Blockchain Infrastructure for Asset Managers and Funds
Asset managers and funds run their mandates on-chain with custody in client-owned vaults, compliance enforced at the protocol level, and reserves attested continuously, so allocators keep control and transparency end to end. Not a rented platform; a stack you own.
On-chain asset management is running a fund mandate (allocation, custody, compliance, valuation, and investor reporting) on public or permissioned blockchains instead of, or alongside, traditional rails. For an asset manager or allocator, going on-chain is an operations decision more than a trading one: where assets are held, who is allowed to hold them, how reserves are proven, how downside is bounded, and how positions are reported to a risk committee and to LPs. Most vendors hand you a closed platform and ask you to move onto theirs. We don't; we build the infrastructure on your own stack. Protofire is a blockchain engineering company that has shipped 250+ projects since 2016, across 60+ networks and 95+ protocols. For funds, asset managers, allocators, custodians, and wealth platforms allocating on-chain, we deliver the pieces a mandate actually depends on: client-owned private vault infrastructure (VaultOS, ERC-4626/7540), allocator-grade security and audits, Proof-of-Reserve and NAV reporting, downside protection (RWArmor), compliant secondary liquidity (dOTC), and diversified on-chain yield, built as production systems, not reference architectures.
The institutional on-chain stack, owned by the fund
Every layer a mandate depends on, built on your stack, not a rented platform.
Client-owned vaults
Compliance & eligibility
Proof of Reserve & NAV
Downside protection
Secondary liquidity
Safe-governed controls
What we deliver for asset managers
Private vault infrastructure
→Client-owned ERC-4626/7540 vaults (VaultOS), not a rented platform
Tokenized fund shares
→Share classes with async subscribe and redeem (ERC-7540)
Compliance & transfer rules
→KYC, eligibility, and transfer-restriction enforcement for regulated mandates
Proof of Reserve & NAV
→Reserve attestation, NAV oracles, and allocator-grade reporting
Downside protection
→Parametric cover for tokenized positions (RWArmor)
Secondary / OTC liquidity
→Compliant OTC for large holders (dOTC)
Staking yield & indexes
→Diversified multi-chain staking yield and index strategies
Audits & pre-audit hardening
→Security review before capital moves
Safe-governed custody
→Multisig operational controls, as an official Safe Guardian
How does custody and client-owned vault infrastructure work?
For an allocator, custody is the first question a risk committee asks. We build client-owned private vault infrastructure with VaultOS: an ERC-4626/ERC-7540 vault core plus a policy and control plane you own, so no shared protocol, third-party custodian, or external operator sits as the governance root of your assets. Roles are separated the way institutional operations require: distinct, bounded permissions for fund operators, valuation providers, risk guardians, and admins, instead of a single owner key or one undifferentiated multisig. ERC-7540 adds the asynchronous subscription and redemption flows that funds and credit pools actually need (request, settle, and NAV-gate entry and exit), which public vaults and manual scripts cannot do at institutional quality. Governance runs on Safe: as an official Safe Guardian, Protofire-deployed networks secure $2B+ across 120+ EVM networks.
What is VaultOS? VaultOS is Protofire's client-owned private vault infrastructure for funds and allocators: an ERC-4626/ERC-7540 vault core paired with a policy and control plane the fund owns outright, rather than a shared protocol or a rented platform. It packages the controls institutional operations require into a P1-P5 module set spanning governance, policy, permissions, approvals, transfer restrictions, and redemption controls. Permissions are separated into distinct, bounded roles for fund operators, valuation providers, risk guardians, and admins, so no single owner key governs the assets. ERC-7540 supplies the asynchronous subscription and redemption flows funds and credit pools depend on (request, settle, and NAV-gate entry and exit) that public vaults cannot deliver at institutional quality. A Safe sits at the governance layer, while manager, curator, and operator tooling adds monitoring, dashboards, and bounded automation that rebalances within the policy the fund sets but can never exceed it. The fund keeps custody and control end to end.
How are compliance, KYC, and transfer restrictions enforced?
A regulated mandate cannot hold a token that anyone can receive. We enforce eligibility on-chain for the whole life of a position, not at issuance alone: permissioned token standards (ERC-3643), an on-chain identity registry, and modular transfer rules for jurisdiction, accreditation, lock-ups, and holder caps, with an agent/issuer role model so your transfer agent keeps control after distribution. We integrate your KYC/KYB provider rather than taking custody of identity, and contracts are hardened in pre-audit before any capital moves. We maintain Solhint, the open-source Solidity linter used by 1M+ developers, and publish our audit reports, the allocator-grade security bar institutional capital expects. For Swarm Markets we helped build the world's first BaFin-licensed DEX for crypto and tokenized real-world assets, with KYC and multi-tier permissioning across 50+ trading pairs.
Downside protection for allocator capital
Institutional capital sits on the sidelines until downside is quantified. RWArmor, our live parametric protection layer for tokenized real-world assets, closes that gap: automated, oracle-triggered coverage for the operational events that audits don't prevent (redemption freezes, custody failures, NAV deviation, and operational breakdowns), with predefined triggers verified by multi-oracle consensus and on-chain payouts, not a manual claims process. It's built on Atomica and live with LandX. For an allocator, that's a structural answer to the question that most often blocks a risk committee from approving a tokenized-credit or treasury allocation: what happens if something goes wrong operationally? Protected positions also trade at tighter spreads, so protection improves liquidity as well as safety.
How do you provide secondary liquidity for tokenized positions?
A position you can't exit isn't an allocation a fiduciary can hold. dOTC is our permissioned, KYC-gated decentralized OTC market for tokenized RWAs: a peer-to-peer secondary venue, live in production on Polygon and BNB Chain, with a yield toolset that rewards liquidity providers and market makers for keeping active offers on your asset. It gives large holders private execution with on-chain settlement instead of forcing block trades through a public DEX, where they incur slippage, signaling, and MEV exposure. For Swarm Markets, permissionless dOTC lets institutions execute large trades on-chain with private offers and configurable order parameters, the controlled, compliant venue an allocator needs before committing size.
Diversified on-chain yield and index strategies
Allocators want diversified, liquid yield without selecting validators, protocols, and liquidity routes network by network. We build the Liquid Staking Index: a multi-chain liquid-staking fund and distribution layer that aggregates LST exposure across emerging proof-of-stake networks through a single vehicle, with a Master Vault, per-network sub-vaults, NAV reporting, fee accrual, and redemption management, designed for distribution to institutional clients through custody partners. The same staking engineering underpins live work such as our non-custodial delegation service for KyberDAO, where trustless proxy contracts cut operational costs 50% and now support 7,000+ stakers, including institutional integrations like StakeDAO, which attracted $52M+ in TVL within 90 days. Institutional staking yield, without surrendering custody.
In practice: Proof-of-Reserve reporting for Armanino
When Armanino LLP, a top-20 U.S. accounting firm, set out to modernize the platform behind its attestation and reporting services, it partnered with Protofire. We opened with a series of strategy and assessment workshops that mapped Armanino's client-facing technology stack and surfaced the systemic reconciliation and reporting gaps holding it back. From that blueprint we built Armanino's TrustExplorer suite, Real-Time Audit, Proof of Reserves, Trusted Node, and Treasury, turning attestation into a continuous, blockchain-backed process instead of a periodic manual one. The outcome: a 45% drop in reconciliation errors, 60% faster compliance reporting, and 30% IT cost savings for clients, on a platform whose Dynamic Insights now supports $4.2B+ in audited assets across 1,500+ enterprise clients. For an asset manager, that is the reserve-assurance and reporting layer a fiduciary and an auditor can both stand behind.
Why Protofire
Protofire is a blockchain engineering company with 250+ shipped projects across 60+ networks and 95+ protocols since 2016. For institutional finance we've built the on-chain stack ourselves, VaultOS (client-owned vault infrastructure), RWArmor (parametric protection), and dOTC (RWA secondary market), and we deliver it as an integrator on your own stack, not as a closed platform you rent. We maintain Solhint, the Solidity linter used by 1M+ developers, and serve as an official Safe Guardian. Clients include Swarm Markets, Chainlink, Aave, MakerDAO, and the Ethereum Foundation. When we recommend a custody, compliance, or reporting architecture for a fund, it's one we already run in production, not a slide.
“On-chain asset management is running a fund mandate on public blockchains instead of traditional rails, with the self-custody and transparent reporting institutional allocators demand.”
We built Armanino's TrustExplorer suite (Real-Time Audit, Proof of Reserves, Treasury), cutting reconciliation errors 45% and making compliance reporting 60% faster, the reserve-assurance layer a fiduciary and an auditor both stand behind.
We helped build the world's first BaFin-licensed DEX for tokenized real-world assets, with KYC and multi-tier permissioning, plus dOTC for compliant large-trade execution.
As an official Safe Guardian, we deploy audited Safe contracts as institutional-grade custody, with separated operator, valuation, and risk roles so no single key can move a fund's assets.
We rebuilt KyberDAO's delegation with trustless reward contracts, cutting operational costs 50% and onboarding institutional staking like StakeDAO's $50M+ TVL in 90 days.
FAQ
How do asset managers and funds operate on-chain?
How are custody and compliance handled for a regulated fund?
Can you tokenize a fund share class for us?
We're an allocator, not a crypto-native team, can you still help?
How long does an engagement take, and what does it cost?
Reviewed by Luis Medeiros, Field CTO at Protofire. Last reviewed: June 2026.


