Case Study
Mansa Finance is a DeFi platform focused on improving liquidity for cross-border trade and payments, particularly in emerging markets.
Services
Technical Focus
Intro
Mansa Finance is a DeFi platform focused on improving liquidity for cross-border trade and payments, particularly in emerging markets. The protocol enables businesses to interact with smart contracts for investment, fund management, and withdrawals - across both custodial and non-custodial workflows.
Mansa engaged Hypotenuse Labs at a critical phase: core smart contracts had been delivered by a third-party team, but they required significant revisions to meet updated product goals and security expectations. In parallel, Mansa needed production-grade infrastructure - APIs, deployments, and custody integration - without breaking legacy behavior.
Summary
We brought Mansa to a production-ready state by:
auditing and refactoring third-party contracts while preserving legacy logic,
building a complete backend/API layer for deposits and withdrawals,
integrating Fireblocks for secure custody and approvals,
deploying and validating the stack on testnet with documentation and a rollout plan.
The Challenge
High-risk contract surface area: third-party smart contracts required deep revisions, but could not break existing state and behavior.
Security-critical flows: deposits, withdrawals, and operator permissions needed tight access control and adversarial testing.
Custody + non-custody complexity: the system had to support both self-custody users and high-value custodial transactions through Fireblocks.
Launch readiness: deployments, monitoring assumptions, and developer handoff needed to be clean enough for a production rollout.
Our Solution + Process
1) Contract audit, refactor, and hardening
We started with product discovery and a full contract review to align on business logic and security guarantees. From there we:
established a clean repo and testing workflow,
built Foundry tests to validate core investment and withdrawal paths,
identified and fixed logic flaws (including role enforcement issues and ordering/MEV-sensitive behaviors),
improved access control with clear operator/admin separation,
produced documentation covering contract behavior and interaction flows.
2) Production API + custody workflows
We built a complete API layer to interface with the contracts and support business operations:
implemented authenticated deposit/withdraw endpoints (JWT-based),
built admin workflows for withdrawal approval and execution,
integrated Fireblocks for MPC signing + broadcast, enabling secure custodial transaction flows,
designed the API schema to be extensible for future versions.
We initially prototyped in FastAPI for speed, then ported to Node.js to match the client’s production stack and long-term maintenance preferences.
3) Deployments, validation, and handoff
The final phase focused on end-to-end readiness:
testnet deployments and verification (Arbitrum testnet),
yield calculations and edge-case testing (including stablecoin-specific quirks like USDT/USDC behavior),
CRM mapping and a UI-compatible architecture for operational workflows,
migration and rollout planning for launch.
The Results
Multi-round contract audit completed and deployed to Arbitrum testnet
Extensive unit + integration test suite covering investment logic, time progression, roles, and critical edge cases
Improved access control posture through proper role separation and hardened permissions
~15% gas reduction on core operations through targeted refactors
Production-ready backend delivered, with Fireblocks custody flows integrated and validated (signing + broadcast)
Operational readiness: admin approvals supported via API/UI, endpoints documented, and a rollout strategy provided