ARTICLE AD BOX
I’m building a custodial crypto application where users can deposit stablecoins (e.g., USDC/USDT) into unique wallet addresses generated per user.
My current understanding of the architecture is:
Each user is assigned a deposit address (derived from an HD wallet or managed via a custody provider).
When funds arrive, they are detected and credited to the user in an internal database (ledger).
A background “sweeper” process transfers funds from individual deposit addresses into a central treasury wallet.
The treasury wallet may then deploy a portion of funds into external protocols (e.g., lending protocols like Aave) to generate yield.
User balances are tracked entirely in the internal ledger, not directly from on-chain balances.
My questions are:
What are best practices for implementing the sweeping mechanism safely (e.g., avoiding double spends, handling retries, idempotency)?
How do production systems ensure consistency between on-chain balances and the internal ledger?
What is the recommended way to segregate user funds that must remain fully liquid vs funds allocated to yield strategies?
Are there common architectural patterns (or pitfalls) when pooling user funds into a central treasury?
Constraints:
Backend is Node.js
Considering using ethers.js for wallet management
This is a custodial model (users do not control private keys)
I’m not looking for legal or business advice, purely technical architecture and implementation patterns.
Any insights from similar systems or production experience would be appreciated.
