#HyFi for Security Tokens — Smart Contracts as token holders

Smart Contracts hold tokens for their users in order to provide Decentralized Finance services, but how does that fit with compliance control mechanisms from Digital Securities?

Jorge Serna
Published in
6 min readNov 25, 2020

This post is part of a series that analyzes how Digital Securities can benefit from DeFi protocols bridging Decentralized and Centralized Finance in a Hybrid approach (#HyFi), and the different aspects that need to be taken into consideration to leverage this ecosystem while remaining within compliance requirements. You can read Securitize’s introduction to HyFi here, and learn about the impact of KYC and transfer controls here.

A very usual approach on DeFi protocols is that, as part of their operation, investors must deposit tokens in a specific smart contract. This is the case for Vaults in Maker, in which a user will deposit their tokens as collateral in exchange for DAI, or UniSwap in which liquidity providers will deposit the token pairs to generate automatic market-making, or Balancer, Aave, Compound, or many other protocols.

With this approach, at some point in time, the smart contract itself becomes the holder of the tokens…

This behavior is different from the pure atomic swap approach in which interaction with the DeFi protocol produces a movement of tokens directly from investor wallet to investor wallet with no intermediate wallet or contract holding the tokens. With this approach, at some point in time, the smart contract itself becomes the holder of the tokens, and for Digital Securities which must control who is authorized to be a holder, this will require that the specific contract which will hold the securities should have been approved before. Otherwise the attempt to deposit tokens there will be rejected.

Transfers to unauthorized wallets are reverted by the DS Protocol

So if an investor who is currently holding some securities in token form goes to the UniSwap app to create a new liquidity pool, and tries to do this with that security and — for instance — a stable coin, the process will fail. This is because part of the process executed by the UniSwap app includes depositing the corresponding tokens into the newly created pool, but since this new pool address will be unknown to the Digital Security smart contract, it will block any transfer to it.

The solution to this problem is relatively simple at the technical level: we just need to ensure that the address that will receive the securities becomes known by the smart contract managing compliance so that it authorizes those deposits. We will call this process “allow-listing”.

Since, following the previous example, the address cannot be allowed before it is known, using the UniSwap app UI to support this process is not possible, as the app uses the same transaction to create the pool (which gives it a new address) and to add liquidity to it. An alternative integration should be built, using UniSwap protocol directly to create the pool without providing initial liquidity, and then add the newly generated address to the allow-list. After this is done, providing liquidity with tokenized securities would be possible. In the case of Securitize’s DS Protocol, the allow-list management is a responsibility for the issuer or trusted parties, so this initial capability for setting up the pool would have to be managed by them. So combining a permissioned model for allow-listing with the decentralized approach of DeFi smart contracts, puts us strictly into the area of Hybrid Finance or #HyFi.

With this approach, investors can deposit tokens into the authorized pool, and as discussed in my previous post, authorized investors would then be able to trade with it, while the token smart contract will ensure that at any point only authorized investors will be able to do this, and guarantee that compliance restrictions are enforced throughout the process.

This authorization approach follows a model of “compliance at the edge”, meaning that the compliance controls are executed when tokens are moved in (because only authorized investors can hold them so only authorized investors can deposit) or out (because only authorized investors will be able to trade or withdraw from the contract) — but what happens with the tokens as they stay deposited inside the contract?

One important aspect for securities is that the issuer must keep (directly or via a Transfer Agent) a Master Securityholder File, which tracks who is the owner for each unit of the issued securities. This register has some regulatory obligations, and in particular, since securities are not in general bearer instruments, holders of the securities cannot be anonymous so that a KYC’d (meaning formally verified) identity of a person or institution must be associated with any token amount held.

This is not problematic for certain DeFi products, like Maker Vaults or Balancer private pools. For these products there is a single owner responsible for the ability to deposit tokens into the smart contract, so we can rightfully assume that the tokens placed inside those smart contracts belong to the creator. In the case of the DS Protocol, this is particularly simple as the protocol allows multiple wallet addresses to be associated with a single KYC identity, so it is just a matter for the issuer to provide the tools to investors to create or authorize a previously created smart contract and associate it with them. From that moment on, all deposits trades and interactions with that contract would be as if made by the investor themselves automatically, and the investor is taking responsibility for the amounts deposited there. It is like having a “smart wallet” that given the right conditions will exchange your assets for you.

For instance, by creating a private Balancer pool and assign it to a certain identity:

  • Issuers would be able to create their own private Balancer pool, for assets directly owned by them, so that they can provide a mechanism for automatic tender offering and redemption of their securities to their verified investors, providing a clear and transparent price and mechanism to adjust to market demand. This way, there will always be an opportunity for certain liquidity for existing token holders and the ability to access the assets for new investors.
  • Additionally, issuers could further open this capability to their investors or other third parties. Existing investors (which have already been verified) would be able to identify an owned Balancer pool or create a new one directly from their investor dashboard, and then configure it to be able to rebalance their assets based on the market demand. This could allow an investor to operate as an Automated Market Maker using currently owned assets.

The tracking of ownership and responsibility of the trades with this “smart wallet” would be automatically managed by the DS Protocol, but we should consider that providing this kind of liquidity through “market-making” may be considered a dealer activity, so depending on the assessment the issuer or Transfer Agent may want to restrict these options to specific investors (entities) that fulfill the requirements to provide this.

While this is an exciting opportunity to bring more flexibility to Digital Securities, while not straying away from the compliance and regulatory controls that are a must in this space, this solution does not cover the most usual situation in DeFi protocols. I refer to the cases in which the smart contract in which tokens are deposited cannot be associated with a single owner because it pools assets from multiple investors. We will cover that in our next post, and look at how Securitize technology can handle this.

Securitize is modernizing capital markets by creating digital securities, which are easier to own, simpler to manage, and faster to trade. The Securitize platform and protocol provide a proven full-stack solution for the creation and management of digital securities. Securitize’s innovative DS Protocol has the highest adoption rate in the industry and enables seamless, fully compliant trading across multiple markets simultaneously. Multiple Securitize powered digital securities are already trading globally on public marketplaces with many more in the pipeline.

You can learn more about Securitize at: www.securitize.io

And you can join the conversation about the Digital Securities revolution in our Telegram channel.



Jorge Serna

Product & Strategy in @securitize — formerly Director of Global Communication Products @Telefonica