Skip to main content
GRAIL is gold infrastructure designed for distribution partners — exchanges, neobanks, fintechs, and Web3 platforms — who want to offer on-chain gold ownership without building the stack themselves.

How It Works

  1. You integrate via REST APIs
  2. Your users buy, hold, and sell gold through your platform
  3. GRAIL handles custody, settlement, compliance checks, and on-chain operations
The program is open-source. Audit the code for security and compliance before going live.

Two Models, One API

Custodial Model

For partners who want to manage user assets on their behalf. Ideal when your users don’t interact directly with blockchain.
  • You deposit USDC into a central vault (a Program Derived Address controlled by the GRAIL program)
  • Users get compressed accounts that track their gold balances
  • All purchases and withdrawals flow through your platform
  • Users never need a Web3 wallet
Use cases: Banking apps, investment platforms, gold savings products

Self-Custody Model

For partners whose users already have Web3 wallets and want direct control of their assets.
  • Users hold gold tokens directly in their wallets
  • You handle KYC and link user identities to wallet addresses
  • Transactions are signed by users, facilitated by your platform
  • Gold tokens are portable and DeFi-compatible
Use cases: Crypto exchanges, DeFi platforms, Web3 consumer apps

Access Model

GRAIL is whitelist-only. Only KYC-verified distribution partners approved by Oro can integrate. This ensures:
  • Regulatory compliance across the network
  • Quality control for end-user experience
  • Proper KYC/AML procedures at the partner level
Your partner type (Custodial or Self-Custody) is defined at setup and determines your operational model.

Technical Foundation

Compressed Accounts User data and balances are stored in compressed accounts, reducing on-chain storage costs by approximately 1000x compared to standard accounts. Program Derived Addresses (PDAs) Central vaults and user accounts are PDAs controlled by the GRAIL program, ensuring assets are secure and operations are transparent. Authority Separation Different keys control different operations (executive, withdrawal, update), reducing single-point-of-failure risk.