Spout Finance
Confidential RWAs
The problem Spout Finance solves
Spout Finance aims to revolutionise DeFi by offering save collateral options with confidential RWA balances and transfers enabling institutions to earn yield on public networks like Ethereum while remaining confidential from the rest of the network.
Inefficient Capital management on lending protocols
The DeFi lending market requires users to post collateral, often at a minimum of 100% of the borrowed amount. With native crypto assets, the required collateral is typically even higher around 150% to compensate for market risk due to high volatility. This results in capital inefficiency, as investors must lock up 50% more capital than necessary, which remains idle and is also exposed to potential value loss.
But what makes good collateral?
Spout Finance offers collateral that can be as close as possible to a 1:1 ratio with the borrowed amount, while still earning a yield equivalent to that of a AAA-rated corporate bond ETF. This allows borrowers to avoid overcollateralization and earn stable yield without risking liquidation due to the collateral dropping below the required threshold.
Insitutional privacy
Spout believes that settlement on Ethereum is essential due to its decentralization guarantees, but it also prioritizes institutional privacy. To achieve this, Spout has created a confidential RWA order flow for both buy and sell orders, emitting encrypted events that allow banks to transact on behalf of customers using Trusted Execution Environments (TEEs). TEE coprocessors enable customers to selectively disclose asset balances and transfers, keeping their activity hidden from the public market while remaining compliant through decryption flows for trusted third parties.
A custom Chainlink data feed is used to retrieve the asset price from a verified custodian and provide it to our Order smart contract. The contract then performs encrypted computations to determine the actual asset amount that needs to be bought or sold, preserving confidentiality throughout the process.
Decentralised Identity contracts and ERC3643
Spout builds on the well-regarded ERC-3643 token standard, trusted by institutions seeking to tokenize assets on Ethereum. It also leverages ERC-725, an on-chain identity standard, to enable customers to execute KYC and AML claims through their personal identity contracts.
Using the ERC-3643 framework, Spout implements a permissioned token flow where a trusted issuer can mint and burn tokens from a customer’s address but only if the customer's on-chain identity contract contains the required claims issued during a successful KYC process. The trusted issuer is the backend of the Spout application, which communicates with a third party bank to buy and hold the assets, which triggers a update on the reserves held in the bank. Chainlink functions and automation is used to get a Proof-of-Reserve feed directly from a bank API to a smart contract for customers to verify the total token supply against the total assets held in the custody bank.
Tech Stack - Smart Contract Infrastructure
Blockchain & Network:
Base Sepolia - Testnet deployment for development and testing
Token Standards & Identity
ERC-3643 - Permissioned token standard for compliant asset tokenization
ERC-725 - On-chain identity contracts for KYC/AML claim management
OnchainID - Identity verification and claim signing infrastructure
Oracle & Automation Infrastructure
Oracle & Automation Infrastructure
Chainlink Functions - Custom data feeds for verified custodian asset pricing
Chainlink Automation - Time-based proof-of-reserves updates (24-hour intervals)
Chainlink DON - Decentralized oracle network for external API connectivity
Privacy & Computation
Privacy & Computation
Trusted Execution Environments (TEEs) - Confidential order processing with Inco Lightning
Encrypted Event Emission - Private transaction data for institutional clients
Confidential Smart Contracts - Encrypted balance and transfer computations
Core Smart Contracts
Core Smart Contracts
Orders Contract - Handles buy/sell order execution with encrypted computations
Reserve Contract - Manages proof-of-reserves data from bank APIs
Compliance Framework - ERC-3643 compliant minting/burning permissions
Identity Registry - Manages trusted issuers and user verification status
Development
Hardhat - Development framework and testing environment
OpenZeppelin - Secure contract libraries and access control patterns
Challenges we ran into
The ERC-3643 contract contains many permissioned flows, which were challenging to integrate into both the backend and frontend. However, our backend and frontend now work together seamlessly to support a user flow that is ready for a production-grade RWA issuance environment.
Users create their own on-chain identity through our deployed gateway contract, after which the backend registers this identity in the permissioned identity storage on the ERC-3643 smart contract. It is critical that the data sent from the user to the server is accurately captured, as it is used to generate digital signatures required to trigger events such as adding KYC claims to the on-chain identity.
Additionally, working with encrypted smart contracts required advanced implementation to correctly process buy and sell orders, but we successfully completed this integration. We prioritized this effort because we strongly believe institutional privacy should be the standard in Web3, and it will be a core feature of our product from day one.
To achieve this, we built a flow where the smart contract computes over encrypted amounts, and our backend decrypts the emitted events to extract the buy and sell orders. These decrypted orders then trigger a third-party bank API to execute the actual asset transactions.
These encrypted orders are further integrated with Chainlink Functions, where we encrypt the response from the Chainlink call and use it in our asset amount calculation for buy orders and the USDC amount for sell orders.
Tracks Applied (1)