Parthenon Fi's smart contracts are written in Daml (Digital Asset Modeling Language) and deployed on Canton Network. Daml is a purpose-built language for multi-party workflows in regulated environments — providing type safety, explicit authorization models, and privacy by construction.
Why Daml (Not Solidity)
Property
Solidity (Ethereum)
Daml (Canton)
Privacy
All state public
State shared only between parties
Authorization
Caller-based (msg.sender)
Explicit multi-party signoff
MEV
Vulnerable to front-running
No MEV — no global mempool
Formal verification
Partial tooling
Built-in verification support
Regulatory compliance
Bolted on
Native — programmable compliance
Settlement
Sequential transactions
Atomic multi-party settlement
For institutional credit infrastructure, Daml's authorization model is critical. Every state transition requires explicit authorization from all affected parties — ensuring that no single party can unilaterally alter loan terms, collateral status, or LPT ownership.
Contract Templates
Loan Contract
The core contract governing a credit relationship:
Loan template
template Loan
with
borrower : Party
lender : Party
custodian : Party
platform : Party
principal : Decimal
baseAPR : Int -- basis points
tenor : Int -- days
maturityDate: Date
collateral : CollateralRef
ltvThresholds: LTVThresholds
gmslaRef : Text -- hash of governing GMSLA
status : LoanStatus
Key choices (actions) on the Loan contract:
Execute: Requires authorization from borrower, lender, custodian, and platform
MarginCall: Triggered by platform when LTV exceeds threshold. Requires custodian acknowledgment.
Transfer: Transfers the LPT to a new holder. Requires holder authorization and (if transferability = KnownLenders) verification that the transferee is a Known Lender.
Burn: Burns the LPT upon loan repayment or liquidation. Requires platform authorization.
CollateralRef
A reference to the custodian-held collateral:
This structure ensures that every on-chain reference to collateral is backed by a verifiable custodian confirmation.
Authorization Model
Daml's authorization model requires explicit consent from all parties affected by a state transition:
Action
Required Signatories
Loan execution
Borrower + Lender + Custodian + Platform
Margin call
Platform + Custodian
Cure (additional collateral)
Borrower + Custodian
Liquidation
Platform + Custodian
Repayment
Borrower + Custodian
LPT transfer
Current holder + (Platform for KYC verification)
LPT burn
Platform
No single party can unilaterally change the state of a loan or LPT. This is enforced at the language level — not by convention or governance.
Compliance Integration
Compliance checks are embedded in Daml contract logic:
KYC verification: Before any party can sign a Loan or LPT contract, their KYC status is checked against the platform's verified counterparty registry
Sanctions screening: At every counterparty interaction point, the contract checks the party's sanctions status via the Chainalysis/TRM Labs integration
Jurisdictional restrictions: Transfer restrictions prevent LPTs from being transferred to parties in prohibited jurisdictions
Transfer controls: LPT transferability rules are enforced in the Transfer choice — not just by convention
Audit Trail
All contract state transitions are recorded on Canton Network with:
Timestamps
Party authorizations
Previous state references
TICS instruction/confirmation references
This audit trail is accessible to supervisory nodes (for regulators) and to the platform for compliance reporting — without exposing transaction details to non-relevant parties.
template LoanPositionToken
with
holder : Party
loanRef : ContractId Loan
principal : Decimal
baseAPR : Int
tenor : Int
maturityDate : Date
collateralRef : CollateralRef
custodianSig : Text
transferability: Transferability
gmslaRefHash : Text
CollateralRef data type
data CollateralRef = CollateralRef
with
custodianId : Text
reservationId : Text
collateralType : AssetType
amount : Decimal
lockConfirmation: Text
custodianSignature: Text