Vault
The Vault capability provides multi-signature treasury management for DAOs and corporate treasuries, with role-based access control, configurable confirmation thresholds, and support for ETH, ERC20, and general contract call transactions.
Purpose: Describe the Vault capability -- a multi-signature treasury system with role separation, configurable approval thresholds, and emergency controls.
- Doc type: Reference
What you'll find here
- Multi-signature transaction lifecycle (propose, confirm, execute)
- Role separation and access control model
- Supported transaction types
- Trust boundaries and failure modes
Boundary
The Vault manages custody of ETH and ERC20 tokens through a multi-signature approval process. It does not handle token issuance, compliance verification, or investor identity -- those responsibilities belong to the SMART Protocol and compliance layer. The Vault operates as a standalone treasury tool that integrates with DALP System infrastructure for deployment and access control.
Owned contracts
| Contract | Responsibility |
|---|---|
| DALPVault | Multi-sig logic: proposals, confirmations, execution, pause, role management |
| DALPVaultFactoryImplementation | Factory for CREATE2 deployment of new vault instances |
Roles
| Role | Permissions |
|---|---|
| SIGNER_ROLE | Propose new transactions, confirm pending transactions, revoke own confirmations |
| EMERGENCY_ROLE | Pause and unpause all vault operations |
| GOVERNANCE_ROLE | Modify vault parameters (confirmation threshold, auto-execution toggle) |
Role separation ensures that day-to-day signers cannot unilaterally change vault rules, and governance changes require a distinct authorization path from transaction approval.
Transaction lifecycle
The vault follows a proposal-confirmation-execution model:
- Proposal -- A signer submits a transaction specifying the target address, value, and calldata. The vault stores the proposal and records the proposer's confirmation.
- Confirmation -- Additional signers review and confirm the proposal. Each confirmation is recorded individually and can be revoked before execution.
- Execution -- When the confirmation count reaches the required threshold, the transaction executes. If auto-execution is enabled, execution triggers automatically upon the final confirmation. Otherwise, any signer can trigger execution manually after threshold is met.
Transaction types
| Type | Description |
|---|---|
| ETH transfers | Native currency sent to any address |
| ERC20 transfers | Token transfers using standard ERC20 approval mechanics |
| Contract calls | Arbitrary calldata execution against any contract address |
| Batch operations | Multiple transactions bundled in a single proposal |
All transaction types follow the same proposal-confirmation-execution lifecycle. The vault does not differentiate between simple transfers and complex contract interactions at the approval layer.
Trust boundaries
- Role separation -- Signers, emergency operators, and governance are distinct roles. No single role can both approve transactions and change vault parameters.
- Configurable confirmation threshold -- The number of required confirmations is set by governance. Increasing the threshold raises the coordination cost of unauthorized transactions.
- Pausable operations -- Emergency role holders can immediately halt all vault operations, preventing execution of pending transactions during incident response.
- Audit trail -- Every proposal, confirmation, revocation, and execution emits on-chain events, providing an immutable record for compliance and forensic review.
Dependencies
| Dependency | Role |
|---|---|
| DALP System infrastructure | Factory deployment, system-level access control |
| Access control (ISMARTTokenAccessManager) | Role assignment and enumeration |
Configuration surface
| Parameter | Scope | Mutability |
|---|---|---|
| Required confirmations | Vault instance | Modifiable by GOVERNANCE_ROLE |
| Auto-execution toggle | Vault instance | Modifiable by GOVERNANCE_ROLE |
| Signer list | Vault instance | Managed via role grants/revocations |
Failure modes
| Failure | System behavior |
|---|---|
| Insufficient confirmations | Transaction remains pending; no funds move |
| Signer key compromise | Other signers can revoke the compromised signer's role; emergency pause halts operations |
| Paused state | All proposals and executions blocked until unpaused by EMERGENCY_ROLE |
The Vault capability is in development. Smart contracts are available but the UI is not yet integrated into the Asset Console.
Related
- Capabilities layer overview for how capabilities extend the platform
- SMART Protocol integration (ERC-3643) for the compliance framework
- Infrastructure layer for services the vault depends on
- Component catalog for the full platform inventory
Airdrop
The Airdrop capability provides a Merkle-proof-based token distribution system with three strategies -- time-bound, vesting, and push -- each deployed through the factory pattern with pluggable claim tracking.
XvP Settlement
The XvP Settlement capability provides atomic cross-party token exchanges with all-or-nothing execution guarantees, multi-party support, optional hashlock coordination for cross-chain legs, and per-sender approval management.