Skip to main contentSkip to FAQSkip to contact
For SolversHands-on· 20 min

Custody & Signing#

Any backend producing an ecrecover-compatible EIP-712 signature works - Fireblocks, AWS KMS, hardware wallets, or raw keys.

Escrow Path#

Signature authorizes locking funds in InputSettlerEscrow via open()

Compact Path#

Signature authorizes allocating funds from TheCompact via allocator co-sign

Never expose private keys in client-side code. All signing must happen server-side or in a secure enclave.

Choose Your Provider#

Production MPC signing, institutional-grade.

  1. Configure Fireblocks vault with EVM wallet
  2. Build EIP-712 typed data hash from StandardOrder
  3. Submit to Fireblocks Raw Signing API
  4. MPC nodes co-sign → return signature
  5. Submit signed order to TetraFi
TypeScript
1const fireblocks = new FireblocksSDK(apiSecret, apiKey);
2const hash = hashTypedData(buildEIP712TypedData(order));
3
4const { signedMessages } = await fireblocks.createTransaction({
5  operation: "RAW",
6  assetId: "ETH",
7  source: { type: "VAULT_ACCOUNT", id: vaultId },
8  extraParameters: {
9    rawMessageData: { messages: [{ content: hash }] },
10  },
11});
11 linestypescript

Lock Type Requirements#

Lock TypeByteApprovalGaslessDomain
ResourceLock0xffPre-deposit into CompactcheckOIFCompact
Permit2Escrow0x00One-time Permit2 approvecheckOIFEscrow
EIP-30090x01NonecheckOIFEscrow

EIP-712 domains: OIFCompact = ResourceLock via The Compact (allocator-released). OIFEscrow = Permit2 / EIP-3009 input-lock (pulled into escrow via open()).

TypeScript
1const domain = {
2  name: lockType ===  ? "OIFCompact" : "OIFEscrow",
3  version: "1",
4  chainId: originChainId,
5  verifyingContract: settlerAddress,
6};
6 linestypescript

Production Key Management#

RuleWhy
Rotate every 90 daysOr sooner on compromise / personnel change
Separate keys per env + serviceLimits blast radius on leak
Never embed raw keysUse KMS / HSM / Fireblocks only
Monitor signing volumeUnexpected spikes = likely compromise
Document revocation runbookTest quarterly

See Also#

I'm a SolverStep 6 of 7
Solver GuideNext · Oracles

Related topics

Solver Integration Guide

Integration· Step-by-step guide for solvers (market makers) to connect, price, and fill orders on TetraFi.

Compliance Architecture

Architecture· ComplianceRegistry attestation model, settlement path routing, KYC/KYB onboarding, Travel Rule, and WORM evidence ledger.

Smart Contracts

Architecture· On-chain contract reference: InputSettler, OutputSettler, ComplianceRegistry, oracle implementations, and deployment addresses.

Authentication

Integration· API key management, authentication headers, environments, rate limits, error handling, and pagination.