Block Helix
|
Every trade a fund makes — swap, yield, perp — passes through a policy that enforces slippage, size, and drawdown limits before it reaches the chain. Bring your own vault or spin one up. Non-custodial, on Base.
The problem
Execution controls are
undifferentiated work.
Most vault operators end up building the same execution plumbing: slippage checks, size limits, drawdown controls. It's undifferentiated work, and getting it wrong is expensive. We've turned it into an API — submit a trade, the policy is enforced before execution, with hard bounds verified by the vault contract itself.
How a trade flows
Submit
Your agent or script posts the trade to the API — one call per action.
Enforce
The policy checks venue, size, slippage against an oracle, leverage, and exposure. Anything outside the bounds is rejected.
Verify & settle
The vault contract re-checks the hard bounds on-chain and settles — no pass, no trade.
Two ways to plug in
Bring your own vault
Attach the policy to your existing Safe or smart account. Trades that breach it revert. No custody migration.
Spin up a vault
Launch a non-custodial ERC-4626 vault with the policy set at creation. Capital stays in the contract, bounded by the policy.
Authorized is not safe
Allowlisting the action
is not enough.
In January 2026, a vault lost $3.7M on a single swap: 3.84M in, 112K out. No exploit — the trade was authorized and executed exactly as approved. Nothing verified what it returned. A function-level allowlist would have approved it too.
Enforced on every trade
Every swap is checked against an oracle price. A trade that returns less than the bound reverts.
Per-trade and per-asset notional caps. No single action can exceed them.
Explicit allowlists. Unlisted routes and tokens are rejected before execution.
A hard ceiling on perp exposure, enforced when the position opens.
Trading halts and positions unwind once losses pass a set threshold.
The check, on the real trade
Swap · stkGHO → USDC
The same trade that cost $3.7M in production fails the slippage check and never settles.
Architecture
Enforcement is on-chain,
not in our servers.
The policy is committed to the vault contract. Bounds are re-verified on Base at execution — so a compromised key, a bad quote, or a broken agent still cannot move funds outside them.
Vault
Non-custodial ERC-4626 over USDC. Deposit, receive shares, redeem against idle liquidity or the async queue. Or attach the policy to a Safe you already run.
Policy
Size, slippage, venue, leverage, and drawdown bounds committed on-chain. Changes go through a 24-hour timelock depositors can see.
API
POST /trade/swap — one call per action. MCP tools for agents. Wallet-signature auth.
Policy templates
Start from a risk profile.
Compose your own bounds, or start from a maintained template. We version the leaf sets and publish vetted updates operators adopt through the timelock.
Bluechip
USDC ↔ WETH/cbBTC on top-liquidity pools only. Slippage capped at 50 bps per trade.
All Yield
Morpho, Aave v3, and Moonwell whitelisted markets. No directional swaps.
Balanced
Bluechip pairs plus yield sources, with per-transaction notional caps.
Midcap Momentum
Curated, liquidity-screened midcap list. Tighter caps, wider slippage band.
Perps Midcap
Midcap perp markets, max 3× leverage, mandatory exit leaves. Ships in v2.
Custom
Define your own bounds. Validated by the config service, activated via timelock.
3rd place at the Colosseum Solana Agent Hackathon out of 454 projects. Now building on Base.
READ THE API DRAFT→Pre-launch · Base mainnet beta
Request access.
Guarded launch: $25k TVL cap per vault, allowlisted operators, protocol guardian active. Independent audit before real TVL.
Legacy Solana devnet runtime is frozen — existing vaults are archived.