Goldie City
Wallet

Wallet & Signing UX (Non-Custodial)

Non-custodial onboarding, MPC, smart wallets, gas sponsorship, and multisig flows.

Institutional adoption is not only about contract safety — it is also about operational safety.

Goldie City is designed to keep assets non-custodial while making signing and approvals feel closer to “Web2 workflows”: clear roles, clear approvals, clear audit trails.

Onboarding: a non-custodial wallet

In many deployments, users receive a non-custodial wallet as part of onboarding. The intent is to remove the “bring your own crypto wallet” hurdle while preserving a non-custodial security posture:

  • The user (or institution) retains control of signing authority.
  • The platform does not take custody of user assets.
  • Transactions are still on-chain, auditable, and enforced by smart contracts.

The exact wallet type and custody posture (EOA, smart wallet, MPC-backed account, multisig) is a deployment choice, but the design goal is consistent: make secure signing simple enough for regulated operations.

Non-custodial by default

Goldie City’s default posture is non-custodial:

  • Token balances are controlled by the holder’s wallet.
  • Issuer governance actions are executed by issuer-controlled governance (typically a multisig).
  • The platform does not require custody of user assets to enforce protocol rules; enforcement happens in contracts (roles, compliance gating, proof freshness, pricing safety rails).

This matters to institutions because it reduces counterparty risk: custody can remain with the institution’s preferred model while protocol enforcement remains transparent.

MPC wallets (institutional signing without single-key risk)

Multi‑party computation (MPC) wallets split signing authority across multiple key shares so that:

  • no single operator holds the full signing key,
  • approvals can be distributed across teams or systems,
  • and key compromise risk is reduced versus a single hot key.

In practice, MPC supports institutional controls like maker/checker flows, separation of duties, and secure recovery processes — while remaining non-custodial (the institution controls the shares and the signing policy).

Smart wallets and policy-based execution

Smart wallets (often implemented via account abstraction patterns) can make transactions safer and more user-friendly:

  • Human-readable execution: show operators exactly what will happen (contract, function, parameters) before approval.
  • Policy controls: spending limits, allowlists of destinations, per-function permissions, or time-windowed permissions.
  • Batching: execute multiple protocol actions atomically (reduces operational steps and error rates).
  • Operational recovery: controlled recovery/rotation patterns can be implemented without changing token contracts.

For institutional clients, the key benefit is that wallet-level policy can match internal governance requirements without pushing complexity into end users.

Gas sponsorship (fee abstraction)

For many users, “pay gas” is the biggest usability cliff. Gas sponsorship (fee abstraction) makes on-chain actions feel like normal application actions:

  • Users approve the action (sign an intent / transaction).
  • A sponsoring service covers gas for allowed operations.
  • Monitoring systems enforce limits and detect abuse.

In institutional contexts, sponsorship is typically paired with explicit policy:

  • which functions can be sponsored,
  • which roles/users are eligible,
  • and what rate/amount limits apply.

The goal is not to hide security — it is to remove unnecessary operational friction while keeping actions auditable.

Multisig governance (for high-impact actions)

For issuer governance, multisig wallets are a common control plane for:

  • upgrades (where enabled),
  • emergency pause/unpause,
  • changing critical parameters,
  • and administering high-privilege roles.

Multisig reduces the risk that a single compromised key can execute a catastrophic action. It also creates a built-in approval workflow that aligns with institutional governance.

Some wallets broadcast immediately, while multisig wallets may produce a “pending approval” state until enough signers have approved.

Why this matters to banks and large issuers

These wallet patterns are valuable because they align protocol operations with institutional requirements:

  • Segregation of duties: separate operators, reviewers, and governance signers.
  • Reduced key risk: MPC/multisig reduce single-key failure modes.
  • Operational safety: clearer approvals and fewer manual steps reduce mistakes.
  • Auditability: approvals and executions are observable on-chain and can be tied to internal controls.