Best Practices

Role-Based Access Control
- Clear separation between admin and manager roles in the vault
- Strict validation of admin and manager signatures for privileged operations
- Manager-only access for strategy operations like deposits and withdrawals
- Admin-only access for strategy addition and removal
PDA Authorization
- Utilization of Program Derived Addresses (PDAs) for critical vault components:
  - vault_asset_idle_auth - Controls idle assets
  - vault_lp_mint_auth - Controls LP token minting
  - vault_lp_fee_auth - Controls fee collection
- PDAs are derived using unique seeds tied to the vault's public key
- All PDA seeds are properly validated in each instruction

Vault Asset Management
- Strict accounting of total assets across idle and deployed positions
- Validation of asset mint addresses and associated token accounts
- Atomic transaction handling for deposits and withdrawals
- Maximum cap enforcement to prevent overflow risks
Strategy Integration
- Strict validation of strategy accounts and their ownership
- Proper handling of counterparty asset token accounts
- Validation of protocol program addresses
- Clear separation between different strategy types (Kamino, Drift, Marginfi, Solend)
Mathematical Safety
- Comprehensive overflow checks using checked_ operations
- Safe decimal handling for token amounts and exchange rates
- Proper scaling of values when converting between different decimal bases
- Explicit error handling for mathematical operations

Token Account Validation
- Strict validation of token program addresses
- Verification of token mint addresses
- Proper authority checks for token operations
- Support for both Token and Token-2022 programs
LP Token Management
- Secure minting controls through PDA-based mint authority
- Proper calculation of LP token amounts based on deposits
- Safe handling of LP token burns during withdrawals
- Proper tracking of total supply

Performance Fee Security
- Safe calculation of performance fees using proper decimal handling
- Atomic execution of fee collection
- Proper PDA-based authorization for fee collection
- Validation of fee parameters within acceptable ranges

Adaptor Pattern
- Clear separation between vault and protocol interactions through adaptors
- Proper validation of protocol-specific accounts
- Safe handling of protocol-specific state updates
- Proper error propagation from protocol operations
Cross-Program Invocation (CPI) Safety
- Proper signature validation for CPI calls
- Careful handling of remaining accounts
- Validation of program IDs for external calls
- Proper error handling for CPI failures

Custom Error Types
- Comprehensive error definitions in both vault and adaptor
- Clear error messages for debugging
- Proper error propagation across program boundaries
- Custom error codes for specific failure scenarios

Account Data Safety
- Proper initialization of all account fields
- Safe updates to account state
- Atomic state transitions
- Proper closing of accounts when needed
Data Validation
- Input parameter validation
- Account size validation
- Proper handling of optional fields
- Safe deserialization of account data

Last updated 4 months ago

Role-Based Access Control
- Clear separation between admin and manager roles in the vault
- Strict validation of admin and manager signatures for privileged operations
- Manager-only access for strategy operations like deposits and withdrawals
- Admin-only access for strategy addition and removal
PDA Authorization
- Utilization of Program Derived Addresses (PDAs) for critical vault components:
  - vault_asset_idle_auth - Controls idle assets
  - vault_lp_mint_auth - Controls LP token minting
  - vault_lp_fee_auth - Controls fee collection
- PDAs are derived using unique seeds tied to the vault's public key
- All PDA seeds are properly validated in each instruction

Vault Asset Management
- Strict accounting of total assets across idle and deployed positions
- Validation of asset mint addresses and associated token accounts
- Atomic transaction handling for deposits and withdrawals
- Maximum cap enforcement to prevent overflow risks
Strategy Integration
- Strict validation of strategy accounts and their ownership
- Proper handling of counterparty asset token accounts
- Validation of protocol program addresses
- Clear separation between different strategy types (Kamino, Drift, Marginfi, Solend)
Mathematical Safety
- Comprehensive overflow checks using checked_ operations
- Safe decimal handling for token amounts and exchange rates
- Proper scaling of values when converting between different decimal bases
- Explicit error handling for mathematical operations

Token Account Validation
- Strict validation of token program addresses
- Verification of token mint addresses
- Proper authority checks for token operations
- Support for both Token and Token-2022 programs
LP Token Management
- Secure minting controls through PDA-based mint authority
- Proper calculation of LP token amounts based on deposits
- Safe handling of LP token burns during withdrawals
- Proper tracking of total supply

Performance Fee Security
- Safe calculation of performance fees using proper decimal handling
- Atomic execution of fee collection
- Proper PDA-based authorization for fee collection
- Validation of fee parameters within acceptable ranges

Adaptor Pattern
- Clear separation between vault and protocol interactions through adaptors
- Proper validation of protocol-specific accounts
- Safe handling of protocol-specific state updates
- Proper error propagation from protocol operations
Cross-Program Invocation (CPI) Safety
- Proper signature validation for CPI calls
- Careful handling of remaining accounts
- Validation of program IDs for external calls
- Proper error handling for CPI failures

Custom Error Types
- Comprehensive error definitions in both vault and adaptor
- Clear error messages for debugging
- Proper error propagation across program boundaries
- Custom error codes for specific failure scenarios

Account Data Safety
- Proper initialization of all account fields
- Safe updates to account state
- Atomic state transitions
- Proper closing of accounts when needed
Data Validation
- Input parameter validation
- Account size validation
- Proper handling of optional fields
- Safe deserialization of account data

Last updated 4 months ago