Skip to main content
The tentaclepay Move package signs payment payloads through Ika 2PC-MPC dWallets. It exposes pay_and_sign, which collects a USDC payment and routes a message to Ika’s DWalletCoordinator for threshold signing — gated by a verifier attestation. This is the on-chain half of cross-chain payments. Most integrations reach it through the cross-chain SDK rather than calling it directly, but the entry point is public.

Shared objects

A payment references two shared objects, both passed into pay_and_sign:

Protocol

Holds the verifier’s public key (used to authorize each call) and the USDC vault that collects payments.

Signer

Holds the dWallet capability, the pool of single-use presigns, and the sponsored IKA and SUI fee pools — so callers don’t supply protocol fees themselves.
Their addresses are on the Deployments page.

pay_and_sign

A caller pays USDC and asks the dWallet to sign message, authorized by a verifier attestation bound to this exact call. 
public fun pay_and_sign(
    self: &mut Protocol,
    signer: &mut Signer,
    coordinator: &mut DWalletCoordinator,
    payment: Coin<USDC>,
    message: vector<u8>,
    message_centralized_signature: vector<u8>,
    verifier_signature: vector<u8>,
    valid_before: u64,
    clock: &Clock,
    ctx: &mut TxContext,
): ID
What it does, in order:
1

Checks the attestation is live

Asserts clock.timestamp_ms() <= valid_before against Sui’s on-chain Clock.
2

Verifies the verifier signature

Rebuilds the attested digest from the call parameters and checks it against the verifier key with ed25519_verify. See the digest.
3

Collects payment

Joins the whole payment coin into the protocol’s USDC vault.
4

Signs

Pops a presign, approves the message under the dWallet capability, and requests the signature from the coordinator — paying protocol fees from the sponsored pools.
It returns the sign_id and emits a MessageSigned event carrying the sign_id and the amount paid.

Errors

A pay_and_sign call can abort with:
CodeConstantMeaning
0EInvalidVerifierSignatureThe verifier signature didn’t validate against the stored public key.
2EAttestationExpiredvalid_before is at or before the current Clock time.
Provisioning the Signer and Protocol, rotating the verifier key, funding the fee pools, and refilling presigns are operated by Tentacle Pay and aren’t part of the integration surface.

Develop

# build
sui move build

# test
sui move test
The source lives in tentaclepay under sources/tentaclepay.move.
The package is live on Sui testnet. See Deployments for the package and object addresses. Mainnet is on the roadmap.