Build on Canton Network

Unlike public blockchains where every node replicates all data, Canton provides selective visibility: each validator stores only the subset of ledger state relevant to the parties it hosts. Privacy is enforced at the smart-contract level by the Daml language. Transactions are coordinated by the Global Synchronizer, which routes and orders encrypted messages between validators but cannot decrypt them. This enables atomic DvP across multiple applications without revealing business payloads to unrelated parties.

Validators are nodes that store smart-contract logic (Daml) and expose APIs for users. Synchronizers coordinate transactions across validators while preserving privacy. The Global Synchronizer is a decentralized service operated by Super Validators for cross-subnetwork atomic settlement. Subnets progress from LocalNet (sandbox) through DevNet and TestNet to MainNet. Canton Coin is the network utility token used to pay synchronizer fees.

Prerequisites: 8 GB RAM, Docker Desktop, and the cn-quickstart repository. Step 1: Clone the repo and run make install-daml-sdk. Step 2: Run make setup to configure LocalNet with optional OAuth2 and Grafana/Prometheus observability. Step 3: Run make build then make start to launch participant nodes, synchronizer, application provider, wallet UI, and monitoring tools. Step 4: Navigate to local URLs for the App Provider UI, Wallet UI, Account Name Service, and Grafana dashboard at http://localhost:3030.

The Global Synchronizer is operated by supervalidators and enables atomic settlement across subnetworks without revealing business payloads. Splice is an open-source project (Hyperledger Labs) providing the components of the Global Synchronizer, including token standards, validator deployment scripts, and testing frameworks. Explore Splice documentation for running local synchronizers and understanding global synchronization flows.

The cn-quickstart repository provides a complete scaffold. The applications/ directory contains pre-built demos for IOUs, tokenized assets, and multi-party trading workflows. Use the Application Provider UI to create and manage contracts, and the Wallet UI to interact with CIP-56 tokens. After LocalNet, the same application can be promoted to DevNet by following the deployment guide in the official docs portal.

Unlike EVM contracts with global state, Daml expresses state as contracts and events. Visibility of state changes is controlled by signatories and observers — only parties involved or explicitly permitted can see data. Daml eliminates reentrancy and integer overflow by design. Its strong type system prevents unauthorized actions at compile time. Learning path: Daml Philosophy → Daml Fundamentals → Daml Contract Developer → Technical Solution Architect.

CIP-56 defines six standard APIs: holding queries, transfer offers with an offer-accept protocol, transaction history, metadata, approval/allowance, and atomic DvP settlement. The multi-step transfer protocol lets token administrators control who can transfer assets and enables receivers to control who sends to them. Implemented across the ecosystem: Dfns uses it in Wallet-as-a-Service, and CantonSwap executed the first atomic swap.

Typical Canton application stack: (1) Smart-contract modules in Daml define data structures and workflows. (2) Application provider backend handles user auth (OAuth2/OIDC), business rules, and calls the Ledger API and Token Standard API. (3) User interface interacts via backend APIs or wallet SDKs for signing. (4) Participant nodes execute contracts and maintain private ledger state. (5) Global Synchronizer coordinates atomic settlement without seeing business payloads.

LocalNet/Sandbox: runs entirely on your machine using Quickstart for rapid iteration and testing. DevNet: community testing network requiring sponsor approval; allows interoperation with other developers. TestNet: pre-production network for final testing. MainNet: production network, currently invite-only for validators — requires a container environment, fixed egress IP, OIDC authentication, and access request via the Canton Foundation. Running a validator earns Canton Coin rewards.

Enterprise self-custody: BitGo, Blockdaemon, Copper, Dfns, Unit410, Taurus, Fireblocks. Enterprise full-custody (cold): BitGo, Blockdaemon, Hydra X, Zodia. Retail wallets: Bron, Console Wallet, Loop, Republic, Send, Zoro Wallet, Cantor8. Hardware: Cypherock X1. Exchanges: Bybit, Gate, Kraken, KuCoin, MEXC. Use the Wallet SDK to build custom wallets or integrate CIP-56 tokens into existing products.

Validator Ledger API: gRPC/JSON API to create and query contracts on participant nodes. Scan API: live and indexed data on Canton Coin transactions, synchronizer traffic, and network metrics. Validator API: high-level API for CIP-56 transfer offers. CIP-56 Token Standard API: six standard APIs covering holding queries, transfers, metadata, and approvals. JSON API: HTTP interface with WebSocket support. Client libraries: Go SDK, Python bindings, and JavaScript/TypeScript packages @c7/ledger and @c7/react (replacements for deprecated @daml/* packages).

Key make commands: make install-daml-sdk, make setup, make build, make start. Daml Shell enables interactive ledger queries and debugging — inspect the Active Contract Set in real time. Observability stack: Quickstart aggregates metrics, logs, and traces using Tempo, Prometheus, and Loki with Grafana dashboards. Debugging: remote Java agent port, log capture with lnav, and ACS exploration via the Participant Query Store. Quickstart includes guided instructions for all these tools.

The Wallet SDK abstracts the Ledger API complexity required for CIP-56 integration. It supports token balances, full transaction history, allowances/approvals, and delegated transfers where a third party initiates transfers on behalf of a holder. The BYOV option lets institutions run their own validators while using Dfns or other custody providers. The SDK handles the offer-accept protocol required by CIP-56 privacy-preserving transfers.

PQS is an indexer that streams ledger events into PostgreSQL, enabling efficient queries over the Active Contract Set and historical events. Build dashboards, analytics, and reporting without hitting the Ledger API directly. PQS supports SQL queries to fetch active contracts by template, filter by party, and join across contract types. It integrates with the observability stack and works with standard BI tools. The Scan API provides a complementary view of Canton Coin transactions and synchronizer metrics.

Five North offers validator hosting and managed infrastructure. Proof Group provides security-focused validator operations. Noders delivers managed node hosting with SLA guarantees. Noves provides transaction indexing and human-readable transaction history for Canton. Denex Gas Station offers Canton Coin fee management and gas abstraction services. These providers reduce operational overhead so developers can focus on application logic rather than infrastructure.

Eligible work: core R&D (protocol improvements, performance, security audits), developer tooling, reference implementations (reusable modules), DeFi liquidity seeding, and critical infrastructure. Evaluation criteria: impact, protocol alignment, feasibility, cost-effectiveness, security, scalability, and long-term maintenance. Non-Foundation members need a champion from the Tech & Ops Committee. Grants are milestone-based with clear deliverable criteria, submitted via GitHub pull requests.

Learn & Earn phase (Oct 6–24, 2025): interactive quests covering Canton architecture, Daml basics, smart contract development, and advanced logic — earn token rewards and free Daml certification slots. Ideathon (Nov 10 – Dec 5, 2025): teams compete in tracks including lending/borrowing, AMM swaps/DEX, prediction markets, tokenized RWAs, and collateral tools. Mentorship phase: selected teams receive incubation support and technical mentorship from the Canton Foundation and AngelHack.

Step 1: Review existing proposals in the canton-dev-fund repository to understand scope and format. Step 2: Fork the repository and create a proposal document following the template. Step 3: Open a pull request — if you are not a Foundation member, identify a champion from the Tech & Ops Committee and tag them. Step 4: Engage in review comments and iterate on your proposal. Step 5: Approved proposals receive milestone-based Canton Coin funding with clear deliverable criteria.

canton: Source code of the Canton protocol. cn-quickstart: Full scaffold for building Canton applications with pre-built multi-party demos and a complete observability stack. splice (Hyperledger Labs): Open-source components of the Global Synchronizer including token standards and validator deployment scripts. cips: Canton Improvement Proposals — contains CIP-56, CIP-100, and other protocol standards. canton-dev-fund: Repository for submitting grant proposals via GitHub pull requests.

The CIPs repository is where Canton Improvement Proposals are submitted, reviewed, and finalized. Open a PR with a CIP document following the template to propose a new standard. The canton-dev-fund repository tracks grant proposals. The cn-quickstart and canton repositories track bugs and feature requests via GitHub Issues. Following these repositories and engaging in discussion threads is the most effective way to stay current with protocol development.

The applications/ directory in cn-quickstart includes sample projects demonstrating multi-party workflows, CIP-56 token usage, IOU contracts, tokenized asset trading, and Ledger API integration. Fork these to bootstrap your own project. Each repository has a CONTRIBUTING.md explaining how to open issues, submit PRs, and follow coding standards. The CIP repository describes how to propose new protocol standards by submitting a correctly formatted CIP document as a pull request.

The Academy is co-organized with AngelHack. Learn & Earn (Oct 6–24, 2025): interactive quests covering Canton architecture, Daml basics, building a first smart contract, and enhancing contracts with advanced logic — participants earn token rewards and can secure free Daml certification slots. Ideathon (Nov 10 – Dec 5, 2025): teams build prototypes in challenge tracks. Mentorship phase: selected teams receive incubation support and technical mentorship.

Daml Philosophy: multi-party application architecture, distributed ledger design thinking, and workflow modeling. Daml Fundamentals: functional programming in Daml, ledger programming patterns, and automated testing methodology. Daml Contract Developer: advanced authorization models, privacy design, non-functional requirements, and Daml triggers for workflow automation. Technical Solution Architect: designing, advising on, and evaluating full Canton application architectures for enterprise deployments.

The docs portal includes guides for: installing and running Quickstart (LocalNet setup), uploading and querying Daml packages, allocating parties and onboarding external parties, using Java/JavaScript codegen for type-safe client code, writing Daml scripts and running automated tests, debugging with Daml Shell and Grafana, and deploying the Quickstart application to DevNet. The Quickstart README is the recommended starting point for all new developers.

Canton's official blog publishes tutorials on CIP-56, validator onboarding, wallet integration, and hackathon recaps. Digital Asset's YouTube channel features webinars and code walkthroughs for Daml and Canton. Community blogs provide deep technical analysis: Unistory covers sandbox setup and full-stack architecture, CertiK provides independent security analysis, OpenZeppelin researches Daml-specific bug classes and mitigation strategies. Subscribe to the Canton newsletter for new content alerts.

Tradeweb's adoption of Canton for US Treasury repo transactions is a landmark validation of institutional DeFi. The transactions used CIP-56's atomic DvP settlement to simultaneously settle cash and Treasury securities across counterparties, with full privacy so each party sees only its own transactions. This demonstrated that Canton's architecture meets the regulatory and operational requirements of institutional fixed-income markets — a first for on-chain repo.

CantonSwap is a decentralized exchange that uses CIP-56's offer-accept protocol to enable privacy-preserving multi-asset atomic swaps. The first atomic swap between Canton Coin and CBTC validated the CIP-56 standard for DEX functionality. The architecture includes Daml smart-contract modules for tokens and swap logic, a backend service, a trade execution UI, and integration with the Global Synchronizer for atomic settlement across participants.

Typical Canton production architecture: (1) Daml smart contracts define token types and workflow logic. (2) Application provider backend handles user auth (OAuth2/OIDC), applies business rules, and calls the Ledger API. (3) Frontend uses the Wallet SDK for CIP-56 token operations and transaction signing. (4) Participant nodes execute contracts and maintain private ledger state. (5) Global Synchronizer coordinates atomic settlement without accessing business payloads. (6) PQS indexes events to PostgreSQL for analytics and reporting dashboards.

High-potential Canton application areas: Fractional real-estate or RWA tokens with compliance built into CIP-56 metadata. Institutional repo and collateral management platforms with atomic DvP settlement. Decentralized interest rate swaps or yield protocols for regulated counterparties. Cross-chain settlement bridges connecting Canton to other networks via new CIPs. Privacy-preserving credit scoring and lending protocols using selective disclosure. Regulated stablecoin payment systems with built-in auditor access controls.

The Canton Forum is the hub for structured community discussion. Ask technical questions about Daml, smart contracts, and deployment. Participate in governance discussions about protocol improvements and CIP proposals. Find answers to common developer questions in the searchable archive. Connect with the Canton Foundation team and other developers. The forum is moderated and well-organized, making it the recommended first stop before opening GitHub issues.

Discord server: organized by topic channels including general, development, governance, and ecosystem — good for real-time troubleshooting and connecting with other developers. Telegram group: follows announcements and connects the broader community. Social channels: follow Canton on X/Twitter and LinkedIn for official news and protocol updates. Community calls are announced via the blog and offer live Q&A with the Canton Foundation team.

Ways to contribute: Submit CIP proposals by opening a PR to the cips repository with a properly formatted proposal document. Contribute code to cn-quickstart, Splice, or other open-source repos following each CONTRIBUTING.md. Join working groups hosted by the Canton Foundation — announced via the forum and blog. Attend community calls for live discussion of protocol development and governance. Participate in hackathons and ideathons to build, ship, and showcase Canton applications.

Recommended first stop: Canton Forum and Discord for troubleshooting and technical questions. GitHub Issues: submit bugs or feature requests directly on the relevant repository (canton, cn-quickstart, cips). Include logs, reproduction steps, SDK version, Daml version, and environment details. Digital Asset support portal: for production issues and enterprise support requests. Canton Foundation contact: for validator onboarding inquiries and partnership discussions.

Traditional Ethereum threat models do not apply. OpenZeppelin research identifies four key Daml bug classes: Conservation violations (inputs not matching outputs across multiple transfer paths); Arithmetic faults (division by zero or overflow triggered by governance-controlled parameters); Temporal assumptions (reliance on timestamps across synchronizers with time fuzziness); Non-deterministic query ordering (bugs from order-dependent query results in ledger queries). Mitigation: use daml-lint for static analysis, daml-props for property-based testing, and daml-verify for formal verification.

Every Daml action requires explicit authorization from signatories defined in the contract template — the authorization model is auditable and compile-time checked. Observers can read contract state but cannot create or archive contracts. Parties are represented by OAuth tokens from external identity providers (Keycloak, Auth0, or custom OIDC providers). The ledger rejects requests with expired or unauthorized tokens. Contract templates explicitly define signatories, observers, and controller roles.

Canton uses participant-level encryption — transaction content is encrypted end-to-end so that even synchronizer operators cannot read business payloads. A non-repudiation layer ensures participants cannot deny actions and prevents operators from manipulating the transaction log. Because Canton has no public mempool and transactions are private by design, MEV, front-running, and flash-loan attacks are architecturally eliminated — not merely mitigated by tooling. This is a fundamental difference from EVM-based chains.

Best practices: Run validators in dedicated servers or cloud clusters with network access restriction. Use HSMs or threshold signature schemes (FROST, as used by Bitsafe) to distribute trust across institutional attestors and protect validator keys. Configure OIDC authentication and fixed egress IP addresses during onboarding. Monitor logs and metrics via Grafana and apply security patches promptly. Conduct regular security audits. Follow security advisories from the Canton Foundation and Digital Asset.

Building on Canton requires a threat-modeling approach distinct from traditional Web3 security. Key dimensions: (1) Cross-domain data flows — analyze what data crosses synchronizer boundaries and who can observe it. (2) Privacy boundaries — verify that signatories and observers in each contract template enforce the intended disclosure policy. (3) Regulated contexts — consider regulatory requirements for data residency, audit trails, and participant identity verification. (4) Synchronizer trust model — understand that synchronizer operators order but cannot read transactions. Halborn provides dedicated Canton threat-modeling guidance.