Skip to content

Blockchain Infrastructure for Asset Managers and Funds

In short

Asset managers and funds run their mandates on-chain with custody in client-owned vaults, compliance enforced at the protocol level, and reserves attested continuously, so allocators keep control and transparency end to end. Not a rented platform; a stack you own.

$4.2B+
audited assets
1,500+
enterprise clients
$120M to $730M
governance TVL growth
99.99%
uptime
Trusted by teams building on-chain

On-chain asset management is running a fund mandate (allocation, custody, compliance, valuation, and investor reporting) on public or permissioned blockchains instead of, or alongside, traditional rails. For an asset manager or allocator, going on-chain is an operations decision more than a trading one: where assets are held, who is allowed to hold them, how reserves are proven, how downside is bounded, and how positions are reported to a risk committee and to LPs. Most vendors hand you a closed platform and ask you to move onto theirs. We don't; we build the infrastructure on your own stack. Protofire is a blockchain engineering company that has shipped 250+ projects since 2016, across 60+ networks and 95+ protocols. For funds, asset managers, allocators, custodians, and wealth platforms allocating on-chain, we deliver the pieces a mandate actually depends on: client-owned private vault infrastructure (VaultOS, ERC-4626/7540), allocator-grade security and audits, Proof-of-Reserve and NAV reporting, downside protection (RWArmor), compliant secondary liquidity (dOTC), and diversified on-chain yield, built as production systems, not reference architectures.

The institutional on-chain stack, owned by the fund

Every layer a mandate depends on, built on your stack, not a rented platform.

01

Client-owned vaults

VaultOS ERC-4626/7540 vault core plus a policy plane the fund owns outright.
02

Compliance & eligibility

ERC-3643 permissioned tokens, an identity registry, and transfer rules enforced on-chain.
03

Proof of Reserve & NAV

Chainlink Proof of Reserve and NAV oracles attest backing continuously, not in a quarterly PDF.
04

Downside protection

RWArmor parametric coverage for redemption freezes, custody failures, and NAV deviation.
05

Secondary liquidity

dOTC, a permissioned, KYC-gated OTC venue for large tokenized positions.
06

Safe-governed controls

Separated operator, valuation, and risk roles, so no single key moves assets.
02

How does custody and client-owned vault infrastructure work?

For an allocator, custody is the first question a risk committee asks. We build client-owned private vault infrastructure with VaultOS: an ERC-4626/ERC-7540 vault core plus a policy and control plane you own, so no shared protocol, third-party custodian, or external operator sits as the governance root of your assets. Roles are separated the way institutional operations require: distinct, bounded permissions for fund operators, valuation providers, risk guardians, and admins, instead of a single owner key or one undifferentiated multisig. ERC-7540 adds the asynchronous subscription and redemption flows that funds and credit pools actually need (request, settle, and NAV-gate entry and exit), which public vaults and manual scripts cannot do at institutional quality. Governance runs on Safe: as an official Safe Guardian, Protofire-deployed networks secure $2B+ across 120+ EVM networks.

What is VaultOS? VaultOS is Protofire's client-owned private vault infrastructure for funds and allocators: an ERC-4626/ERC-7540 vault core paired with a policy and control plane the fund owns outright, rather than a shared protocol or a rented platform. It packages the controls institutional operations require into a P1-P5 module set spanning governance, policy, permissions, approvals, transfer restrictions, and redemption controls. Permissions are separated into distinct, bounded roles for fund operators, valuation providers, risk guardians, and admins, so no single owner key governs the assets. ERC-7540 supplies the asynchronous subscription and redemption flows funds and credit pools depend on (request, settle, and NAV-gate entry and exit) that public vaults cannot deliver at institutional quality. A Safe sits at the governance layer, while manager, curator, and operator tooling adds monitoring, dashboards, and bounded automation that rebalances within the policy the fund sets but can never exceed it. The fund keeps custody and control end to end.

03

How are compliance, KYC, and transfer restrictions enforced?

A regulated mandate cannot hold a token that anyone can receive. We enforce eligibility on-chain for the whole life of a position, not at issuance alone: permissioned token standards (ERC-3643), an on-chain identity registry, and modular transfer rules for jurisdiction, accreditation, lock-ups, and holder caps, with an agent/issuer role model so your transfer agent keeps control after distribution. We integrate your KYC/KYB provider rather than taking custody of identity, and contracts are hardened in pre-audit before any capital moves. We maintain Solhint, the open-source Solidity linter used by 1M+ developers, and publish our audit reports, the allocator-grade security bar institutional capital expects. For Swarm Markets we helped build the world's first BaFin-licensed DEX for crypto and tokenized real-world assets, with KYC and multi-tier permissioning across 50+ trading pairs.

04

Proof-of-Reserve, NAV, and allocator-grade reporting

An allocation is only as credible as the proof behind it. We wire in Chainlink Proof-of-Reserve so the assets backing a token (treasuries in custody, fiat reserves, loan books, physical collateral) are attested on-chain continuously and independently, rather than asserted in a quarterly PDF. As a core contributor to Chainlink, we built the developer tooling other teams use to integrate Chainlink and have shipped Chainlink external adapters, including Proof-of-Reserve feeds (for example, Cache.gold), and we integrate price and NAV oracle feeds from Chainlink or DIA so valuation, mint caps, and redemptions all read from one trusted source. The same on-chain data feeds dashboards your investors, auditors, and risk committee verify directly, turning monthly reporting from a reconciliation exercise into a live, auditable feed.

05

Downside protection for allocator capital

Institutional capital sits on the sidelines until downside is quantified. RWArmor, our live parametric protection layer for tokenized real-world assets, closes that gap: automated, oracle-triggered coverage for the operational events that audits don't prevent (redemption freezes, custody failures, NAV deviation, and operational breakdowns), with predefined triggers verified by multi-oracle consensus and on-chain payouts, not a manual claims process. It's built on Atomica and live with LandX. For an allocator, that's a structural answer to the question that most often blocks a risk committee from approving a tokenized-credit or treasury allocation: what happens if something goes wrong operationally? Protected positions also trade at tighter spreads, so protection improves liquidity as well as safety.

06

How do you provide secondary liquidity for tokenized positions?

A position you can't exit isn't an allocation a fiduciary can hold. dOTC is our permissioned, KYC-gated decentralized OTC market for tokenized RWAs: a peer-to-peer secondary venue, live in production on Polygon and BNB Chain, with a yield toolset that rewards liquidity providers and market makers for keeping active offers on your asset. It gives large holders private execution with on-chain settlement instead of forcing block trades through a public DEX, where they incur slippage, signaling, and MEV exposure. For Swarm Markets, permissionless dOTC lets institutions execute large trades on-chain with private offers and configurable order parameters, the controlled, compliant venue an allocator needs before committing size.

07

Diversified on-chain yield and index strategies

Allocators want diversified, liquid yield without selecting validators, protocols, and liquidity routes network by network. We build the Liquid Staking Index: a multi-chain liquid-staking fund and distribution layer that aggregates LST exposure across emerging proof-of-stake networks through a single vehicle, with a Master Vault, per-network sub-vaults, NAV reporting, fee accrual, and redemption management, designed for distribution to institutional clients through custody partners. The same staking engineering underpins live work such as our non-custodial delegation service for KyberDAO, where trustless proxy contracts cut operational costs 50% and now support 7,000+ stakers, including institutional integrations like StakeDAO, which attracted $52M+ in TVL within 90 days. Institutional staking yield, without surrendering custody.

08

In practice: Proof-of-Reserve reporting for Armanino

When Armanino LLP, a top-20 U.S. accounting firm, set out to modernize the platform behind its attestation and reporting services, it partnered with Protofire. We opened with a series of strategy and assessment workshops that mapped Armanino's client-facing technology stack and surfaced the systemic reconciliation and reporting gaps holding it back. From that blueprint we built Armanino's TrustExplorer suite, Real-Time Audit, Proof of Reserves, Trusted Node, and Treasury, turning attestation into a continuous, blockchain-backed process instead of a periodic manual one. The outcome: a 45% drop in reconciliation errors, 60% faster compliance reporting, and 30% IT cost savings for clients, on a platform whose Dynamic Insights now supports $4.2B+ in audited assets across 1,500+ enterprise clients. For an asset manager, that is the reserve-assurance and reporting layer a fiduciary and an auditor can both stand behind.

09

Why Protofire

Protofire is a blockchain engineering company with 250+ shipped projects across 60+ networks and 95+ protocols since 2016. For institutional finance we've built the on-chain stack ourselves, VaultOS (client-owned vault infrastructure), RWArmor (parametric protection), and dOTC (RWA secondary market), and we deliver it as an integrator on your own stack, not as a closed platform you rent. We maintain Solhint, the Solidity linter used by 1M+ developers, and serve as an official Safe Guardian. Clients include Swarm Markets, Chainlink, Aave, MakerDAO, and the Ethereum Foundation. When we recommend a custody, compliance, or reporting architecture for a fund, it's one we already run in production, not a slide.

On-chain asset management is running a fund mandate on public blockchains instead of traditional rails, with the self-custody and transparent reporting institutional allocators demand.

Institutional infrastructure, in production
$4.2B+audited assets across 1,500+ enterprise clients

We built Armanino's TrustExplorer suite (Real-Time Audit, Proof of Reserves, Treasury), cutting reconciliation errors 45% and making compliance reporting 60% faster, the reserve-assurance layer a fiduciary and an auditor both stand behind.

Armanino TrustExplorerView project →
50+trading pairs on the first BaFin-licensed DEX

We helped build the world's first BaFin-licensed DEX for tokenized real-world assets, with KYC and multi-tier permissioning, plus dOTC for compliant large-trade execution.

Swarm MarketsView project →
$2B+secured across 120+ EVM networks

As an official Safe Guardian, we deploy audited Safe contracts as institutional-grade custody, with separated operator, valuation, and risk roles so no single key can move a fund's assets.

Safe Multisig WalletView project →
7,000+stakers, institutional on-chain staking

We rebuilt KyberDAO's delegation with trustless reward contracts, cutting operational costs 50% and onboarding institutional staking like StakeDAO's $50M+ TVL in 90 days.

FAQ

How do asset managers and funds operate on-chain?
They run the operational layer of a mandate on blockchain rails while the investment decisions stay with the manager. Assets sit in client-owned vaults rather than a single account or a third-party platform; eligibility and transfer rules are enforced on-chain through permissioned token standards like ERC-3643, so only verified, permitted wallets can ever hold a position. Reserves and NAV are attested continuously through oracles and Chainlink Proof-of-Reserve instead of a quarterly PDF, and subscriptions and redemptions run through ERC-7540 vault contracts that request, settle, and NAV-gate entry and exit. Governance runs on a Safe multisig with separated operator, valuation, and risk roles, so no single key controls the assets. What changes versus traditional rails is custody, settlement, compliance enforcement, and reporting transparency, the audit trail lives on-chain, verifiable directly by investors, auditors, and a risk committee rather than reconciled after the fact.
How are custody and compliance handled for a regulated fund?
We don't take custody. We deploy on your own stack and integrate your custodian or MPC arrangement, your KYC/KYB provider, and your transfer-agent logic, so eligibility and jurisdiction rules are enforced at every transfer for the whole life of a position, not at issuance alone. Compliance is encoded on-chain with permissioned token standards (ERC-3643), an on-chain identity registry, and modular transfer rules for jurisdiction, accreditation, lock-ups, and holder caps, with an agent/issuer role model so your transfer agent keeps control after distribution. Vaults are Safe-governed with separated operator, valuation, and risk roles rather than a single owner key, and as an official Safe Guardian our deployed networks secure $2B+ across 120+ EVM networks. Every contract is hardened in pre-audit and checked against Solhint, the Solidity linter used by 1M+ developers, before any capital moves, the allocator-grade security bar institutional capital expects.
Can you tokenize a fund share class for us?
Yes, it's a core use case. A tokenized fund share class combines an ERC-3643 permissioned share token that enforces investor eligibility, accreditation, and lock-ups; an ERC-7540 vault for asynchronous subscriptions and redemptions that request, settle, and NAV-gate entry and exit; NAV oracle and Chainlink Proof-of-Reserve feeds so valuation, mint caps, and redemptions all read from one trusted source; and Safe-governed controls with distinct operator, valuation, and risk roles instead of a single owner key. For the productized vault layer we use VaultOS, our client-owned private vault infrastructure, so the fund owns the governance root rather than renting a platform. For the broader issuance build, token design, identity registry, transfer-agent integration, and distribution, we route to our tokenization-infrastructure service. The investment decisions stay with you; what we build is the custody, compliance, settlement, and reporting infrastructure underneath the share class.
We're an allocator, not a crypto-native team, can you still help?
That's exactly who this is for. We translate a mandate's requirements, custody model, eligibility rules, reserve assurance, risk limits, and investor reporting, into on-chain infrastructure your operations, compliance, and audit teams can actually run, without your team having to become crypto-native. You don't manage keys, select validators, or write contracts; we deploy the vault, the compliance enforcement, the Proof-of-Reserve feeds, and the reporting, then hand you tooling and dashboards your existing teams operate. The work comes from engineers who have shipped institutional finance systems in production, the world's first BaFin-licensed DEX for Swarm Markets, and the Proof-of-Reserve and attestation platform behind Armanino's TrustExplorer, not from a generic framework. Where a risk committee needs downside quantified before approving an allocation, RWArmor adds parametric protection; where a position needs an exit, dOTC provides a compliant secondary venue. We meet your mandate where it is.
How long does an engagement take, and what does it cost?
It depends on scope, and we give you a concrete answer rather than a range to chase. A focused vault or compliance build typically runs about 6-10 weeks; a full stack, tokenized share class, vault, Proof-of-Reserve, and a secondary venue, about 16-24 weeks; and RWArmor downside protection integrates in roughly 4-8 weeks. We don't publish a price list because the work depends on which parts of the stack you need; instead, we size the asset class and compliance footprint on the first call and hand you a fixed scope and a written estimate before any work starts. Because we deploy on your own stack and reuse production systems we already maintain, VaultOS, RWArmor, and dOTC, there is no platform licensing layered on top of the engineering, and you are never committing against an open-ended retainer for the core build.

Reviewed by Luis Medeiros, Field CTO at Protofire. Last reviewed: June 2026.

Book a call with Alejandro Losa

Schedule a call with our Business Development Manager to receive practical recommendations and a prompt proposal for upgrading your solution.

Protofire 2026. All rights reserved