Версия: 3.3.51 Обновлено: 2026-01-23

External Integrations Strategy¶

Executive Summary: Saga's integration-first approach leverages best-in-class external providers вместо reinventing wheels: custody providers для asset security, DeFi vaults для yield optimization, audit firms для smart contract safety. Multi-provider redundancy ensures resilience, API-first architecture обеспечивает flexibility.

Integration Philosophy¶

"Build vs Buy" Decision Framework¶

✅ User Interface & Experience: Banking window frontend (web apps)
✅ Investment Logic: Strategy management and allocation system (core IP)
✅ Operator Dashboard: Capital management и strategy allocation tools
✅ Integration Layer: Unified API для взаимодействия с external providers

Buy/Integrate (External Providers):

✅ Custody Services: Professional key management (Fordefi - all-in-one solution)
✅ DeFi Protocols: Yield optimization через Pendle Finance, Curve Finance + boost protocols (Convex, StakeDAO)
✅ Security Audits: Code and security reviews (Trail of Bits, OpenZeppelin)
✅ Infrastructure: Cloud hosting (AWS, GCP), monitoring (Datadog), CDN (Cloudflare)

Integration Priorities (Phase-Based)¶

Phase 1 (Q4 2025): Foundation

🔥 P0: Fordefi custody integration (all-in-one solution)
🔥 P0: Security audit (первичная security baseline)
🔥 P0: Pendle Finance integration (первый DeFi протокол для 3+ risk-free rates)
🟡 P1: Infrastructure setup (VPS, database, monitoring)

Phase 2 (Q1-Q2 2026): Yield Diversification

🔥 P0: Curve Finance integration (вторая основная платформа)
🔥 P0: Convex Finance boost protocol (для Curve strategies)
🟡 P1: StakeDAO integration (альтернативный boost protocol)
🟢 P2: Enhanced monitoring и alerting systems

Phase 3 (Q3-Q4 2026): Scale & Optimization

🟡 P1: Automated yield optimization across protocols
🟡 P1: Insurance provider (Nexus Mutual, risk mitigation)
🟢 P2: Analytics providers (Dune, Nansen - institutional insights)

🏦 Custody Provider Integration: Fordefi¶

Strategic Choice: All-in-One Custody Solution¶

🎯 Fordefi - Единое решение для custody:

Why Fordefi:

✅ Cost Efficiency: Всё в контуре Fordefi - не платим отдельно за custody
✅ Institutional-Grade Security: MPC (Multi-Party Computation) wallet technology
✅ DeFi-Native: Специализация на DeFi protocols (Pendle, Curve, Convex поддерживаются нативно)
✅ Developer-Friendly: Comprehensive API, SDK support, активная документация
✅ Regulatory Compliance: SOC 2, ISO 27001, enterprise-ready

Market Alternatives (Not Used):

Fireblocks ($100B+ AUM): Industry leader, но 0.15-0.5% AUM fees слишком дорого
Copper ($10B+ AUM): Institutional focus, но не оправдано для нашего scale
Decision: Fordefi обеспечивает необходимую функциональность без premium pricing

Selection Rationale:

✅ Security Track Record: Zero known breaches, insurance coverage
✅ API Quality: REST APIs, WebSockets для real-time updates, comprehensive SDKs
✅ Asset Support: USDC, Ethereum, multi-chain expansion ready
✅ Integration Effort: <2 months для complete integration (vs 3+ months у конкурентов)
✅ DeFi Integration: Нативная поддержка Pendle, Curve, Convex - критично для нас

Integration Architecture¶

High-Level Flow:

flowchart TB
    A[User Deposit Request] --> B[Crypto2B Deposit Address]
    B --> C[User sends USDC/USDT]
    C --> D[Crypto2B Webhook]
    D --> E[Backend Processing]
    E --> F[Fordefi MPC Custody]
    F --> G[DeFi Protocol Pendle/Curve]
    G --> H[Confirmation]
    H --> I[User Email + Dashboard]

    style F fill:#FFD700
    style G fill:#90EE90

Key Integration Points:

User Registration (Supabase Auth)
User registers via Google OAuth or email/password
Supabase handles authentication, Saga backend validates JWT
User account created in Saga database with email as primary identifier
Deposit Flow (Crypto2B)
User requests deposit address via Saga dashboard
Crypto2B generates unique TRC20/ERC20 address
User transfers USDC/USDT from external wallet/exchange
Crypto2B webhook notifies backend of deposit
Funds allocated to user's investment strategy
Withdrawal Flow (Admin-Approved via Fordefi)
User requests withdrawal через Saga dashboard
Request goes to pending queue for admin review
Admin approves and executes via Fordefi MPC Dashboard
Multi-sig signing process (distributed approval)
User receives USDC/USDT at specified address
Capital Management (Fordefi MPC)
Operators allocate capital to DeFi protocols via Fordefi
Daily APY accrual calculated based on strategy
Balance reconciliation: Saga DB vs Fordefi vs DeFi protocols
Alerts if discrepancies detected (>0.1% difference)

Fordefi Security Model¶

MPC Technology Benefits:

✅ No Single Point of Failure: Private keys never exist в complete form
✅ Distributed Signing: Multiple parties required для transaction approval
✅ Threshold Signatures: N-of-M approval scheme (e.g., 2-of-3 for withdrawals)
✅ Hardware Security: Key shares stored в HSMs (Hardware Security Modules)

Operational Security:

Real-Time Monitoring: Fordefi dashboard для tracking all transactions
Policy Engine: Automated rules (e.g., max transaction amount, whitelisted addresses)
Audit Trail: Complete history of all operations для compliance
Emergency Procedures: Instant transaction freezing если detected anomalies

Cost Structure:

✅ No Separate Custody Fees: Included in overall Fordefi service
✅ No Per-Transaction Fees: Flat monthly/annual pricing
✅ Scalable: Cost doesn't increase linearly с TVL growth
🎯 Estimated: ~$2-5K/month (vs $30-50K/month для Fireblocks at $10M TVL)

🌾 DeFi Vault Integrations¶

Target DeFi Protocols¶

🎯 Core Strategy: Risk-Free Rate через Treasury-Backed Yields

Protocol	TVL	Yield Type	Target APY	Security Audits	Target Phase
Pendle Finance	$3B+	Yield trading, fixed rates	3-8% (risk-free)	10+ audits	Phase 1 (Primary)
Curve Finance	$5B+	Stablecoin pools	2-5% (base yield)	15+ audits	Phase 2 (Core)
Convex Finance	$4B+	Curve boost protocol	+2-5% (boosted yield)	8+ audits	Phase 2 (Boost)
StakeDAO	$100M+	Alternative Curve boost	+1-3% (alternative boost)	5+ audits	Phase 2 (Alternative)

DeFi Specialist Rationale:

"Pendle и Curve - база DeFi. Curve стратегии строятся через boost протоколы Convex или StakeDAO. Этого более чем достаточно, чтобы сделать базовые стратегии для клиентов, которые будут генерировать 3 и более безрисковых ставок."

Selection Criteria (DeFi Specialist Approved):

✅ Treasury-Backed: Yields основаны на real-world assets, не на volatile crypto
✅ 3+ Risk-Free Rates: Combination Pendle + Curve + boost protocols
✅ Battle-Tested: Years of operation без major exploits
✅ Deep Liquidity: >$100M TVL per protocol, institutional-grade
✅ Fordefi Integration: Нативная поддержка всех 4 protocols в Fordefi

Integration Strategy¶

Phase 1 (Q4 2025): Pendle Finance Foundation

Target: Pendle PT-USDC (Principal Tokens) - Rationale: Risk-free rate через treasury-backed yields, DeFi specialist рекомендация - Expected Yield: 3-8% APY (базовая безрисковая ставка) - Integration Effort: 4-6 weeks (Fordefi нативная поддержка + smart contract integration)

Pendle Strategy:

flowchart TB
    A["User USDC"] --> B["Fordefi Wallet"]
    B --> C["Pendle Protocol"]
    C --> D["PT-USDC<br/>Principal Tokens<br/>fixed rate"]
    C --> E["YT-USDC<br/>Yield Tokens<br/>floating yield"]
    D --> F["Combined: 3-8% APY"]
    E --> F

    style F fill:#90EE90

Technical Implementation:

// Saga Integration → Pendle через Fordefi API
interface PendleRouter {
    mintPrincipalToken(asset: string, amount: number, maturity: Date):
        Promise<{ptAmount: number, ytAmount: number}>;
    redeemPrincipalToken(ptAmount: number):
        Promise<number>;
}

class SagaInvestmentManager {
    private pendleRouter: PendleRouter;

    async depositToPendle(usdcAmount: number): Promise<void> {
        // Fordefi handles signing
        const {pt, yt} = await this.pendleRouter.mintPrincipalToken(
            'USDC', usdcAmount, nextMaturity
        );
        // Track PT/YT for user allocation
    }
}

Phase 2 (Q1-Q2 2026): Curve + Boost Protocols

Goal: Stack yields через Curve stablecoin pools + Convex/StakeDAO boost

Multi-Protocol Strategy (for 5-10% APY tier, $10M TVL):

50% Pendle PT-USDC (3-8% APY, risk-free base) → $5M
30% Curve 3pool + Convex boost (4-9% APY, boosted yield) → $3M
15% Curve 3pool + StakeDAO boost (3-7% APY, alternative boost) → $1.5M
5% Liquidity buffer (Curve base pool, instant withdrawals) → $500K

Blended Expected Yield: 5-8% (allows 5% declared APY + 0-3% management fee margin)

Curve + Convex Architecture:

flowchart TB
    A["USDC"] --> B["Curve 3pool<br/>USDC/USDT/DAI"]
    B --> C["LP tokens"]
    C --> D["Convex Finance<br/>stake для boost"]
    D --> E["Boosted yield 2-5%<br/>+ CRV + CVX rewards"]
    E --> F["Total: 4-9% APY"]

    style F fill:#90EE90

Yield Optimization Automation¶

Daily Rebalancing Strategy (Pendle/Curve Focus):

Monitor Protocol Performance: Query APY data от Pendle, Curve, Convex (via Subgraph)
Calculate Optimal Allocation: Maximize blended yield while achieving 3+ risk-free rates target
Execute Rebalancing (if deviation >5% from optimal):
Withdraw from underperforming protocols (Fordefi API)
Deposit to outperforming protocols
Gas cost consideration: only rebalance if NPV positive (L2s помогают)

Risk-Adjusted Protocol Scoring:

Protocol Score = (Current APY × 0.4) + (Risk-Free Rate × 0.3) + (TVL Security × 0.2) + (Fordefi Integration × 0.1)

Security Factor:
- >$100M TVL: 1.0
- $50-100M TVL: 0.9
- $10-50M TVL: 0.8
- <$10M TVL: 0.5 (avoid)

Emergency Withdrawal Procedures:

Trigger Conditions: Vault TVL drops >50% in 24h, major exploit announced, irregular price movements
Action: Immediate withdrawal to Saga smart contract, hold funds in USDC (0% yield) until resolved
User Communication: Email + dashboard notification, transparency about safety measures

Security & Audit Integrations¶

Smart Contract Audit Partners¶

Primary Auditor: Trail of Bits

Reputation: Industry-leading, audited Uniswap, Compound, MakerDAO
Services: Smart contract audits, security reviews, formal verification
Cost: $50-100K per comprehensive audit (2-3 weeks engagement)
Schedule: Quarterly audits (initial, then after major upgrades)

Secondary Auditor: OpenZeppelin

Reputation: Creators of OpenZeppelin Contracts library
Services: Audits, Defender monitoring, security tooling
Cost: $40-80K per audit
Schedule: Pre-mainnet audit, annual re-audits

Bug Bounty Platform: Immunefi

Coverage: $100K-500K rewards for critical vulnerabilities
Target Hackers: White-hat security researchers
Program Structure:
Critical (funds at risk): $100-500K
High (contract logic flaws): $10-50K
Medium (potential issues): $1-5K

Security Monitoring & Incident Response¶

Tools & Services:

Tool	Purpose	Provider	Cost
OpenZeppelin Defender	Smart contract monitoring, alerts	OpenZeppelin	$1K/month
Tenderly	Transaction simulation, debugging	Tenderly	$500/month
Forta Network	Real-time threat detection	Forta	$0 (decentralized)
Chainalysis	AML/KYC, transaction screening	Chainalysis	$5K/month (institutional)

Incident Response Plan:

Detection: Automated alerts from monitoring tools (unusual transactions, anomalies)
Triage: Security team evaluates severity (5-minute SLA for critical issues)
Containment: Emergency pause smart contracts if funds at risk
Investigation: Forensic analysis, identify exploit vector
Remediation: Deploy fix via UUPS upgrade, restore service
Communication: Transparent post-mortem, user compensation if applicable

Analytics & Data Integrations¶

On-Chain Data Providers¶

The Graph Protocol (Subgraphs)

Purpose: Index on-chain data, query historical transactions, balances
Use Cases: User balance history, transaction analytics, yield calculations
Cost: Self-hosted ($200/month infra) or Hosted Service ($500/month)
Integration: GraphQL API, real-time subscriptions

Dune Analytics

Purpose: SQL-based on-chain analytics, custom dashboards
Use Cases: Platform metrics, TVL tracking, user behavior analysis
Cost: Pro plan $390/month (API access, custom queries)
Integration: API для automated data retrieval, embed dashboards

Nansen (Phase 3: Institutional)

Purpose: On-chain intelligence, whale tracking, institutional insights
Use Cases: Identify high-value users, track competitor movements
Cost: $150/month (Lite) to $2K/month (Alpha)
Integration: API для data enrichment, alerts для whale activity

Business Intelligence Stack¶

Data Warehouse: Google BigQuery

Purpose: Centralized analytics database
Data Sources: Subgraphs, backend DB (PostgreSQL), custody provider APIs
Cost: ~$500/month (depends on query volume)

Visualization: Metabase

Purpose: Self-service BI dashboards для team
Dashboards: TVL growth, user cohorts, revenue metrics, vault performance
Cost: Free (self-hosted) or $85/month (cloud)

Alerting: Datadog

Purpose: Real-time metrics, anomaly detection, SLA monitoring
Alerts: TVL drops, API failures, unusual withdrawals, gas price spikes
Cost: $15/host/month

🤝 Partnership & Integration Roadmap¶

Q4 2025 (Phase 1): Foundation Integrations¶

Completed:

✅ Infrastructure setup (VPS, database, monitoring)
✅ Smart contract deployment (UUPS upgradeable)

In Progress:

🔄 Fordefi custody integration (Weeks 1-6)
Week 1-2: Account setup, MPC wallet configuration, API credentials
Week 3-4: Pendle protocol integration через Fordefi
Week 5-6: Production testing, security review, go-live
🔄 Trail of Bits smart contract audit (Weeks 4-7)
Week 4: Audit kickoff, codebase submission
Week 5-6: Audit execution, preliminary findings
Week 7: Remediation, final report
🔄 Pendle Finance integration (Weeks 2-6)
Week 2-3: Protocol research, PT/YT mechanics
Week 4-5: Smart contract integration, Fordefi testing
Week 6: Production deployment, 3+ risk-free rates live

Blockers:

Fordefi onboarding: Setup and configuration (1-2 weeks)
Audit scheduling: Availability (booked 2-3 months in advance)

Q1-Q2 2026 (Phase 2): Yield Diversification¶

Planned:

Curve Finance integration (base stablecoin pools)
Convex Finance boost protocol (primary boost strategy)
StakeDAO integration (alternative boost protocol)
OpenZeppelin Defender setup (monitoring)
Dune Analytics dashboards (metrics tracking)

Success Criteria:

Pendle + Curve + Convex stack operational (3+ risk-free rates achieved)
Blended yield 5-8% consistently
Zero security incidents
<$100 gas cost per user operation (via L2 optimization)

Q3-Q4 2026 (Phase 3): Scale & Optimization¶