Integration proposal · Yield strategies

Three paths to bring Global Cripto into Pods yield.

Global Cripto holds client funds in an omnibus account custodied by Parfin, and wants to allocate into Pods yield strategies. This page maps the flow of funds for each integration model, so profit stays attributable and custody stays with Global Cripto.

Custody · Parfin Account · Omnibus Goal · Pods yield strategies Signer option · Fireblocks
Integration paths

Choose the model that fits Global Cripto’s custody.

All three keep custody with Global Cripto and isolate yield per position. They differ in where the individual wallet lives and whether bytecode is ever signed. Step through the diagram — each step animates one movement of funds or one API interaction.

Option A · Individual balances on Parfin

Transfer-only Deposit address No bytecode signed

Global Cripto maintains an individual sub-account per user inside Parfin. Pods hands back a deposit address for each action; Global Cripto only ever does a plain transfer from the omnibus (or individual) account. Pods monitors the deposit address and delivers the yield token to the individual Parfin account, respecting the “no arbitrary bytecode” constraint entirely.

Global Cripto backend
orchestrates via API
Pods API
returns deposit address
Aave · Polygon
yield strategy
Omnibus @ Parfin
USDC on Base
Deposit address
on Base · monitored by Pods
Individual Parfin acct
per-user sub-account
1
Request the deposit address Global → Pods
The backend calls GET /strategies/:id/bytecode with originChain: Base and the user’s individual Parfin account as destinationAddress. In this model, Pods responds with an equivalent deposit address on Base instead of bytecode — nothing to sign.
2
Fund with a plain transfer Parfin transfer
The user wants to invest 10 USDC: Global Cripto transfers 10 USDC from the omnibus account to the deposit address. A plain transfer — Parfin never signs bytecode.
3
Pods detects & deploys
Pods monitors the deposit address, detects the inbound 10 USDC, bridges it and supplies it into Aave on Polygon.
4
Yield token to the individual account
The destination token (aToken) is delivered to the user’s individual Parfin account. Profit stays attributable per user.

Tracking: Global Cripto uses GET /wallets/<individual-parfin-address> to read balance, profit and historical data per position.

Option B · Fireblocks Smart Wallets

Smart Wallet · Gnosis Safe Vault Owner signer Bytecode execution

For users without (or not wanting) an individual Parfin address. Global Cripto creates one Smart Wallet (a Gnosis Safe) per user, owned by a dedicated Fireblocks vault — the Vault Owner (we call it the Pods Signer) — which acts as the signer for all Smart Wallet transactions. Global Cripto stores the mapping of which user owns which Smart Wallet address. Pods returns transaction data / bytecode to be signed by the Vault Owner in Fireblocks, never by Parfin, so the “no arbitrary bytecode from Parfin” constraint still holds.

Global Cripto backend
stores user ↔ wallet map
Pods API
wallets & bytecode
Vault Owner
dedicated Fireblocks vault · signs for all Smart Wallets
Omnibus @ Parfin
source liquidity
Smart Wallet
Gnosis Safe · 1 per user · owner: Vault Owner
Aave
yield strategy
1
Create the Smart Wallet Global → Pods
The backend calls POST /fireblocks-smart-account with owner (the Vault Owner vault address) and chainId. One dedicated Fireblocks vault owns all Smart Wallets (Gnosis Safes). Pods returns the deployed Safe’s address; Global Cripto stores the relation: which user owns which Smart Wallet address.
2
Fund the Smart Wallet Parfin transfer
The user wants to invest 10 USDC: Global Cripto transfers 10 USDC from the Omnibus wallet to the user’s smartWalletAddress created in step 1.
3a
Request the strategy bytecode Pods → Global
The backend calls GET /strategies/:id/bytecode with action=lend, wallet, amount and output=fireblocks. Pods responds with transactionData — ready to submit directly to the Fireblocks API.
3b
Sign and execute via Fireblocks
The backend submits transactionData.transactionRequest with the Fireblocks SDK — fireblocks.transactions.createTransaction() — signed by the Vault Owner (see the Fireblocks integration docs). The signature represents an investment directly into the yield strategy.
4
Funds settle
The 10 USDC goes directly to Aave, and the Smart Wallet receives the yield position (aUSDC). Each Smart Wallet is an individual address, so balance and profit stay attributable — same tracking model as Option A.

Why a Smart Wallet instead of investing from the vault directly? Fireblocks doesn’t work well with Multicall / gas sponsorship, so each user gets a Smart Wallet (Gnosis Safe) owned by a dedicated Vault Owner — which also provides security segmentation, keeping the Omnibus signer from ever being exposed to potentially malicious bytecode. And since the signer is Fireblocks — not Parfin — Global Cripto never asks Parfin custody to sign arbitrary bytecode, so the constraint is respected.

Option C · Fireblocks sub-accounts + deposit address

Transfer-only Deposit address No bytecode signed

The same deposit-address model as Option A, but the individual account lives in Fireblocks instead of Parfin: one Fireblocks sub-account (segregated vault) per user. Pods hands back a deposit address; the omnibus does a plain transfer to it, and Pods delivers the yield token (aToken) straight into the user’s Fireblocks sub-account. No arbitrary bytecode execution anywhere — it’s just a transfer.

Global Cripto backend
orchestrates via API
Pods API
returns deposit address
Aave
yield strategy
Omnibus @ Parfin
USDC · source liquidity
Deposit address
monitored by Pods
Fireblocks sub-account
segregated vault · 1 per user
1
Request the deposit address Global → Pods
The backend calls GET /strategies/:id/bytecode with the user’s Fireblocks sub-account as destinationAddress. Pods responds with a deposit address — nothing to sign.
2
Fund with a plain transfer Parfin transfer
The user wants to invest 10 USDC: Global Cripto transfers 10 USDC from the omnibus account to the deposit address. Not arbitrary bytecode execution — just a transfer.
3
Pods detects & deploys
Pods monitors the deposit address, detects the inbound 10 USDC, and supplies it into Aave.
4
aToken to the Fireblocks sub-account
Pods delivers the aToken back into the user’s Fireblocks sub-account (segregated vault). One vault per user keeps balance and profit fully attributable — same tracking model as Option A.

No bytecode, no signer setup: like Option A, this is pure transfers — no Vault Owner, no Smart Wallet deployment. The only requirement is one Fireblocks sub-account per user to receive the aToken. Track via GET /wallets/<fireblocks-sub-account-address>.

The essentials

Everything else, in one place.

The context, the two hard constraints, a side-by-side of the paths, and the API surface, condensed so the flows above stay the main story.

Setup & constraints

Source & goal

A single Parfin omnibus account funds everything; the goal is to allocate into Pods yield (e.g. Aave on Polygon from USDC on Base).

The invariant

Yield tokens must land in an individual wallet so each position’s profit stays fully attributable.

No bytecode from Parfin

Parfin custody cannot sign arbitrary bytecode. Anything from the omnibus is a plain transfer to a deposit address, never a contract call.

Individual wallet for yield

The destination token (e.g. aToken) is received into an individual wallet, enabling per-position balance, profit and history.

The options side by side
Dimension
Option A · Parfin balances
Option B · Smart Wallets
Option C · Fireblocks sub-accounts
Individual wallet lives in…
Parfin (per-user sub-account)
On-chain Smart Wallet (Gnosis Safe)
Fireblocks (per-user segregated vault)
Parfin signs bytecode?
Never, transfers only
Never, transfers only
Never, transfers only
Bytecode signed by…
N/A (deposit address model)
Vault Owner (dedicated Fireblocks vault)
N/A (deposit address model)
Pods returns…
Deposit address
transactionData → Smart Wallet
Deposit address
Requires individual Parfin acct?
Yes
No
No
Custody stays with Global Cripto
Yes
Yes
Yes
Best when…
Per-user Parfin accounts exist
No / unwanted individual Parfin addr
Per-user Fireblocks vaults exist · transfer-only preferred
API surface
GET
/strategies/:id/bytecode?action=lend
Query a strategy with wallet, amount + output. Returns a deposit address (Options A & C) or, with output=fireblocks, transactionData ready for the Fireblocks API (Option B).
GET
/strategies/:id/bytecode?action=withdraw
Unwind a position. Returns a deposit address (A & C) or withdrawal transactionData to sign with the Vault Owner via Fireblocks (B).
POST
/fireblocks-smart-account
Deploys a Smart Wallet (Gnosis Safe) with owner (the Vault Owner address) + chainId. Option B only.
GET
/wallets/:smartWalletAddress
Balance, profit and historical data per position — all data needed for user-facing dashboards and reporting.