Architecture overview
The full picture, one page.
Trust architecture
Five independent layers. Each does one job. None can do the others'.
No single party controls the full stack. MakeBanc operates the vault. Ceffu holds the assets. Chainlink verifies the numbers. Breach is arranging contract cover (in progress). Noah runs the fiat rails. Compromise one layer and the others keep your capital where it belongs.
Five components:
On-chain vaults. ERC-7540 contracts on Base, one per strategy. The vault is the canonical record of who allocated what, when, and at what NAV. Detail in ERC-7540 vaults.
Institutional custody. A regulated custodian holds underlying assets in segregated SMA accounts. Asset managers get trade-only API access. Detail in Institutional custody.
NAV oracle. A continuous service that reads each vault's value from Binance, independently verifies it (a consensus mechanism plus a human approve/reject check), then publishes NAV per share for each vault. Detail in The NAV oracle.
Off-chain rails. Noah virtual fiat accounts for fiat-to-stablecoin conversion. Sumsub KYC. The platform front-end, reporting, and notifications.
Governance. On-chain controls over vault parameters and emergency response. A 96-hour timelock on parameter changes. Multi-sig guardian role. Asymmetric pause and upgrade authority. Detail in Self-custody model.
How capital flows:
The vault holds no funds. This is by design.
When you allocate, USDC moves from your wallet into the vault contract and flows into the SMA at Ceffu in the same transaction. The vault is a pass-through; at no point does it sit holding your capital.
The asset manager trades within the SMA using trade-only API access. They can execute strategies. They cannot withdraw.
The only path back is redemption. Capital flows from the custodian back through the vault to your wallet. One direction in, one direction out. No side doors.
Deposits are settled daily with human verification of the valuation to ensure all on-chain figures are accurate. The deliberate pace prioritises accuracy over speed.
What runs on-chain:
Vault contract. NAV updates. Fee escrow and settlement. Redemption queue. Governance controls. All auditable on Base's public blockchain.
What runs off-chain:
NAV oracle computation (publishes on-chain after). Custody relationship. KYC (Noah + Sumsub). Fiat-to-stablecoin conversion (Noah). Front-end and reporting.
These are off-chain because institutional custody and regulated payment rails don't exist on-chain. The on-chain record remains the source of truth for ownership and balances.
Trust assumptions:
Listed honestly.
The custodian. Ceffu holds assets. Regulated, segregated, audited. Under the SMA framework, assets are structured to be identifiable as client property, though the timing and completeness of recovery in a custodian wind-down would depend on the specific legal proceedings.
The smart contracts. Audited, on-chain. Reports in Audits. Execute deterministically. Modified only through governance (timelock + guardian + asymmetric pause/upgrade).
The oracle. Auditable computation from the Binance API. Malfunctions detectable by reconciliation.
The asset manager. Trade-only SMA access. Can lose money trading. Cannot move funds externally.
The platform team. Operates off-chain components. Constrained by contracts and governance. Cannot move your assets without on-chain authorisation you control.
What the architecture removes:
Single-point-of-failure trust.
Platform team compromised? Smart contracts keep executing. Custodian outage? NAV pauses, vault state unaffected. Oracle malfunction? Verify your balance on-chain. Front-end down? Vault contract keeps operating; submit transactions directly.
More in If MakeBanc goes offline.
What the architecture preserves:
Strategy IP. The custodian and platform see the SMA balance and aggregate activity. Neither sees individual trades, signals, or models.
Your allocation choice. The platform does not allocate capital between strategies. You pick. The vault records it.
Independence of every party. You control your wallet. The asset manager operates their strategy. The custodian holds the assets. The platform provides connectivity. Each party plays its defined role.
Reading order:
To understand the architecture in detail, read these pages in order:
ERC-7540 vaults: the vault standard, why it's asynchronous, and how share issuance works.
Institutional custody: the custodian relationship, SMA structure, and trade-only access.
The NAV oracle: inputs, computation, and on-chain publication of NAV.
Settlement cycle: how daily settlement ties everything together.
Self-custody model: why the platform is non-custodial despite holding assets at a custodian, and how governance controls work.
If MakeBanc goes offline: what happens if the platform team is unavailable or the front-end is unreachable.