Architecture Overview#

TetraFi is a non-custodial, compliance-first settlement protocol for institutional stablecoin OTC. Competing solvers bid on orders via sealed RFQ auctions. Funds never touch TetraFi's wallets - all settlement executes through on-chain escrow with atomic DvP.

TetraFiisanintentcoordinationlayer-itacceptsuserintents,runscompetitivesolverauctions,enforcescompliance,andcoordinatessettlement.Howsolverssourceliquidityisthesolver'sproblem,notTetraFi's.TetraFi is an intent coordination layer - it accepts user intents, runs competitive solver auctions, enforces compliance, and coordinates settlement. How solvers source liquidity is the solver's problem, not TetraFi's.

Each layer evolves independently. New settlement primitives or solver networks plug in without changing the intent format.

Six stages: RFQ & Auction → Escrow Lock → Solver Fill → Oracle Proof → Claim / Refund → WORM Audit (Compliant path only).

See Settlement Flows for the canonical lifecycle with diagrams, state machine, and per-stage contract calls.

Every trade is a typed StandardOrder - inputs on origin chain, desired outputs on destination chain. Orders are signed off-chain via EIP-712 and submitted on-chain to trigger escrow.

1interface StandardOrder {
2  user: string;              // Taker wallet
3  originChainId: number;     // Origin chain
4  expires: number;           // Refund deadline
5  fillDeadline: number;      // Solver must fill before this
6  inputs: [string, string][]; // [token, amount] on origin
7  outputs: MandateOutput[];  // Desired outputs on destination
8}

See Smart Contracts for full StandardOrder and MandateOutput interfaces.

The TetraFi aggregator (POST /api/v1/quotes) fans out each RFQ to all registered solvers simultaneously with configurable timeout and early termination (once min_quotes received). Quotes are ranked, the winning solver's settlement path is injected (Compliant or Direct based on API key presence), and the order is returned ready for on-chain submission.

The ComplianceRegistry is an on-chain smart contract that stores compliance attestations for all participants. Both solvers and takers must have valid entries before trading.

Each attestation stores: jurisdiction, tier (Retail / Professional / Institutional), expiry, and KYC vendor hash. Non-compliant addresses are rejected at the contract level. Every trade generates an immutable WORM audit record - hash-chained, append-only, tamper-proof. See Compliance Architecture for full details including settlement path routing, Travel Rule, and KYC/KYB onboarding.

TetraFi supports cross-chain settlement via ERC-7683 settlement intents:

• Ethereum (mainnet + Sepolia testnet)
• Optimism (mainnet + Sepolia testnet)
• Base (mainnet + Sepolia testnet)
• Arbitrum (One mainnet + Sepolia testnet)

Cross-chain pairs are identified by corridor (e.g., ethereum-optimism) and must have solver coverage on both sides.

7 oracle implementations: Hyperlane (default for EVM L2 corridors), LayerZero, Wormhole (cross-VM), Polymer (ZK-proof), PolymerMapped, Broadcaster (ERC-7888), and Bitcoin (SPV). All implement the same IInputOracle interface - drop-in replacement per corridor.

See Cross-Chain Settlement for oracle comparison and corridor recommendations.

On-chain: None → Deposited → Claimed | Refunded (4 states, enforced by InputSettler contract).

Off-chain solver engine tracks a 9-state lifecycle for operational monitoring - from Discovered through Completed. Each transition emits a SolverEvent. See Settlement Flows for the full order lifecycle diagram.

Three lock mechanisms for escrowing funds: ResourceLock (output-first via The Compact, 0xff), Permit2Escrow (input-first, 0x00), and EIP-3009Escrow (gasless stablecoins, 0x01). Funds are released only when the oracle proves the fill - or refunded on timeout.

See Settlement Flows for the full lock type comparison, settlement path routing, and order types.