<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: William Flores</title>
    <description>The latest articles on DEV Community by William Flores (@wflores9).</description>
    <link>https://dev.to/wflores9</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3970049%2F84690e21-c725-4298-b03f-94ef1f943fa7.jpeg</url>
      <title>DEV Community: William Flores</title>
      <link>https://dev.to/wflores9</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/wflores9"/>
    <language>en</language>
    <item>
      <title>Institutional Privacy On-Chain Is Three Separate Problems — And Most People Are Conflating Them</title>
      <dc:creator>William Flores</dc:creator>
      <pubDate>Wed, 01 Jul 2026 11:59:33 +0000</pubDate>
      <link>https://dev.to/wflores9/institutional-privacy-on-chain-is-three-separate-problems-and-most-people-are-conflating-them-3bc1</link>
      <guid>https://dev.to/wflores9/institutional-privacy-on-chain-is-three-separate-problems-and-most-people-are-conflating-them-3bc1</guid>
      <description>&lt;p&gt;When institutional builders talk about privacy on public blockchains, they usually mean one of three very different things — and conflating them is how you end up with infrastructure that solves the wrong problem.&lt;/p&gt;

&lt;p&gt;This week Stellar shipped a developer preview of Confidential Tokens: Pedersen commitment-based private balances for any SEP-41 token, with an auditor view key and selective disclosure. Around the same time, XRPL's Permissioned Domains (XLS-80) went live on mainnet, gating participation in restricted venues based on verified credentials. Both are real institutional infrastructure. Neither one is the same thing.&lt;/p&gt;

&lt;p&gt;And neither one answers the question institutions actually ask when they sit down with legal and compliance: &lt;em&gt;what happens when a loan goes bad?&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Here is how I think about the three layers.&lt;/p&gt;




&lt;h2&gt;
  
  
  Layer 1: Access
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Who is allowed to participate?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This is what XRPL's Permissioned Domains solve. A Permissioned Domain is a reusable rule layer on the ledger. It holds a set of credential requirements — issued by authorized issuers, accepted by the account holder — and any protocol feature (a lending vault, a DEX) can check domain membership before letting an account in.&lt;/p&gt;

&lt;p&gt;The domain does not hold assets. It does not do business logic. It is purely an access control check: does this account hold the right credentials to enter this venue?&lt;/p&gt;

&lt;p&gt;For institutional lenders, this is the compliance onboarding layer. Before a borrower can interact with an XLS-66 lending vault, the Permissioned Domain can require that they hold a KYC credential, an accredited investor attestation, or a jurisdiction-specific clearance. The ledger enforces this. No human has to check at runtime.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The privacy property:&lt;/strong&gt; counterparty privacy. An institution can create a restricted lending pool where only credentialed participants can interact. The general public cannot participate, but the ledger still provides public finality for the transactions that do occur.&lt;/p&gt;




&lt;h2&gt;
  
  
  Layer 2: Visibility
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;What can observers see about what is happening?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This is what Stellar's Confidential Tokens solve — and what XRPL does not currently have at the transfer layer.&lt;/p&gt;

&lt;p&gt;Confidential Tokens use a cryptographic commitment scheme (Pedersen commitments verified by a ZK proof system called UltraHonk, implemented by Nethermind) to hide balance and transfer amounts. An observer can see that a transfer occurred between two addresses — sender and recipient remain visible — but cannot see how much moved.&lt;/p&gt;

&lt;p&gt;For institutions managing treasury positions or making large settlements, visible amounts create information leakage problems. A sophisticated observer watching the blockchain can infer trading strategy from transfer sizes. Confidential Tokens cut off that leakage at the transfer layer.&lt;/p&gt;

&lt;p&gt;Stellar's preview includes an auditor view key — a designated compliance auditor can see the amounts and balances for assets inside the confidential wrapper. This is selective disclosure: prove a specific fact to a specific party without exposing everything. The same instinct as Ward's replay receipt, applied at a different layer.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The privacy property:&lt;/strong&gt; economic visibility. What observers can learn about value movement is minimized without removing the public finality that makes the ledger useful.&lt;/p&gt;




&lt;h2&gt;
  
  
  Layer 3: Resolution
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;What happens when the credit event occurs?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Neither of the above layers answers this question. And for institutional lending, it is the question that matters most.&lt;/p&gt;

&lt;p&gt;A loan can be made between credentialed parties (access solved), with amounts hidden from public view (visibility solved), and still default. When it does, someone has to decide: who absorbs the loss, in what order, how much, verifiably? That decision has historically been made by a person — a servicer, a committee, an admin key holder. The person can be pressured. The person can be wrong. The person is an attack surface.&lt;/p&gt;

&lt;p&gt;The resolution layer is the part of the institutional lending stack that removes that person from the moment of default. It reads authoritative on-chain facts — the loan state, the first-loss capital, the policy — applies fixed rules, and returns an answer that any party can independently re-derive against the ledger. No custody. No discretion. No override.&lt;/p&gt;

&lt;p&gt;This is where Ward sits. Not at the access layer (that is Permissioned Domains). Not at the visibility layer (that is confidential transfer schemes). At the resolution layer: what happens deterministically, verifiably, and non-custodially when the loan defaults.&lt;/p&gt;




&lt;h2&gt;
  
  
  Why institutions need all three
&lt;/h2&gt;

&lt;p&gt;The instinct to reach for "privacy" as a single concept is understandable — institutional participants are accustomed to private markets where everything is confidential by default. But on-chain systems require you to be precise about which properties you actually need and at which layer you need them.&lt;/p&gt;

&lt;p&gt;Consider a concrete scenario: an institutional lender deploys capital into a permissioned XLS-66 vault. The vault only admits credentialed borrowers (Layer 1 — access). The loan amounts are not visible to external observers (Layer 2 — visibility). After 90 days, the borrower defaults.&lt;/p&gt;

&lt;p&gt;Now what?&lt;/p&gt;

&lt;p&gt;The access layer cannot help — it was only relevant at entry. The visibility layer cannot help — hiding the default amount from observers does not resolve who takes the loss. What the institution needs is a third layer: a deterministic system that reads the on-chain facts, applies the waterfall, computes the depositor loss after first-loss capital absorbs its share, and produces a result that is verifiable, re-derivable, and identical regardless of who runs it.&lt;/p&gt;

&lt;p&gt;Without that third layer, you have a "private" lending protocol that still handles defaults by committee. The privacy work gets undone the moment the credit event creates a dispute.&lt;/p&gt;




&lt;h2&gt;
  
  
  The one-line framing
&lt;/h2&gt;

&lt;p&gt;After thinking through the stack, here is the cleanest way I have found to say it:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Privacy answers who can see and who can enter. Resolution answers what happens when the loan defaults.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;They are not the same problem. They require different tools. And institutions need both.&lt;/p&gt;




&lt;h2&gt;
  
  
  What we are building
&lt;/h2&gt;

&lt;p&gt;At &lt;a href="https://wardprotocol.org" rel="noopener noreferrer"&gt;Ward Protocol&lt;/a&gt;, we are building the resolution layer for XLS-66 lending vaults on the XRP Ledger. Ward reads on-chain facts, applies fixed rules, and returns unsigned resolution outputs that institutions sign — never holding keys, never exercising discretion.&lt;/p&gt;

&lt;p&gt;The core invariant is &lt;code&gt;ward_signed = False&lt;/code&gt;. That constraint is formally verified and independently re-checkable. The safety proofs are public:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Install z3&lt;/span&gt;
pip &lt;span class="nb"&gt;install &lt;/span&gt;z3-solver

&lt;span class="c"&gt;# Re-check the conservation invariant yourself&lt;/span&gt;
python ward_loss_conservation.py
&lt;span class="c"&gt;# Returns: PROVEN (obligation UNSAT) — every unit owed accounted for exactly once&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The validator is aligned to the finalized XLS-66 object model and running on Devnet. The source code is open: &lt;a href="https://github.com/wflores9/Ward-Protocol-OS" rel="noopener noreferrer"&gt;github.com/wflores9/Ward-Protocol-OS&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;We are in the XRPL Make Waves hackathon and building toward the same XLS-66 mainnet activation the rest of the ecosystem is waiting for.&lt;/p&gt;

&lt;p&gt;If you are building on XLS-65/66 and thinking about the default resolution question, I would like to talk — reach out on X &lt;a href="https://x.com/wardprotocol" rel="noopener noreferrer"&gt;@wardprotocol&lt;/a&gt;.&lt;/p&gt;




</description>
      <category>xrpl</category>
      <category>defi</category>
      <category>blockchain</category>
      <category>institutional</category>
    </item>
    <item>
      <title>When an On-Chain Loan Defaults: The Mechanics, and the Options for Resolving It</title>
      <dc:creator>William Flores</dc:creator>
      <pubDate>Fri, 26 Jun 2026 04:02:48 +0000</pubDate>
      <link>https://dev.to/wflores9/when-an-on-chain-loan-defaults-the-mechanics-and-the-options-for-resolving-it-o4h</link>
      <guid>https://dev.to/wflores9/when-an-on-chain-loan-defaults-the-mechanics-and-the-options-for-resolving-it-o4h</guid>
      <description>&lt;p&gt;On-chain lending is arriving on the XRP Ledger in earnest. XLS-65 (Single Asset Vault) and XLS-66 (Lending Protocol) bring native lending and borrowing into the protocol, and they shipped through one of the most rigorous review processes in XRPL's history.&lt;/p&gt;

&lt;p&gt;Most of the conversation so far has been about the happy path: how vaults aggregate capital, how loans get originated, how interest accrues. That's the easy 95%. This post is about the other 5% — the part that's actually hard, and that determines whether the whole system is trustworthy: &lt;strong&gt;what happens when a loan defaults.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I want to do two things here, as concretely as I can: walk through how default actually works mechanically in this kind of system, where it goes wrong, and then lay out the real options for resolving it — with honest tradeoffs, not a single answer.&lt;/p&gt;

&lt;h2&gt;
  
  
  Part 1: How a default actually happens
&lt;/h2&gt;

&lt;p&gt;A loan in this model isn't a single object doing everything. There are a few moving pieces:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A &lt;strong&gt;Vault&lt;/strong&gt; (XLS-65) holds pooled assets from depositors. Depositors get shares; the vault tracks total assets and any unrealized loss.&lt;/li&gt;
&lt;li&gt;A &lt;strong&gt;Loan Broker&lt;/strong&gt; sits between the vault and borrowers. It originates loans against the vault's capital and, importantly, can post &lt;strong&gt;First-Loss Capital&lt;/strong&gt; — a cushion that absorbs initial losses so depositors aren't the first to take the hit.&lt;/li&gt;
&lt;li&gt;A &lt;strong&gt;Loan&lt;/strong&gt; is the agreement itself: principal, interest rate, payment schedule, the parties.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Default isn't a flag that magically appears. In the XLS-66 model, when a borrower fails to meet their obligations, the loan can be moved into a defaulted state through a management action by the broker (a &lt;code&gt;LoanManage&lt;/code&gt;-type transaction), typically after a grace period. That's an important design point: &lt;strong&gt;default is an explicit, observable on-chain event with an actor and a transaction behind it&lt;/strong&gt; — not an ambient condition.&lt;/p&gt;

&lt;p&gt;So far, so clean. The mechanics are well-defined. The hard part isn't detecting that a default happened. The hard part is everything that comes &lt;em&gt;after&lt;/em&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Part 2: Where it actually goes bad
&lt;/h2&gt;

&lt;p&gt;Default detection is the easy part. Loss &lt;em&gt;allocation&lt;/em&gt; is where the complexity — and the risk — lives. Several things have to be answered, and each is a place where systems break.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. How much was actually lost?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This sounds trivial and isn't. The loss isn't just "the loan amount." It's the outstanding principal and interest, &lt;em&gt;minus&lt;/em&gt; whatever First-Loss Capital absorbs, &lt;em&gt;minus&lt;/em&gt; any recovery. Get the order of operations wrong — for instance, paying out on the gross loan instead of the net loss after first-loss capital — and you over-distribute, draining the vault beyond the real loss. This is a correctness bug that looks fine in the happy path and only bites on default.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Who absorbs it, and in what order?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;First-loss capital, then equity tranches, then senior depositors — the waterfall. In TradFi securitizations this is spelled out in hundreds of pages of legal documents and executed by a servicer. On-chain, it has to be encoded &lt;em&gt;somewhere&lt;/em&gt;, and the question is where, and who can change it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Who computes and executes the resolution?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This is the real fork in the road, and it's where the design choices diverge sharply. Someone — or something — has to look at the facts, compute the outcome, and move the funds. &lt;em&gt;That&lt;/em&gt; decision is the rest of this post.&lt;/p&gt;

&lt;p&gt;The failure modes cluster around #3. The XRPL lending protocol's own security process surfaced exactly these kinds of issues during testing — an inverted invariant that could have let phantom collateral go undetected, rounding errors, and specification-vs-implementation discrepancies. Those are the bugs that live in the resolution path, not the origination path. Default is where subtle errors become expensive.&lt;/p&gt;

&lt;h2&gt;
  
  
  Part 3: The options for resolving it
&lt;/h2&gt;

&lt;p&gt;Here are the real approaches, with what each is good and bad at. None is strictly correct — they trade off differently depending on who's lending, to whom, and under what trust assumptions.&lt;/p&gt;

&lt;h3&gt;
  
  
  Option A: Off-chain servicer / workout process
&lt;/h3&gt;

&lt;p&gt;A human or institution decides the outcome, the way TradFi does today.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Good:&lt;/strong&gt; handles ambiguity and edge cases human judgment is suited to; legally familiar; flexible.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bad:&lt;/strong&gt; slow; opaque; discretionary. The affected parties have to &lt;em&gt;trust&lt;/em&gt; the servicer's decision, often without being able to independently verify it. It's also a single point of pressure — a servicer can be lobbied, captured, or simply wrong. And it doesn't match the settlement speed of the rails the asset now lives on.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Option B: Admin / multisig discretion
&lt;/h3&gt;

&lt;p&gt;A privileged key or a multisig of insiders executes resolution.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Good:&lt;/strong&gt; fast to build; flexible; can correct mistakes.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bad:&lt;/strong&gt; the privileged key &lt;em&gt;is&lt;/em&gt; the attack surface. If it's compromised, it can release or freeze funds outside any rule. Even when honest, it asks every other participant to trust that the insiders won't act against them. This is the pattern behind a large share of DeFi loss events — the trusted party was the failure.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Option C: Pure smart-contract automation
&lt;/h3&gt;

&lt;p&gt;The resolution logic is encoded in a contract that holds the funds and executes automatically.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Good:&lt;/strong&gt; deterministic; no human in the loop; fast.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bad:&lt;/strong&gt; the contract now holds value, which makes &lt;em&gt;it&lt;/em&gt; the honeypot. Bugs are exploitable for real money (see: most of DeFi's exploit history). Upgradeability reintroduces an admin key — and the discretion problem with it. And encoding a full loss waterfall correctly in-contract is genuinely hard, as the testing findings above suggest.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Option D: Native protocol primitives (first-loss capital)
&lt;/h3&gt;

&lt;p&gt;The protocol itself absorbs some loss via built-in mechanisms like First-Loss Capital.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Good:&lt;/strong&gt; built-in, battle-tested as part of the amendment, no extra trust assumption.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bad:&lt;/strong&gt; it's a &lt;em&gt;cushion&lt;/em&gt;, not a full resolution. It absorbs initial loss to protect depositors, but it doesn't by itself answer multi-party waterfalls, disputes, or produce an auditable record of &lt;em&gt;why&lt;/em&gt; a given party received what they did. It's necessary, not sufficient, for complex structures.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Option E: A deterministic, non-custodial resolution layer
&lt;/h3&gt;

&lt;p&gt;A separate layer reads ledger state, computes the outcome by fixed rule, and returns an unsigned result the rightful party signs — holding no funds or keys itself.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Good:&lt;/strong&gt; deterministic (same facts, same outcome); re-derivable by any third party (you can &lt;em&gt;check&lt;/em&gt; it rather than trust it); non-custodial, so there's no honeypot and no admin key to steal or override. Errors are detectable because the result can be replayed against the ledger.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bad:&lt;/strong&gt; it's a newer pattern with less production history; it depends on the relevant facts being fully on-chain and verifiable (if a key input lives off-chain or is asserted rather than derived, the guarantee is only as good as that input); and for simple single-lender vaults it may be more machinery than the situation needs.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  So which is right?
&lt;/h2&gt;

&lt;p&gt;Honestly: it depends, and most real deployments will combine several. Native first-loss capital (D) is almost certainly part of any serious design. Simple vaults may be fine with protocol primitives plus minimal automation. Complex, multi-party, institutional structures — where auditability and non-discretion are requirements, not nice-to-haves — are where the deterministic, verifiable approaches (E) earn their complexity. And there will be cases where genuine ambiguity means a human (A) or an arbiter still belongs in the loop, ideally bounded by rules rather than given open discretion.&lt;/p&gt;

&lt;p&gt;The honest open questions, for me, are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;How much of real-world loss allocation can actually be made deterministic, versus how much genuinely requires judgment?&lt;/li&gt;
&lt;li&gt;When an input to resolution isn't natively on-chain, what's the right way to bind it so the resolution stays verifiable?&lt;/li&gt;
&lt;li&gt;How do you handle disputes without reintroducing exactly the discretionary trust you were trying to remove?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I'm building one of the approaches above — a deterministic, non-custodial resolution layer (Ward) — so I have a horse in this race, and I'll be transparent that it's early and still being aligned to the finalized XLS-66 model. But I'm genuinely more interested, right now, in the &lt;em&gt;shape of the problem&lt;/em&gt; than in selling a single answer to it. The resolution layer of on-chain lending is underexplored relative to how much it matters, and I'd rather see it figured out well than figured out fast.&lt;/p&gt;

&lt;p&gt;If you're working on any part of this — origination, vaults, risk, resolution, or the messy default path specifically — I'd like to compare notes.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;If you spot something wrong in the mechanics above, tell me — I'd rather be corrected than confident.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>xrpl</category>
      <category>defi</category>
      <category>blockchain</category>
      <category>lending</category>
    </item>
  </channel>
</rss>
