims to protect lenders, there is still a potential for loss if the collateral value depreciates significantly during the liquidation process.
Physical Delivery Benefit: The physical delivery mechanism provides additional protection by ensuring you receive the collateral directly if standard liquidation fails, allowing you to manage the asset according to your own strategy.
Monitoring: While the process is automated, it's good practice to monitor your loan positions to stay informed of any liquidation events.
Liquidation Prevention: Maintain a healthy collateralization ratio by either adding more collateral or partially repaying your loan when market conditions change.
Repayment Deadline: Ensure loan repayment is completed before the maturity time to avoid automatic liquidation.
Loss of Collateral: In the event of liquidation, you may lose some or all of your collateral. If physical delivery is triggered, your entire collateral will be transferred to the lender.
Threshold Monitoring: The TSI platform provides tools to monitor your position's health and proximity to liquidation thresholds.
Remaining Value: If your collateral value exceeds the debt amount plus liquidation costs, you'll receive the remaining value back after the liquidation is complete.
Eliminating Single Points of Compromise
TSI employs a multi-layered security architecture designed to eliminate single points of compromise and protect digital assets. This architecture combines user-side security measures, robust infrastructure protection, and the advanced cryptography of Multi-Party Computation (MPC).
User/Admin Account Security:
Two-Factor Authentication (2FA): Both User and Admin accounts are protected by 2FA. The configuration of 2FA is enforced in the registration process. This requires users to provide two forms of authentication (a time-based code from an authenticator app), significantly reducing the risk of unauthorized access due to compromised credentials.
Device Binding: Trader/Liquidator accounts are bound to specific devices. This adds another layer of security by preventing access from unauthorized devices, even if credentials are compromised.
User-Side Key Management (Trader/Liquidator/Admin):
Passphrase and Local Storage: A user's passphrase is generated in their browser and the passphrase is used to decrypt their encrypted key share (#2). This encrypted key share is stored locally within the user's browser. This local storage minimizes the risk of server-side key compromise.
Decryption: The passphrase is only used for local decryption and is never transmitted over the network. This protects the passphrase from interception.
Multi-Party Computation (MPC) with Fireblocks:
2-of-2 MPC Signature: TSI utilizes a 2-of-2 MPC scheme, meaning two key shares are required to sign any transaction. One key share (#2) is held by the user (as described above), and the other key share (#1) is securely managed by Fireblocks within a secure enclave using Intel SGX.
Fireblocks Server and Verification: The Fireblocks server plays a crucial role in the MPC process. It co-signs transactions with the user's key share, ensuring that no transaction can be executed without both parties' agreement. The Fireblocks server also handles transaction verification. This prevents unauthorized or fraudulent transactions.
Infrastructure Security:
AWS (Amazon Web Services): TSI's infrastructure is hosted on AWS, benefiting from their robust security measures, including physical security, network security, and access control.
AWS Secrets Manager: Sensitive information, such as the Fireblocks API key, is securely stored and managed using AWS Secrets Manager. This prevents unauthorized access to these critical credentials.
TSI Server and Whitelisted IPs: The TSI server's IP addresses are whitelisted to Fireblocks' server. This limits access to authorized systems and reduces the attack surface.
TSI understands that some users may prefer to manage their own private keys or may need to migrate their assets off the platform. To accommodate this, TSI offers a "Full Key Recovery" feature, powered by Fireblocks' Embedded Wallet solution. This feature allows users to export their full cryptographic keys and take complete control of their assets.
Key Export: Users can initiate the key export process within the TSI platform. This will generate and display the user's full private key.
Key Import: Users can then import this key into any compatible third-party wallet application that supports private key imports, such as MetaMask for Ethereum. This gives users full control and ownership of their assets outside the TSI platform.
Irreversible Action: It is crucial to understand that exporting the full private key is an irreversible action. Once the key is exported, it cannot be re-imported back into TSI as two separate key shares. This means that users who export their keys will no longer be able to use the TSI platform with those specific assets.
Security Implications: Exporting the full private key comes with significant security implications. Users become solely responsible for the security and management of their keys. TSI strongly recommends that users exercise caution and take all necessary precautions to protect their keys from unauthorized access or loss.
This feature is particularly useful in the following scenarios:
Leaving TSI: If a user decides to stop using TSI, they can export their keys to maintain control of their assets.
Platform Discontinuation: In the unlikely event that TSI or Fireblocks discontinues its services, users can export their keys to ensure continued access to their funds.
ECDSA and EdDSA Keys: Fireblocks Embedded Wallet supports both ECDSA and EdDSA keys, which are used for different blockchain networks. TSI provides clear instructions and tools for exporting and importing both types of keys.
Compatibility: The exported keys are compatible with a wide range of popular third-party wallets.
Security: The key export process is designed with security in mind, ensuring that the private key is only displayed to the authorized user and is not transmitted over the network.
Note: TSI encourages users to carefully consider the security implications before exporting their full private keys. Once the keys are exported, TSI cannot assist in their recovery or management.
TSI understands the importance of business continuity and asset accessibility, even in unforeseen circumstances. To address potential disruptions, TSI provides a disaster recovery plan with Fireblocks' tool kit, ensuring that your assets remain secure and accessible even if Fireblocks' services become unavailable.
Fireblocks provides a Disaster Recovery Kit that allows TSI to regenerate the Fireblocks key share (Key Share #1) in the event that Fireblocks ceases to exist or experiences a significant service disruption. This kit is designed to ensure that users can still access and manage their funds, even if Fireblocks is no longer operational.
Kit Generation: After TSI's onboarding with Fireblocks, a Disaster Recovery Kit is generated. This kit contains the master key of the Fireblocks workspace, which is essentially a seed used to generate key shares.
Encryption and Storage: The kit is encrypted using a public key provided by TSI and then securely transmitted to TSI. TSI stores this encrypted kit separately from the corresponding private key.
Key Reconstruction: In a disaster recovery scenario, TSI uses the Fireblocks Recovery Tool and the following components to reconstruct the necessary key share:
The encrypted Disaster Recovery Kit
The corresponding RSA private key
The wallet identifier of the specific wallet being recovered
With this information, the Fireblocks Recovery Tool can decrypt the kit, use the wallet identifier, and generate the corresponding Key Share #1.
Once TSI has recovered Fireblocks' key share (#1), users can combine it with their own key share (#2) to reconstruct their full private key. This allows them to access and manage their funds independently of the TSI platform, if necessary.
The Disaster Recovery Kit is designed specifically for recovering Fireblocks' key share. Users are still responsible for securely storing their own key share (#2) and passphrase.
TSI will communicate the disaster recovery process to users in the event of a Fireblocks service disruption.
This process ensures that users maintain access to their funds even in unforeseen circumstances, demonstrating TSI's commitment to security and business continuity.
The organization admin can create wallets and invite users to the organization account.
The organization admin can generate MPC key.
Reference:
Reference:
Select Wallet: Choose the wallet from which you want to initiate the borrow order.
Select Market: Select the market you wish to borrow from. The market specifies the borrowed token, network, and maturity date (e.g., USDC-ETH-31 JAN 2025).
Input Borrowing Rate: Enter the desired interest rate at which you want to borrow. This rate will be used to match your order with lending orders.
Input Borrow Amount: Specify the amount of tokens you want to borrow.
Select Collateral: Choose the collateral you want to use to secure the loan. This includes specifying the token and network (e.g., USDC-Ethereum).
Input Collateral Amount: Enter the amount of collateral you want to provide. The required collateral amount depends on factors like the Loan-to-Value (LTV) ratio, borrowed amount, borrowed token, and collateral token. TSI uses over-collateralization to protect lenders and mitigate liquidation risk.
Input Minimal Matched Amount (Optional): Enter the minimum amount you want your order to be matched with. Your borrow order may be fulfilled by multiple lend orders. If this field is left empty, the system's default value will be applied.
Capital Efficiency: When placing a borrow order, you only need to have 1/10 (the ratio varies depending on TSI policy) of the total collateral amount available in your wallet. The full amount will only be required if your order is matched.
Order Submission: After submitting the order, it enters a waiting state to be matched with a suitable lend order.
Order Matching Process:
When your order is matched, you'll receive a notification.
If you're the taker (your order matched with an existing order), you have 30 minutes to accept and sign.
If you're the maker (you placed your order first), you have 11.5 hours to accept the matched loan and sign the transaction.
The full collateral amount must be available in the borrower's wallet when accepting the matched order.
The full lent amount must be available in the lender's wallet when accepting the matched order.
Failure to accept and sign within the timeframe will result in order cancellation.
If the counter party doesn't accept the matched order and sign transactions, your collateral remains in your wallet and the matched order is revoked. The counter party should pay the penalty (1% of the lent amount token) and 80% of the penalty will be sent to you. The ratio and distribution of penalty varies depending on TSI policy.
Transaction Fee: When the loan is transferred, you'll receive the borrowed amount minus the borrower's transaction fee (for TSI).
Collateral Status: After you transfer the collateral to the lender's wallet, it becomes locked and cannot be withdrawn by the lender, ensuring your collateral is secure.
Collateral Management: During the loan period, you can add more collateral to improve your position or remove excess collateral if your position allows.
Loan Repayment: Before the maturity date, you must repay the loan principal plus accrued interest to the lender. After receiving the repayment, the smart contract will facilitate the return of your collateral.
Non-Repayment Consequences: If you fail to repay by maturity, the liquidation process will be triggered, and your collateral may be liquidated to repay the lender.
Select Wallet: Choose the wallet from which you want to initiate the lend order.
Select Market: Select the market you wish to lend to. The market specifies the token, network, and maturity date.
Input Lending Rate and Amount: Enter the desired interest rate at which you want to lend and the amount of tokens you wish to lend.
Select Accepted Collateral Tokens: Choose the collateral tokens you are willing to accept for your loan. This allows you to evaluate the risk of different collaterals and manage your lending preferences. Different collateral-borrowed token pairs have different LTV values.
Input Minimal Matched Amount (Optional): Enter the minimum amount you want your order to be matched with. Your lend order may be fulfilled by multiple borrow orders. If this field is left empty, the system's default value will be applied.
Capital Efficiency: When placing a lend order, you only need to have 1/10 of the total lending amount available in your wallet. The full amount will only be required if your order is matched.
Order Submission: After submitting the order, it enters a waiting state to be matched with a suitable borrow order.
Order Matching Process:
When your order is matched, you'll receive a notification.
If you're the maker (you placed your order first), you have 11.5 hours to accept the matched loan and sign the transaction.
If you're the taker (your order matched with an existing order), you have 30 minutes to accept and sign.
The full lending amount must be available in your wallet when accepting the matched order.
Failure to accept and sign within the timeframe will result in order cancellation and penalties.
If the counter party doesn't accept the matched order and sign transactions, your funds remain in your wallet and the matched order is revoked. The counter party should pay the penalty (1% of the lent amount token) and 80% of the penalty will be sent to you. The ratio and distribution of penalty varies depending on TSI policy.
Transaction Fee: When transferring the loan, you'll need to transfer both the borrower's transaction fee (deducted from the loan you transfer to the borrower) to TSI and pay your own lender transaction fee.
Collateral Receipt: After the borrower transfers the collateral to your wallet, it becomes locked and cannot be withdrawn by you, ensuring the borrower that their collateral is secure.
Conditional Collateral Transfers: You'll authorize the smart contract to conditionally execute collateral transfers for repayment, liquidation, and collateral removal processes.
Loan Repayment: At maturity, the borrower will repay the loan principal plus accrued interest to your wallet. Upon receiving the repayment, the smart contract will facilitate the return of the collateral to the borrower.
Non-Repayment Actions: If the borrower fails to repay by maturity, the liquidation process will be triggered automatically, and the collateral will be liquidated to ensure you receive your principal and interest.
TSI employs a secure and efficient on-chain settlement process to manage token transfers and guarantee the fulfillment of matched orders. This process utilizes smart contracts to minimize counterparty risk and ensure that both borrowers and lenders fulfill their obligations.
Real-Time Matching and Notifications:
Orders are matched in real-time on the TSI platform.
Both the lender and borrower are immediately notified of matched orders and can view the details in their respective consoles.
On-Chain Settlement Process:
Role-Based Timeline:
The order taker (whether borrower or lender) has 30 minutes to accept the matched loan and sign the transaction.
The order maker (whether borrower or lender) has 11.5 hours to accept the matched loan and sign the transaction.
Peer-to-Peer Transfers:
Assets are NOT transferred to the contract. The transaction is peer-to-peer directly between users' wallets.
The smart contract only approves and orchestrates these transfers.
The taker initiates by signing a transaction to transfer assets to the maker.
The maker then signs a transaction to transfer their assets to the taker.
Smart Contract Execution:
The smart contract's detector function confirms both parties have signed transactions.
Only after confirmation of both signatures does the contract trigger the actual transfers:
Transfers the loan from lender to borrower (minus the borrower's transaction fee)
Transfers the collateral from borrower to lender
Transfers the transaction fees to TSI
Order Revocation and Penalties:
If either party fails to sign their transaction within the designated timeframe, the matched order is revoked.
The party who failed to sign will be subject to a penalty (typically 1% of the lent amount).
80% of this penalty is distributed to the counterparty who did sign, and 20% goes to TSI.
The penalty percentages may vary based on TSI's policy.
Lender's Collateral Management:
Collateral Transfer and Locking: When collateral is transferred to the lender's wallet, it becomes locked and cannot be withdrawn by the lender.
Smart Contract Authorization with 10x Buffer:
Lenders authorize the smart contract to manage collateral by approving a transfer allowance of 10 times the initial collateral amount.
This 10x buffer is a strategic design choice that eliminates the need for additional approvals when the borrower adds more collateral or when the collateral value fluctuates.
The increased approval limit ensures seamless execution of all collateral-related operations without requiring the lender to sign multiple transactions throughout the loan lifecycle.
The approval is specific to each collateral token and cannot be used for any other purpose than managing the designated loan's collateral.
Smart contract logic ensures that approvals can only be utilized for legitimate loan operations (repayment, liquidation, or collateral adjustment).
Lenders authorize the smart contract to conditionally execute collateral transfers for:
Repayment: When the borrower repays the debt, the smart contract transfers the collateral from the lender's wallet to the borrower's wallet.
Liquidation: If liquidation is triggered, the smart contract transfers the collateral from the lender's wallet to the liquidator and transfers the equivalent debt value from the liquidator to the lender.
Collateral Adjustment: When the borrower adds or removes collateral, the smart contract manages these transfers between wallets.
Transaction Monitoring:
Both lenders and borrowers can monitor the status of their transactions within their TSI console.
The platform provides real-time updates on the status of each transfer, including:
Pending: The initial state when a transfer is created but not yet processed.
Waiting for Start: The transfer has been validated and is ready to be initiated.
Waiting for Signature: The transfer is awaiting necessary signatures or approvals.
Failed: The transfer encountered an error and could not be completed.
Revoked: The transfer was revoked due to non-fulfillment.
In Progress: The transfer is currently being processed and executed.
Completed: The transfer has been successfully executed and finalized.
Capital Efficiency:
Users only need 1/10 of the order amount when placing orders.
Full funds are only required when accepting and signing a matched order.
This design maximizes capital utilization while maintaining system security.
When a matched order is not fulfilled by the counterparty, the following penalty process applies:
Order Revocation: If the counterparty fails to accept the matched order and sign the required transactions within the designated time window, the matched order is automatically revoked. Your assets (collateral or lending amount) remain secure in your wallet.
Penalty Assessment: The non-compliant counterparty incurs a penalty for order rejection:
For Lenders: 1% of the lending amount in the matched order
For Borrowers: 1% of the collateral value in the matched order
Penalty Distribution:
80% is awarded to the compliant party (you) as compensation for the opportunity cost and inconvenience
20% is allocated to TSI as a platform fee
Penalty Collection Process:
The TSI system initiates a penalty transfer transaction that requires the non-compliant party's signature
The non-compliant party must sign this penalty transfer before they can withdraw their remaining locked assets (lending tokens or collateral) corresponding to the matched order
This mechanism ensures the penalty is properly collected before allowing further asset movement
Policy Flexibility: The exact penalty percentages and distribution ratios may be adjusted according to current TSI policies.
This penalty system helps maintain market integrity by discouraging frivolous order placements and ensuring participants honor their matched orders, creating a more reliable trading environment for all users.
TSI prioritizes the security of its cloud infrastructure to ensure the availability, integrity, and confidentiality of its platform and user data. We employ a comprehensive set of security measures across various layers, including network security, access control, vulnerability management, and secure configuration.
DDoS Protection: TSI utilizes AWS WAF (Web Application Firewall) and CloudFront to mitigate Distributed Denial of Service (DDoS) attacks, ensuring platform availability even under high traffic loads.
Rate Limiting: Rate limiting is implemented to prevent abuse and further mitigate potential DDoS attacks by restricting the number of requests from any single source.
DNSSEC: DNSSEC (Domain Name System Security Extensions) is enabled to protect against DNS spoofing and ensure the integrity of DNS records, preventing users from being redirected to malicious websites.
VPC and Security Groups: TSI utilizes Virtual Private Clouds (VPCs) for secure network segmentation and implements strict security group rules to control traffic flow within the network. This limits the impact of potential breaches and isolates sensitive components.
IAM User Policies: Fine-grained IAM (Identity and Access Management) user policies are implemented to enforce the principle of least privilege. This ensures that users and services only have access to the resources they need to perform their tasks, minimizing the potential damage from compromised credentials.
Penetration Testing: TSI regularly conducts penetration testing to identify and address potential vulnerabilities. All identified vulnerabilities are promptly remediated to maintain a high level of security.
Static Application Security Testing (SAST): SonarQube is integrated into the CI/CD pipeline to perform static code analysis and detect security vulnerabilities early in the development process. This helps prevent vulnerabilities from reaching production.
Docker Image Scanning: Regular vulnerability scans are performed on Docker images stored in AWS ECR (Elastic Container Registry) to ensure that containerized applications are free from known security flaws.
Email Security: Anti-spoofing mechanisms, including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance), are implemented to protect email integrity and prevent spoofing attacks.
Secret Keys Management: TSI utilizes AWS Secrets Manager to securely store and manage sensitive credentials, such as API keys and database passwords. These secrets are fetched directly within the CI/CD pipeline, minimizing the risk of exposure.
TSI is committed to continuously improving its security posture and implementing industry best practices to protect user data and platform integrity.
After the organization admin invite a user (trader or liquidator), the user can join organization and generate his/her own MPC key share.
