Article
5 min read time
Decentralized Finance (DeFi) usage is growing at an explosive rate, increasingly drawing in institutional players. Projections put the market on track to exceed $600B by 2032, implying 50%+ annual growth. As more payment, treasury, trading, lending, and tokenization workflows move onto programmable smart contracts, organizations gain new operating capabilities – but they also inherit new ways for funds and permissions to be misused.
Control gaps are expensive in this environment. In DeFi, smart contracts execute the exact function and inputs provided, even when that is not what the signer intended, so operational mistakes can result in unintended asset movement. In parallel, governance and security failures continue to drive large-scale losses – over $3B in 2025 alone.
Utila addresses these gaps and protects clients by adding enforceable granular controls at the wallet and workflow layer: rules that constrain which contract functions and parameters can be called, and rules that govern the fields inside off-chain signatures. To understand why this matters, it helps to look at where traditional controls fall short when applied to DeFi infrastructure.
Why Traditional Controls Fail in DeFi
Most financial institutions rely on centralized approval layers that can stop an action before it executes. DeFi, on the other hand, does not have that default, centralized checkpoint. Actions take place automatically using two programmable mechanisms: an onchain contract call, or an off-chain signature that a protocol later treats as authorization.
Onchain, a transaction calls a specific contract function with specific inputs. Once included in a block, it executes as written. If the inputs are wrong, or a sensitive function becomes reachable, the outcome can be a privileged change or asset movement that the organization did not intend.
For example, an attacker can call a configuration or initialization function that was assumed to be one-time-only and reset critical settings, or trigger an admin function path that results in funds being transferred out or controls being weakened.
Off-chain, many workflows rely on signed structured messages – approvals, orders, or delegations. The signer may not understand what the message grants, but the protocol will accept a valid signature and act on it.
This can lead to situations where a user signs what looks like a routine request, but the structured fields authorize a harmful approval or permission scope, enabling later token transfers or withdrawals without any further confirmation. It can also lead to replay-style failures, where a signature intended for one context is accepted in another and used to authorize actions the signer never expected in that environment.
Without an added control layer, neither contract calls nor signatures are evaluated against organizational rules before they take effect. In other words, organizational rules only matter if they are enforced before authorization.
The Solution: Programmable Governance
To prevent failures and exploits across both paths, users need a way to verify and enforce what an action actually authorizes before signing or execution. That requires checks on the contract function and inputs for on-chain calls, and checks on the fields inside signed messages for off-chain workflows. Utila has shipped two capabilities that do exactly that.
EVM Function-Level Policy Rule. Utila’s advanced EVM policy engine lets teams control contract interactions at the level where risk actually sits: the specific function being called and the inputs being sent. Teams can restrict which functions are permitted, constrain allowed input values, require approvals for sensitive calls, and automatically block transactions that fall outside policy.
Consider a stablecoin issuer. Instead of approving all contract interactions by default, the issuer can restrict issuance and redemption actions to approved flows, enforce limits through parameter constraints, and require additional approvals for high-impact transactions.
For tokenization and RWA platforms, function-level controls reduce operational risk in production workflows by ensuring only the intended issuance, redemption, or administrative actions can be executed, with the right inputs, under the right conditions.
For treasury and operations teams, policies can add guardrails around sensitive treasury or strategy actions by requiring approvals and blocking transactions that do not match the organization’s rules.
EIP-712 Typed Data Governance. Until recently, organizations could only apply basic controls to off-chain signatures. Utila’s new capability governs the parameters inside EIP-712 typed data messages – the fields that define delegation rights, order details, and structured signing workflows.
Teams can apply rules to typed data the same way they do for contract calls, write CEL conditions to validate message fields, enforce parameter-level controls for supported signing flows, and apply approvals, restrictions, or allow-lists based on business logic.
This matters for any institution that relies on off-chain signatures as part of execution. A trading firm using Hyperliquid can govern parameters inside trading orders and withdrawals. Organizations using Safe Wallet can govern typed data used for modules or actions. Teams using CoWSwap can enforce rules around order parameters.
These controls are designed to reduce common signature-driven failures, including phishing that tricks users into signing harmful approvals and replay-style scenarios where a signature is reused in an unintended context. Together with function-level contract call controls, this gives teams enforceable checks over what is being authorized – both when signing messages and when executing transactions.
Where Enforceable Controls Deliver the Most Value
These capabilities matter in workflows where a single incorrect contract call or signature can create outsized operational and financial risk. Utila’s governance controls put rules directly on what is being authorized – both for on-chain contract calls and for off-chain signed typed data – so contract calls and signatures are checked against predefined rules before they are approved.
These updates are most relevant for teams running the following types of workflows:
Stablecoin payments and issuance operations: Function-level rules and parameter restrictions support limits, approvals, and blocking for high-impact actions such as minting and burning, reducing exposure to unauthorized issuance and threshold breaches.
Tokenization and structured issuance workflows: Fine-grained controls constrain which sensitive functions can run and which inputs are permitted, helping ensure production workflows execute only within predefined rules.
Institutional trading and execution workflows: Typed-data governance validates the fields inside signed orders, withdrawals, and delegations, reducing risk from misunderstood signatures and harmful-but-valid signed messages.
Treasury and privileged operations: Approvals plus automatic blocking reduce reliance on manual review and help prevent misconfiguration before transactions reach the chain.
The advanced governance rules for EVM contract calls are now live for all EVM-compatible networks. EIP-712 typed data governance is available for institutions using Hyperliquid, Safe Wallet, CoWSwap, and other typed-data-based protocols.
Book a demo to see it in action: https://utila.io/demo
Explore more
Subscribe
Subscribe
for Utila news and insights
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control: