How We Engineered Doma: Registrar-First, Production-Ready, & Battle-Tested

Doma Engineering

Doma Engineering

3 min read
How We Engineered Doma: Registrar-First, Production-Ready, & Battle-Tested

In part 1 of our DomainFi Manifesto, we laid out our core belief - domains can be transformed from static digital assets into programmable ones by bridging Web2 trust with Web3 utility.

However, turning that belief into reality meant more than building a bunch of smart contracts or token standards. It meant designing a protocol as a shared infrastructure layer that worked for registrars while meeting the demands of modern digital ownership.

Retrofitting the Internet - The Real Challenge

Retrofitting the Internet for the next era of ownership is no small lift. To do this right, we knew we needed Doma to be more than just a working MVP. We needed a production-grade protocol that reflects the real-world needs of registrars and withstands the rigor of Web3.

That’s why the Doma protocol isn’t just functional, it’s comprehensive.

For months, our team has worked closely with registrar partners to refine the system, including how tokenized domains should behave across different chains, and how DNS compliance requirements, such as WHOIS data and ICANN policies, can be respected even in a decentralized world. We didn’t chase complexity; we pursued robustness, clarity, and precision.

Then we went a step further.

Security is a Standard, Not a Checkbox

Given the critical role domains play as real-world assets, we knew safety couldn’t be a second thought. Before opening Doma to the world, we subjected it to multiple rounds of internal security review.

Then we brought in Zellic.

Zellic isn’t a typical smart contract auditing shop. They’ve worked with Solana Foundation, LayerZero, and StarkWare protocols. Backed by Sequoia and powered by a world-class CTF team, Zellic brings research-grade security and real-world adversarial thinking to every engagement.

What makes them exceptional, and why we chose them, is their ability to go beyond static analysis. They examined our protocol design, business logic, and cross-chain guarantees. They challenged our assumptions, validated our architecture, and uncovered insights that strengthened the system.

This isn’t an audit for a niche feature. This is a protocol that underpins a new model of identity, commerce, and ownership. A failure here could mean duplicate NFTs, broken registrar trust, or user assets being orphaned. We didn’t leave that risk unaddressed.

Why We Took This Route

If you're building on Doma, you're helping create the future of the internet’s naming layer, where domains are programmable assets that move fluidly across chains. That future demands a security model that’s as modern as the stack you're building on.

Plus, here is the plain truth - security in crypto is hard. 

Smart contracts are immutable. Cross-chain bridges introduce timing attacks and replay risks. Web2 integrations with registrar APIs create additional layers of complexity. With Doma, we had to secure:

  • Smart contracts across EVM and Solana
  • Our custom GMP (General Message Passing) relay
  • Registrar key systems
  • Onchain record contracts enforcing domain uniqueness

On top of that, via Zelic's audit, we also covered:

  • Cross-chain logic and token invariants
  • Web2 backend components and registrar API integration
  • Role-based permissions and compliance hooks

They flagged critical risks and surfaced design improvements, from mint/burn flows to future-proofing for synthetic tokens and Expression of Interest (EOI) domains.

What Does This Mean for Developers?

If you're a developer building on Doma today, this matters to you in two ways:

  1. You're building on something battle-tested. The core contracts, bridging logic, and registrar flow have all been deeply reviewed for safety, reliability, and edge cases.
  2. You can move faster with confidence. Instead of worrying whether core infrastructure will hold up, you can focus on your product, wallets, registrars, marketplaces, analytics, knowing the foundation is solid.

We’re so excited to accelerate innovation on Doma that we launched Doma Forge, a program designed to support developers and builders with resources including a $1M USDC grant pool. 

From Vision to Validation: How We Got It Right

“It’s rare to see a project that speaks equally well to both the needs of Web2 and Web3. And the DOMA protocol is exactly that. It’s not trying to replace the current system—rather, it enhances it, making domains more dynamic, more liquid, and more valuable.” - Elias Rendón Benger, CEO of InterNetX

We agree. And we didn’t take shortcuts.

That’s why we built this with care. We finetuned it with feedback from registrars. We hardened it with internal reviews. We validated it with one of the world's top security teams.

Because our goal isn’t just to put domains onchain, it’s to do it right.

So if you're building the future of identity, asset ownership, or Web3 infrastructure, know this - You're building on a protocol designed for security, compliance, and production-scale reliability from Day 1.

What’s next: Try it on Testnet

You can start building on Doma’s Testnet today. Here’s what you can do:

  1. Tokenize domains using the Doma Dashboard or API
  2. Bridge across chains using audited relay logic
  3. Integrate registrar flows securely via our SDK
  4. Experiment safely on infrastructure that’s been deeply reviewed

We can’t wait to see what you build on Doma and hear your feedback.

Read more