This document provides a technical overview of Definitive's advanced execution product with a focus on security.
Definitive’s technical architecture borrows the best concepts from traditional finance execution while integrating DeFi native elements such as on-chain activity monitoring and cross-protocol smart contract execution.
The architecture composes of 2 main components
The TradingVault is the main contract used to support advanced execution at Definitive. It is a fully non-custodial contract composed of modules that perform specific tasks such as swapping and access control.
OpenZeppelin's AccessControl is used role management. The different roles on a TradingVault are:
| Roles | Description | Functionality | One Or Many Addresses |
|---|---|---|---|
DEFAULT_ADMIN_ROLE |
Owner of the contract. |
It is set to address provided by the client or Definitive’s Multisig (for retail clients). | - Can add/remove other roles below. | One |
| ROLE_CLIENT | Address provided by the client. | - Can deposit/withdraw funds from the TradingVault .
ROLE_DEFINITIVE | Address owned by the Definitive team. | - Can perform swaps with assets in the TradingVault. | Many |TradingVault (smart contract) per user per chain. The address of the TradingVault is the same across all EVM chains.ROLE_CLIENT and only this address is able to deposit and withdraw funds.ROLE_DEFINITIVE and is able to perform predefined actions like swaps. This address CAN NOT withdraw funds from the TradingVault .DEFAULT_ADMIN_ROLE is set to a backup address owned by the client. There can only be one DEFAULT_ADMIN_ROLE per TradingVault.
ROLE_CLIENT. In case the ROLE_CLIENT address is compromised or lost, only the DEFAULT_ADMIN_ROLE can set a new ROLE_CLIENT.TradingVault is set up, the client connects with their desired wallet provider (Fireblocks, Metamask Institutional, any EOA, etc.).ROLE_CLIENT deposits ETH into the TradingVault.