sigil

Double-click anywhere. I know everything about Sigil.

or I can help you find anything

Ask about Sigil — or anything in the ecosystem

Enter to askEsc to close

Programmable reservoirs. Not a multisig.

Validator rewards, grant programs, contributor pools, protocol-fee accounts — all the same primitive. A reservoir of MINT, a distribution policy that configures sluice gates, an access policy that gates withdrawals. Five native transactions, atomic distributions, MACA single-block finality.

01 / 05
Dig

Step 1 · CreateTreasury

The reservoir is dug.

A treasury is registered on chain with a controlling DID, an initial distribution policy, and an access policy. The reservoir exists empty — a named, policy-bound account waiting to be filled.

Step 2 · DepositTreasury

MINT flows in. The reservoir fills.

Validators, fee skims, contributor commitments, or external sponsors can deposit MINT into the reservoir. Each deposit is a chain transaction with the signer DID and the exact amount; the balance is queryable through standard RPC.

Step 3 · SetDistributionPolicy

The sluices are configured.

The distribution policy declares the sluices: which beneficiary channels receive what proportion of an opened release, with what caps and cooldowns. Subject to the access policy — typically governance-gated for protocol-level treasuries.

Step 4 · DistributeRevenue

The sluices open. All channels fill atomically.

A single transaction opens every sluice. Each beneficiary channel — validators, grants, treasury, contributors — fills with its policy share inside one MACA-finalised block. If any channel cap is breached, the entire distribution reverts and no MINT moves.

Step 5 · WithdrawTreasury

Drainage is policy-gated.

A controlling DID submits a withdrawal request. The chain checks caps, cooldowns, multisig signatures, and any lineage requirements before any MINT leaves. The reservoir refuses bad withdrawals atomically — no partial drains, no half-applied policy.

Same primitive. Different policies.

One treasury type is enough.

The validator reward treasury and the grant treasury are the same chain primitive. What differs is the access policy and the distribution policy. That uniformity makes integration trivial: wallets show one balance type, indexers track one schema, governance proposals to change a sluice ratio look the same whether they target validator rewards or a grant program.

Identity gates everywhere

GAL-checked recipients. Revocation-first.

A treasury can require its withdrawal signer to resolve through GAL with revocation-first checks. A grant treasury can refuse to pay any DID whose lineage doesn't terminate at a registered HMR. A validator-reward treasury can prefer recipients with low generation distance from a human root. The policy is on chain; enforcement is in consensus.

Programmable money. Provable end to end.

Configure sluices. Gate withdrawals. Distribute atomically. Every deposit, every policy change, every distribution is a chain transaction with cryptographic provenance. Audit is a query, not a request.