Appearance
Competitive Landscape
Strategic analysis of the competitive field for on-chain recurring billing: why the design space is wide open, how every competitor approaches the problem, and what makes VelaPay fundamentally different.
The Design Space Is Wide Open
The most important fact about the competitive landscape: there are no direct competitors to VelaPay. There are adjacent players who touch payments but don't solve billing, and there are failed hackathon projects that tried and didn't ship. Nobody is building what VelaPay is building.
The numbers confirm this:
| Metric | Value |
|---|---|
| Colosseum projects analyzed | 1,997 (37% corpus coverage across 4 hackathons) |
| Recurring billing attempts | 10+ |
| Prizes won by billing projects | 0 |
| Accelerator spots for billing projects | 0 |
| Projects using TransferHook for billing | 0 (except VelaPay) |
| Projects combining Arcium + TransferHook | 0 (except VelaPay) |
| Subscription billing companies in C1–C4 accelerators | 0 |
The category has never been won because no one shipped a genuine on-chain billing primitive. The attempts were allowance wrappers, vault escrow systems, and concept submissions.
Direct Competitors: Subscription Billing on Solana
These are projects that explicitly attempted subscription, recurring billing, or mandate-based payments on Solana. Data sourced from Colosseum hackathon submissions (5,400+ projects across Renaissance, Radar, Breakout, and Cypherpunk) and GitHub code review.
The Allowance Wrapper Registry
| Project | Hackathon | Team | Approach | TransferHook? | Arcium? | Result | Why It Failed |
|---|---|---|---|---|---|---|---|
| Aeon Protocol | Radar (Sep 2024) | 6 | Vault escrow: users deposit into Aeon-controlled vault PDA, program debits on schedule | ❌ | ❌ | No prize, 0 updates | Users must lock funds upfront (bad UX, low capital efficiency). SPL Token, not Token-2022. Anyone-can-trigger charge (not mandate-scoped). No privacy, no SDK, no dashboard. |
| Tributary | Radar (Sep 2024) | 3 | Non-custodial subscriptions | ❌ | ❌ | No prize, 0 updates | Minimal on-chain component. No enforcement mechanism beyond program instruction. |
| Debyth | Breakout (Apr 2025) | 2 | Recurring stablecoin infra | ❌ | ❌ | No prize, 0 updates | Incomplete submission. No working demo. |
| BlockSub | Breakout (Apr 2025) | 4 | Subscription SDK | ❌ | ❌ | No prize, 0 updates | "Subscription management" framing — positioned as SaaS dashboard, not protocol. Incomplete. |
| Pistis Pay | Cypherpunk (Sep 2025) | 2 | Stablecoin billing for SaaS | ❌ | ❌ | No prize | Fork of Next.js SaaS Starter template with Stripe integration. No Solana program at all. |
| DMANDATE | Cypherpunk (Sep 2025) | 1 | Mandate-based recurring SPL payments with backend processor | ❌ | ❌ | No prize, 0 updates | Uses mandate terminology but enforcement is branding, not architecture. Backend processor monitors and executes payments — same allowance-wrapper pattern. |
| MISK.FI | Cypherpunk (Sep 2025) | 1 | Stablecoin infra with mandate subscriptions, hosted checkout, escrow | ❌ | ❌ | No prize, 0 updates | Scope is ambitious (checkout + subscriptions + netting + escrow + receipts) with no demo link. Tech stack listed as "solana" only. Concept submission. |
| DePlan | Renaissance (Mar 2024) | 4 | Pay-as-you-go protocol replacing subscriptions | ❌ | ❌ | 5th Consumer Apps ($5k) | Closest to a real product — mobile app, web SDK, statistics dashboard. But no spending caps, no privacy, no transfer hooks. Won in a different category. |
| LinkWave | Cypherpunk (Sep 2025) | 2 | Subscription management | ❌ | ❌ | No prize, 0 updates | Subscription management SaaS framing. Incomplete. |
| Sola | Cypherpunk (Sep 2025) | 3 | Subscription billing | ❌ | ❌ | No prize, 0 updates | Incomplete. No working demo. |
What they all have in common
All five shipping projects (Aeon, DMANDATE, Bundl, Subly, DePlan) share the same fundamental architecture:
User delegates token allowance → Relayer or merchant pulls on schedule →
Application logic is supposed to enforce the agreementThe critical gap: if the relayer misbehaves, the blockchain doesn't stop it. The enforcement is in application code, not in the protocol. A compromised relayer, a buggy backend, or a malicious merchant can pull more than authorized, and the subscriber's recourse is a dispute — not prevention.
This is the allowance-wrapper pattern. Every subscription billing attempt on Solana has been an allowance wrapper. None achieve protocol-level enforcement.
The Closest Technical Competitor: Subly
Subly deserves detailed analysis because it's the only project that combines Arcium with a subscription concept.
Subly — "Subscribe Now, Pay Never" | Cypherpunk (Sep 2025) | 1 person | 4 updates
- What they built: A yield-funded consumer app. Users stake USDC into Subly's vault, yield accrues via Perena, and Subly pays Netflix/Spotify/Disney+ through PayPal on the user's behalf.
- Arcium usage: They encrypt subscription metadata (which service, price). But the core privacy feature — the budget check — is hardcoded to
true:rust// TEMPORARY FIX: Always return true until we resolve the budget comparison issue let within_budget = true; - Payment execution: Goes through PayPal off-chain. The on-chain part is just staking and bookkeeping.
- Token standard: SPL Token, no Token-2022, no transfer hooks.
- 0 GitHub stars, last push Dec 2025.
Subly shares surface-level keywords with VelaPay (privacy, Arcium, subscriptions) but solves a fundamentally different problem for different users. Subly protects the consumer's payment history. VelaPay protects the merchant's competitive intelligence.
Adjacent Players
These are projects in the broader payment space that touch billing tangentially but don't solve recurring payments.
MCPay — 1st Place Stablecoins, Cypherpunk ($25k + Accelerator C4)
What it is: Open-source infrastructure that adds on-chain payments to any MCP server using x402 "Payment Required" protocol. MCP clients (ChatGPT, Cursor) make pay-per-call requests.
How it relates to VelaPay:
| Dimension | MCPay | VelaPay |
|---|---|---|
| Payment model | Pay-per-call (one-shot) | Recurring/metered/budgeted (ongoing relationship) |
| Enforcement | HTTP 402 header negotiation (application layer) | Transfer hooks (protocol layer) |
| Spending caps | None — agent pays whatever is asked | Mandate-enforced daily limits and lifetime caps |
| Billing models | One (per-request) | Four (recurring, streaming, usage, agent budgets) |
The complementarity angle: MCPay and VelaPay are complementary, not competitive. MCPay handles one-time API payments. VelaPay handles ongoing billing relationships. Vela's x402 adapter translates HTTP 402 responses into mandate creation — any service using MCPay's standard can upgrade to mandate-enforced billing.
An MCPay user who needs standing authorization naturally becomes a VelaPay user. The x402 adapter makes this a smooth upgrade path, not a migration.
Latinum — 1st Place AI, Breakout ($20k)
What it is: Payment middleware with MCP-compatible wallet. Agents autonomously manage budgets and pay for MCP services. Nuxt-based facilitator server + Python MCP server.
The Latinum distinction — wallet-side vs protocol-side enforcement:
This is the critical architectural difference. Latinum is wallet-side: the agent holds a wallet with a self-managed balance, and budget discipline depends on the agent's own logic running on a Nuxt server. VelaPay is protocol-side: the spending ceiling lives in a mandate PDA and is enforced by the Token-2022 program on every transfer, regardless of agent behavior.
| Latinum | VelaPay | |
|---|---|---|
| Budget location | Nuxt server (application code) | Mandate PDA (on-chain) |
| Enforcement | Server checks before signing | Transfer hook validates on every transfer |
| Compromise impact | Server compromised = budget limits gone | Agent compromised = mandate still enforces cap |
| Trust model | Trust the agent and the server | Trust the protocol |
A compromised or misbehaving agent cannot exceed its Vela mandate. A Latinum budget can be drained by any agent with wallet access. When pitching agent budget mandates, lead with this distinction — judges and investors familiar with Latinum will ask.
Decal — 2nd Place Stablecoins, Breakout ($20k + Accelerator C3)
What it is: POS + loyalty system using Token Extensions for retail merchants. Targets traditional businesses for crypto POS adoption.
Relation: Decal uses Token Extensions for loyalty (Non-Transferable tokens for rewards). VelaPay uses Token Extensions for billing (Transfer Hooks for mandate enforcement, Transfer Fee for revenue, Metadata Pointer for plan terms). Same toolkit, completely different application.
Sphere / Helio / Superfluid
- Sphere — Custom payment UIs on Solana. No subscription billing, no recurring payment management, no privacy, no transfer hooks.
- Helio — Payment links and checkout on Solana. No subscription analytics, no recurring billing, no mandate enforcement, no privacy. One-time payment links only.
- Superfluid — Streaming payments on EVM chains. EVM-only, no Solana presence. Streaming only — no recurring pulls, no mandates, no spending caps, no privacy.
The Token-2022 Adoption Constraint
This is the honest constraint that shapes the competitive strategy.
VelaPay requires billing tokens to be Token-2022 mints. Standard USDC — the largest stablecoin by volume — is an SPL token, not Token-2022. This limits the addressable market to Token-2022 stablecoins.
Why this matters
For Vela's mandate enforcement to work, the token being billed must itself be a Token-2022 mint. The transfer hook fires on transfers of Token-2022 tokens — it cannot gate transfers of SPL USDC without a Token-2022 variant.
The strategy
Target Token-2022 stablecoins rather than assuming USDC compatibility:
| Token | Standard | Why It Matters |
|---|---|---|
| PYUSD (PayPal) | Token-2022 | PayPal's stablecoin uses Token-2022. Major issuer choosing the new standard. |
| USDY (Ondo) | Token-2022 | Yield-bearing stablecoin. New issuer choosing Token-2022. |
| New issuers | Token-2022 (default) | Every major new stablecoin launch in 2025-2026 has considered Token-2022 for its extension support. |
| USDC (Circle) | SPL (original) | Largest stablecoin by volume. Cannot use Vela mandates directly. Would need Token-2022 variant. |
The medium-term bet: new stablecoin issuers will default to Token-2022 because of extension support (Transfer Fee, Metadata Pointer, Confidential Transfers). Vela's mandate system is ready when they do.
The wrapped USDC bridge
VelaPay already ships a wrapped USDC solution. The SDK provides wrapUSDC(), unwrapUSDC(), and wrapAndSubscribe() — a compound flow that abstracts the Token-2022 wrapping step from the user. The subscriber doesn't need to think about Token-2022; the SDK handles it.
Why Privacy Hasn't Been Validated as a Winning Pitch
This is an important honest constraint for positioning.
At Cypherpunk (Sep 2025), four Arcium projects won zero prizes:
| Project | What It Did | Prize |
|---|---|---|
| ArxPredict | Encrypted prediction market | None |
| BlackBox | Encrypted computation platform | None |
| Flaek | Privacy-preserving data platform | None |
| Unchain Protocol | Encrypted DeFi | None |
The only other project combining Arcium and Token-2022 (incognito-protocol) also did not place.
What this means for positioning
The privacy moat is architecturally sound but has not been validated as a market-facing pitch. The correct approach:
- Don't lead with privacy in hackathon submissions or early investor conversations
- Lead with transfer hook enforcement — the overpull-fails demo is visceral and unique
- Frame privacy as long-term defensibility — the reason serious B2B SaaS will eventually require encrypted billing
- Don't claim privacy as an immediate competitive moat until Phase 1 ships with real merchant usage
Why privacy will matter eventually
Every Solana transaction is public. Every merchant who bills on-chain exposes their subscriber list, revenue, churn rate, and pricing tiers. This is a business intelligence catastrophe — not a theoretical risk. The reason no serious SaaS uses on-chain billing today is because of this data leak, not because of UX friction or gas costs.
Vela's privacy layer solves the structural problem. The market just hasn't felt enough pain yet to demand the solution. As on-chain businesses mature and start caring about competitive intelligence, privacy becomes non-negotiable.
The "Why Solana in 10 Seconds" Answer
This comes up in every investor conversation and every judge interaction. The answer:
Token-2022 TransferHook only exists on Solana. The chain-level rejection of unauthorized pulls only works because the Token-2022 program calls the Vela program on every transfer. This architecture cannot be replicated on EVM chains without a native token standard that supports execution hooks — which EVM does not have at the token program level.
That's it. Transfer hooks are Solana-native. They're the reason VelaPay can enforce billing rules at the protocol level instead of relying on application-layer trust. Without TransferHook, VelaPay becomes another allowance wrapper — the same pattern every competitor uses.
Supporting arguments for follow-up:
- Sub-cent fees make billing cadence economically viable
- 400ms finality means immediate pull confirmation
- Arcium MPC network runs on Solana
- Solana already has the stablecoin momentum ($3.2T annualized)
VelaPay's Fundamental Distinction
Mandate enforcement runs inside the Token-2022 program on every transfer
Standard approach (all competitors):
Subscriber approves allowance → Merchant pulls tokens → Transfer executes
→ Application checks rules after (or not at all)
VelaPay approach:
Subscriber creates mandate PDA → Merchant triggers pull → Token-2022 calls
transfer hook → Hook validates against mandate PDA → Transfer approved or
rejected at the protocol levelThe enforcement layer comparison
| Layer | Competitors | VelaPay |
|---|---|---|
| Token program | No involvement in billing logic | Transfer hook fires on every transfer |
| Billing validation | Application code (bypassable) | On-chain PDA check (unbypassable) |
| Unauthorized pull | Succeeds, then disputed | Fails at the validator level |
| Trust model | Trust the relayer/merchant | Trust the protocol |
No relayer, no trusted intermediary, no dispute process
The transfer hook is the enforcement. There is no relayer that can be compromised, no backend that can be DDoSed, no middleware that can be bypassed. The Solana validator itself enforces the billing rules by calling Vela's program on every transfer of a Vela-billed token.
Only project combining TransferHook + Arcium MPC
In the entire Colosseum corpus of 5,400+ projects, zero use Token-2022 transfer hooks for billing enforcement. Zero combine Arcium with transfer hooks for any purpose. VelaPay is the only project at the intersection of these two technologies.
What the Competitive Field Actually Looks Like
Not a crowded market. An empty one with failed attempts:
┌─────────────────────────────────────────────────────────────────┐
│ Full-Stack Billing Protocol │
│ (Protocol + SDK + Dashboard + Docs + Checkout + Portal + Widget)│
│ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │
│ VelaPay: ✅ (only entry) │
├─────────────────────────────────────────────────────────────────┤
│ Protocol-Level Billing Enforcement │
│ (Transfer hooks + mandate validation at token level) │
│ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │
│ VelaPay: ✅ (only entry) │
├─────────────────────────────────────────────────────────────────┤
│ Encrypted Billing Logic │
│ (Arcium MPC + two-phase validation) │
│ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │
│ VelaPay: ✅ | Subly: broken (hardcoded true) │
├─────────────────────────────────────────────────────────────────┤
│ On-Chain Billing Attempts (Any Quality) │
│ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │
│ Aeon, Tributary, Debyth, BlockSub, Pistis Pay, DMANDATE, │
│ MISK.FI, DePlan, LinkWave, Sola │
│ (all failed, 0 prizes, 0 accelerators) │
├─────────────────────────────────────────────────────────────────┤
│ Adjacent Payment Tools (Not Billing) │
│ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │
│ MCPay (per-request), Latinum (agent wallet), Sphere (UI), │
│ Helio (links), Superfluid (EVM streaming), Decal (POS) │
└─────────────────────────────────────────────────────────────────┘VelaPay is alone in the top two layers. The adjacent players are complementary or irrelevant. The failed attempts validate demand without creating competitive pressure.
Key Takeaways for Positioning
- The category is empty. Zero subscription billing companies in any Solana accelerator. Zero prizes in any hackathon. The design space is wide open.
- All competitors are allowance wrappers. Same architecture, different branding. None use transfer hooks. None achieve protocol-level enforcement.
- MCPay is complementary. Per-request payments (x402) and standing authorizations (mandates) serve different needs. VelaPay's x402 adapter bridges them.
- Latinum is the distinction to make. Wallet-side budget management vs protocol-side enforcement. When the agent misbehaves, Latinum's budget is meaningless. VelaPay's mandate still enforces.
- Token-2022 is the gate. USDC isn't Token-2022 yet. Target PYUSD, USDY, and new issuers. The bet is that new stablecoins default to Token-2022.
- Privacy hasn't won yet. Four Arcium projects, zero prizes. Lead with enforcement, frame privacy as long-term defensibility.
Sources: Colosseum Copilot corpus (1,997 projects sampled across Renaissance, Radar, Breakout, Cypherpunk), GitHub code review of Subly, Aeon Protocol, Bundl, MCPay, Latinum, DePlan, DMANDATE, MISK.FI, Pistis Pay, internal competitive analysis (pitch/competition.md), Colosseum accelerator portfolios (C1–C4).