How It Works - The Core Architecture
Sequential Approval Layers
Your account isn't a single multisig. It's a configurable chain of independent approval checkpoints.
Owner's Account
Your institutional account
Operations Layer
3 signers, need 2-of-3
+ 2 hours timelock
Compliance Layer
2 signers, need 2-of-2
+ 4 hours timelock
Executive Layer
1 signer, need 1-of-1
+ 24 hours timelock
Click on any level to see details. Transaction must satisfy each level's quorum AND timelock before progressing.
Amount-Based Dynamic Configuration
Different Transactions, Different Security
The same account adapts its approval requirements based on transaction value.
Level 1: Operations
Level 2: Compliance
Four Key Features That Enable Defense in Depth
Feature 1: Configurable Signers Per Level
Signers can be anyone: internal teams, external compliance providers, sub-custodians, auditors, or any combination. Each level operates independently for true isolation.
Internal Teams
Operations, Treasury, Executive
- • Alice (Operations)
- • Bob (Treasury)
- • Carol (Executive)
External Compliance
Chainalysis, Elliptic, TRM Labs
- • Chainalysis
- • Elliptic
- • TRM Labs
Sub-custodians
Banking partners
- • Bank A
- • Bank B
Auditors
Oversight committees
- • Audit Firm X
- • Oversight Board
Any Combination
Custom configurations
- • Mix and match as needed
Key benefit: Compromising operations staff doesn't give access to compliance credentials. Compromising Level 2 doesn't breach Level 3.
Feature 2: Time-Locked Progression
Why timelocks matter:
After Level 1 reaches quorum → Wait 2 hours → Level 2 can begin signing
This isn't a delay. It's a fraud detection window.
What happens during timelock:
- • Automated monitoring systems scan for suspicious patterns
- • Compliance teams review transaction context
- • Any authorized party can still veto if fraud detected
- • Internal controls have time to flag anomalies
"In 2023, the average time to detect account takeover was 14 hours. Time-locked progression gives your security systems breathing room."
Example timeline:
Level 1 begins review
2-hour timelock starts
Compliance review starts
4-hour timelock starts
Executive review starts
24-hour timelock starts
Final execution
Total review window: 37 hours — Sufficient time for every independent party to investigate, verify, and respond.
Feature 3: Veto Power at Any Level
Negative signaling:
Any signer at any level can immediately cancel the transaction.
Standard multisig:
"We need 5 approvals to proceed"
Problem: Signers just wait to see if threshold is met
This system:
"Any of 9 people can deny"
Benefit: Every signer actively reviews, knowing they have veto power
How it works:
"If anyone at any level denies, the transaction stops immediately — no matter how many previous approvals."
Use cases for veto:
- • Compliance provider flags sanctioned address
- • Operations team spots unusual transaction pattern
- • Executive notices unauthorized amount
- • Monitoring system detects anomalous behavior
Feature 4: On-Chain Privacy
What the public blockchain sees:
What your internal dashboard shows:
Key benefit: Approver identities remain private on-chain. No public exposure of your organizational structure or approval hierarchy.
Attackers can't identify which addresses to target or social engineer based on public blockchain data.
Real-World Transaction Flow
Scenario: Treasury needs to move $500,000 USDC to a vendor
Transaction Proposed
Awaiting Level 1 approval
Amount: $500,000 USDC
Destination: 0x742d35Cc...
Proposed by: Operations Team
Required path: Level 1 → Level 2 → Level 3
Level 1 Review (Operations)
2-of-3 signers needed
Level 1 Timelock
2 hours remaining
Level 2 Review (Compliance)
2-of-2 signers needed
Level 2 Timelock
4 hours remaining
Level 3 Review (Executive)
1-of-1 signer needed
Final Timelock & Execution
Transaction executes
Why This Works - The Defense in Depth Guarantee
See how attacks fail against multi-level isolation, timelocked review windows, and veto power.
The Math of Defense in Depth
Standard 5-of-9 multisig:
- • Breach 5 signers = 100% compromise
- • All signers in one layer
- • Single point of failure (just need 5)
This system (for $500k transaction):
- • Must breach: 2-of-3 at Level 1 AND 2-of-2 at Level 2 AND 1-of-1 at Level 3
- • Minimum signers to compromise: 5 independent parties
- • BUT: They're across isolated systems, different organizations, different security models
- • PLUS: Must evade 30+ hours of monitoring windows
- • PLUS: Any single honest signer can veto
Probability comparison:
- • Standard multisig: Breach 5 of 9 people
- • This system: Breach 5 of 6 people ACROSS 3 isolated organizations AND evade 30 hours of monitoring
The difference is isolation, not just numbers.
Fully Configurable for Your Institution
Configure approval levels, signers, quorums, timelocks, and amount-based rules to match your institution's requirements. All configuration changes require existing multi-level approval for security.
Configure Approval Levels
Amount-Based Rules
Optional: Configure different approval flows for different transaction amounts
Your Configuration
Level 1
Built on Battle-Tested Foundations
Core components based on Safe's proven patterns:
- ✓ Signature verification logic
- ✓ Owner management system
- ✓ Transaction execution framework
- ✓ Off-chain signature collection
- ✓ Gas-optimized operations
Extended with institutional requirements:
- ✓ Multi-level sequential progression
- ✓ Amount-based runtime configuration
- ✓ Time-locked checkpoints
- ✓ Veto/deny capability
- ✓ Privacy-preserving on-chain design
Comparison - Traditional vs. This System
| Feature | Standard Multisig | Safe | This System |
|---|---|---|---|
| Approval structure | Single layer | Single layer | ✓ Multi-level sequential |
| Amount-based rules | ❌ Fixed threshold | ❌ Fixed threshold | ✓ Dynamic per amount |
| Time-locked review | ❌ None | ⚠️ Optional delay | ✓ Per-level timelocks |
| Veto capability | ❌ Only via lack of approval | ❌ Only via lack of approval | ✓ Explicit deny at any level |
| Sequential progression | ❌ All parallel | ❌ All parallel | ✓ Must complete level N before N+1 |
| Independent isolation | ❌ All signers equal | ❌ All signers equal | ✓ Each level independent |
| Configurable hierarchy | ❌ Flat structure | ⚠️ Via nested Safes | ✓ Native multi-level |
| Signer flexibility | ✓ Any address | ✓ Any address | ✓ Any address + role separation |
| On-chain privacy | ⚠️ Public addresses | ⚠️ Public addresses | ✓ Anonymous signers |
Why Institutions Choose This
Asset Manager
$2B+ in tokenized securities under custody
Regulators require tiered approval, separation of duties, audit trails, and review windows. Standard multisig couldn't meet these requirements. This system provides:
- • Tiered approval based on transaction size
- • Independent compliance review (external providers)
- • 24-hour review window for high-value transfers
- • Complete audit trail on-chain
Digital Asset Bank
Multi-jurisdictional operations with external compliance
Operations team (internal), compliance providers (Chainalysis + Elliptic), and executives (different jurisdictions) need sequential review with isolation. This system enables:
- • Sequential approval (not simultaneous)
- • Isolation between operations, compliance, and executive layers
- • Different approval rules for $5k vs $5M transactions
- • Mapping to traditional banking workflows
Tokenization Platform
50+ real estate projects with varying requirements
Each project has different investor protection requirements, regulatory jurisdictions, and approval hierarchies. This system provides:
- • Per-project configuration (one account per project)
- • Custom approval flows matching project requirements
- • Flexible timelocks for redemption windows
- • Scalable to hundreds of projects
Frequently Asked Questions
Getting Started
Configuration Design
Work with our team to design your approval hierarchy: number of levels, signers per level, quorum requirements, timelocks, and amount-based thresholds.
Deployment & Verification
Smart contracts are deployed to your chosen network, verified on block explorers, and integrated with our management interface.
Signer Onboarding
Onboard signers, distribute keys, conduct training sessions, and run test transactions to ensure everyone understands the process.
Total timeline: 2-4 weeks from contract signing to production deployment. Complex configurations or regulatory requirements may extend this timeline.
Banking-Grade Security, Blockchain Speed
The Bottom Line
For the first time, institutions can use blockchain without compromising on security architecture.
What you get:
- ✓ Defense in depth: Multiple isolated approval layers
- ✓ Adaptability: Same account handles $1k and $10M with appropriate security
- ✓ Real review windows: Time-locked progression catches fraud
- ✓ Regulatory compliance: Separation of duties, audit trails, tiered authorization
- ✓ Battle-tested foundations: Built on proven smart contract patterns
What you don't compromise:
- ✓ Self-custody (no trusted third parties)
- ✓ Blockchain settlement speed (execution is still instant once approved)
- ✓ Transparency (full audit trail on-chain)
- ✓ Composability (works with any DeFi protocol or tokenized asset)
This is how $10 trillion in traditional assets will move on-chain.