Solace Docs
Smart Contract Wallet for Solana
In this document, we discuss about how the Solace Smart Contract Wallet works.
The Basics
Every wallet has two main properties:
name
Signing KeyPair (
owner
KeyPair)
All transactions to the smart-contract need to be signed by the
owner
keypair.All funds are stored in a PDA, whose address is derived using the
name
parameter. Hence, name has to be unique.All SOL funds are stored in the PDA and SPL Tokens are stored in Associated Token Accounts derived for this PDA.
guardians
are other public keys which help safeguard the wallet. They are responsible for two things:Replacing the
owner
field to assign a new owner.Approving
SPL
andSOL
transfers.
Incubation Mode
What is Incubation Mode?
Incubation mode is a state of the wallet where all transactions are instant & doesn't require any guardian approvals. This includes:
Adding new guardians to the wallet.
Adding new "trusted addresses" to the wallet
Any SPL Transfers
Any SOL Transfers
This mode exists to ensure that all transactions are instant and smooth when the user first creates the wallet. The security aspects of the Solace Wallet will kick in when the incubation mode ends, which is after 12 hours of wallet creation.
When the wallet is first created, a
created_at
marks the time of creation andincubation_mode
set to true.incubation_mode
can be set to false by the user using theend_incubation
call.Wallet
has a methodcheck_incubation
which will return true or false based on the following rules:If the wallet was created less than 12 hours ago, then return
incubation_mode
If the wallet is older than 12 hours, then return false.
Guardians
adding guardians to your solace wallet
there are two stages during which guardians can be added to your solace wallet
within the 12 hour incubation window
after the 12 hour incubation window
adding guardians within the 12 hour incubation window
the 12 hour incubation window begins when the wallet is first created.
in this window, there is NO wait-time for adding guardians to your wallet.
it’s crucial to not lose access to your device in this 12 hour window, as it’s the most vulnerable at this time.
adding guardians after the 12 hour incubation
guardians to be added after the initial incubation window, requires a 36 hour wait-time to elapse.
only after this 36 hour period, guardians can approve their request for guardianship, and be added as new guardians
this wait-time prevents malicious actors from adding guardians to a wallet and compromising funds
Transfers
There are two types of Transfers:
Instant SPL / SOL transfer
Guarded SPL / SOL transfer
Instant SPL / SOL Transfer
This is when the recipient is already in the trusted_pubkeys
. This transaction will execute. It will fail if the recipient is not in the trusted_pubkeys
vector.
There are separate transaction calls for SOL and SPL as SPL transfers require more accounts to be passed in
Guarded SPL / SOL Transfer
When a recipient addres is not in the trusted_pubkeys
, then the trasnsactions will require approval from Guardians of the wallet.
For this purpose, a new PDA is created and the account contains all the details about the transfer as well as the approval state
A guardian can approve a transfer using approve_transfer
and can approve & execute a transfer (if all the other guardians have approved as well, using approve_and_execute_transfer
.
Note that all these transaction should be signed by the guardian and should include the PDA involved in the transfer
trusted addresses
all transactions on the solace-vault require guardian approvals. this is to prevent malicious actors form draining funds from your vault.
however, trusted addresses are addresses to which your solace vault can transfer sol/spl tokens to, without the requirement of guardian approvals
how to add a trusted address?
currently, there are only two ways a trusted address can be added to the wallet
incubation window - if the vault is in the incubation window adding trusted addresses is instant.
transaction history - if the wallet is not in the incubation window, and if the vault has a transaction history with the address being requested
technical specifications
call the
add_trusted_pubkey
with the key to be trusted.if the serialization fails with a custom program error, then one of the above mentioned criteria isn’t met.
else, the pubkey is added to the trusted list.
Wallet Recovery
Wallet recovery is when the original owner has lost access to the owner
privatekey or has lost access to the device / account. In this case a WalletRecovery can be initiated on a new device with a new owner
KeyPair, where the wallet will be put into recovery_mode
and no transfers will be allowed.
The guardians will have to approve_recovery_by_keypair
to assign the new owner as the owner of the PDA Wallet.
Last updated