Matador Docs
Institutional Compliance

Tutorial - Real-World Integration

Deploying a compliant treasury.

Tutorial: Deploying a Compliant Treasury

In this tutorial, we will configure a Safe for an institutional fund that must adhere to strict counterparty regulations.

Goal: Block all transfers to addresses that are on the "Sanctions List" (simulated by a Chainalysis Oracle).

Prerequisites

  • A Safe.
  • Matador CLI.
  • A Mock Sanctions Oracle (address).

Compliance checks at execution time

The sanctions oracle is queried for every transfer, so enforcement stays current.

Step 1: Write the Compliance Policy

compliance.matador:

    import "abis/SanctionsOracle.json" as SanctionsOracle;

    permission SanctionsGuard -> 1.0.0 {
        parameters: {
            oracle: address,
            recipient: address
        }

        when: {
            SanctionsOracle.isSanctioned(account: parameters.recipient) == false,
            calldata.to == parameters.recipient
        }
    }

Step 2: Compile & Deploy

matador compile compliance.matador --out ./out

Step 3: Install on Safe

Enable the Matador module and register the policy.

Step 4: Verification

  1. Test 1 (Clean Address): Send 1 USDC to vitalik.eth.
    • Oracle returns false.
    • Matador allows. Success.
  2. Test 2 (Sanctioned Address): Send 1 USDC to tornado_cash_router.
    • Oracle returns true.
    • Matador reverts. Blocked.

Result

The fund is now effectively "firewalled" against compliance risk at the transaction execution layer.

Recipe - Approvals & Segregation

Enforcing Dual Control for high-value transactions.

Protocol & Intra-Contract Security

Protecting internal invariants. Defense-in-depth for protocol developers.

On this page

Tutorial: Deploying a Compliant TreasuryPrerequisitesStep 1: Write the Compliance PolicyStep 2: Compile & DeployStep 3: Install on SafeStep 4: VerificationResult