Best Practices

Access Control and Authorization

  1. Role-Based Access Control

    • Clear separation between admin and manager roles in the vault

    • Strict validation of admin and manager signatures for privileged operations

    • Manager-only access for strategy operations like deposits and withdrawals

    • Admin-only access for strategy addition and removal

  2. PDA Authorization

    • Utilization of Program Derived Addresses (PDAs) for critical vault components:

      • vault_asset_idle_auth - Controls idle assets

      • vault_lp_mint_auth - Controls LP token minting

      • vault_lp_fee_auth - Controls fee collection

    • PDAs are derived using unique seeds tied to the vault's public key

    • All PDA seeds are properly validated in each instruction

Asset Safety

  1. Vault Asset Management

    • Strict accounting of total assets across idle and deployed positions

    • Validation of asset mint addresses and associated token accounts

    • Atomic transaction handling for deposits and withdrawals

    • Maximum cap enforcement to prevent overflow risks

  2. Strategy Integration

    • Strict validation of strategy accounts and their ownership

    • Proper handling of counterparty asset token accounts

    • Validation of protocol program addresses

    • Clear separation between different strategy types (Kamino, Drift, Marginfi, Solend)

  3. Mathematical Safety

    • Comprehensive overflow checks using checked_ operations

    • Safe decimal handling for token amounts and exchange rates

    • Proper scaling of values when converting between different decimal bases

    • Explicit error handling for mathematical operations

Token Security

  1. Token Account Validation

    • Strict validation of token program addresses

    • Verification of token mint addresses

    • Proper authority checks for token operations

    • Support for both Token and Token-2022 programs

  2. LP Token Management

    • Secure minting controls through PDA-based mint authority

    • Proper calculation of LP token amounts based on deposits

    • Safe handling of LP token burns during withdrawals

    • Proper tracking of total supply

Fee Handling

  1. Performance Fee Security

    • Safe calculation of performance fees using proper decimal handling

    • Atomic execution of fee collection

    • Proper PDA-based authorization for fee collection

    • Validation of fee parameters within acceptable ranges

Protocol Integration Security

  1. Adaptor Pattern

    • Clear separation between vault and protocol interactions through adaptors

    • Proper validation of protocol-specific accounts

    • Safe handling of protocol-specific state updates

    • Proper error propagation from protocol operations

  2. Cross-Program Invocation (CPI) Safety

    • Proper signature validation for CPI calls

    • Careful handling of remaining accounts

    • Validation of program IDs for external calls

    • Proper error handling for CPI failures

Error Handling

  1. Custom Error Types

    • Comprehensive error definitions in both vault and adaptor

    • Clear error messages for debugging

    • Proper error propagation across program boundaries

    • Custom error codes for specific failure scenarios

State Management

  1. Account Data Safety

    • Proper initialization of all account fields

    • Safe updates to account state

    • Atomic state transitions

    • Proper closing of accounts when needed

  2. Data Validation

    • Input parameter validation

    • Account size validation

    • Proper handling of optional fields

    • Safe deserialization of account data

PreviousCustom Adaptors CreationNextDeployed Programs

Last updated