Skip to main content

Collaterals Signer and Forced Settlements for Fireblocks Off Exchange

  • Updated

Overview

In the Fireblocks Off Exchange lifecycle, a settlement refers to the rebalancing of assets between a Collateral Vault Account (CVA) and an exchange account. To make settlements, you must approve incoming transactions from your exchange account to the CVA, approve and sign outgoing transactions from the CVA to an exchange-owned address. 

There are SLAs imposed by exchanges that require outgoing transactions to be signed in a certain amount of time. If you receive incorrect or unexpected settlement instructions, you can deny settlement transactions and contact the exchange to discuss a resolution. If the outgoing transaction’s SLA has passed, the exchange may use the Collateral Signer to sign the settlement transaction on your behalf. See here for specific SLAs information.

Creating a Collateral Signer user for an exchange is not enforced by Fireblocks but may be enforced by an exchange. 

If you are an Owner or an Admin in the Collateral workspace, you can create an API user with a Collateral Signer role. Any Collateral Signer should be deployed on an exchange-owned machine. Transactions executed by the Collateral Signers are immutable. Collateral Signers cannot be disabled without the approval from the exchange.

What happens if you do not sign a settlement transaction (inactivity)?

The Exchange is responsible for calculating and broadcasting settlements as per their settlements schedule on a daily / intraday basis. If there are outgoing transactions in a settlement and you fail to respond to the request according to the designated SLA for any reason (human delay, technical issue, your reservations about the exchange’s calculations, etc.), the exchange expects the settlement transaction to be automatically signed according to your agreement with them.

To facilitate automatic signatures, as an initial condition to providing you with Fireblocks Off Exchange trading credit, the exchange may require that you assign them a unique cosigner user within your collateral workspace called a Collateral Signer. The Collateral Signer will only be created, visible, and accessible within your collateral workspace. The exchange will have control of this user and it will be used as a backup to sign settlement transactions when you do not respond to them on time. 

The Collateral Signer user role is limited in its signing abilities and is only used as a fallback. Before signing, the Collateral Signer must receive an automated notice from Fireblocks consisting of your settlement transaction. This automated notice is only sent to the Collateral Signer under the following conditions:

  1. You have not signed the settlement transaction.
  2. You have not denied the settlement transaction.
  3. The SLA for your signature has elapsed.

Otherwise, the Collateral Signer user is extremely limited. It can not view your balance, create transactions, or sign transactions other than what was specified above.

What happens if you deny a settlement transaction?

If you receive transactions as a part of a settlement that you deem are incorrectly calculated, you may proceed to deny / reject them. The Exchange is notified of such denied transactions.

After reviewing the denied transactions, if the Exchange believes that the original settlements were accurate, they may, following the review SLA, automatically enforce the completion of these settlements using the Collateral Signer.

Notes:

  • If you deem incoming settlements from an Exchange to be malicious, you may approach Fireblocks with an unlocking request at any time.
  • If you deem the auto-settlement by an Exchange as improper, you may continue to pursue them directly.

Creating a Collaterals Signer 

The process of creating a Collateral Signer is almost identical to that of creating a regular API user via the Console. Only the workspace Owner, Admins, and Non-Signing Admins can create Collateral Signers.

When initially onboarding to the Off-Exchange service:

  1. A Collateral Signer user is automatically provisioned in the collateral workspace. This is relevant for all exchanges.
  2. The exchange retrieves the collateral signer pairing token in one of the following ways:
    • The exchange fetches the pairing token for the collateral signer via APIs.
    • The customer navigates to the Settings section and copies the pairing token from the collateral signer user which was automatically provisioned, and then shares it with the exchange.
  1. The exchange uses the pairing token to add the user to their co-signer machine.

Otherwise, in exceptional cases when needing an additional Collaterals signer (i.e. in a locking event, or if the user was accidentally deleted), the contingency below allows you to manually create one. To do that, follow the step flow here:

  1. In your Collateral Workspace, go to Settings > Users.
  2. Select Add user.
  3. On the Add User dialog, toggle the user type to API User.
  4. Enter the name for your Collateral Signer, select the Collateral Signer user role, and choose the exchange to associate with the Collateral Signer.
  5. Select Add User. The Owner and Admin Quorum receive a request to approve the user on their mobile devices. The approval threshold must be met before the user becomes active in your workspace. The Owner's approval is mandatory. It can also be included within the approval threshold.
  6. To complete the deployment of the Collateral Signer API user, reach out to your exchange's support staff and provide them with the pairing token.
Was this article helpful?
1 out of 1 found this helpful

Related Articles