• zk-verified ✓atlas treasury
  • 11.84%kamino · usdc
  • 18.20%drift · ksol
  • 9.40%marginfi · usdc
  • 14.10%jupiter · jlp
  • 7.80%kamino · jitosol
  • 8.92%drift · usdc
  • 22.40%orca · sol-usdc
  • 24.10%raydium · sol-usdc
  • 6.20%marginfi · sol
  • 12.30%kamino · pyusd
  • 19.80%jupiter · jlp-perp
  • 5.40%meteora · usdc-usdt

security · threat model · invariants

What we trust. What we prove. What we refuse.

Atlas does not require trust. It is structurally checkable. The 26 invariants below are the contract; their file links are the source of truth. Auditors read this page first.

verifier program

designed · sp1-solana audit gating mainnet

§1

Custody model

Atlas is non-custodial. Users connect existing wallets via wallet-standard / Mobile Wallet Adapter. Atlas does not own keys; recovery is at the wallet level. The /legal page states this explicitly; it is enforced at the program level by the absence of a custody-transfer instruction.

§2

Invariants

  • I-1info

    Strategy is committed at vault creation; no mid-life flip.

    atlas-vault

  • I-2info

    Proof-gated state movement — only execute_rebalance can move principal.

    atlas-rebalancer

  • I-3proof

    Three-gate rebalance — manifest, simulation, proof must all clear.

    atlas-rebalancer

  • I-4proof

    Public input layout is fixed-size; no Borsh on the verifier path.

    atlas-public-input

  • I-5info

    No floats in proof inputs — bps-scaled AllocationVectorBps only.

    atlas-public-input

  • I-6info

    Deterministic ordering — BTreeMap + clippy ban on HashMap/HashSet.

    clippy.toml

  • I-7info

    No silent fallbacks — every Stage::run returns Result.

    atlas-runtime

  • I-8info

    Archival writes are atomic with rebalance commits.

    atlas-warehouse

  • I-9proof

    Single source of public-input truth — atlas-public-input is canonical.

    atlas-public-input

  • I-10info

    Cross-program invariant assertions on every CPI.

    atlas-rebalancer

  • I-11ok

    Token-2022 awareness declared in vault strategy commitment.

    atlas-vault

  • I-12info

    No unwrap/expect/panic on production paths — clippy enforced.

    clippy.toml

  • I-13info

    Bus events are content-addressed via blake3.

    atlas-bus

  • I-14info

    Replay reproduces every rebalance byte-for-byte from the warehouse.

    atlas-replay

  • I-15zk

    Public input v3 carries the confidential-mode flag at offset 2.

    atlas-confidential

  • I-16zk

    Confidentiality pattern (A vs B) is per-vault and lifelong.

    atlas-confidential

  • I-17info

    Disclosure events are Bubblegum-anchored with tamper-detect ids.

    atlas-confidential

  • I-18ok

    Cross-role keeper signing rejected at the program ix entry.

    atlas-operator-agent

  • I-19ok

    Mandates expire and ratchet; renewal is a multisig vote.

    atlas-operator-agent

  • I-20ok

    High-impact actions need an attestation from a distinct signer + RPC quorum.

    atlas-operator-agent

  • I-21ok

    No silent scope expansion. Adding an action class needs a multisig event.

    atlas-operator-agent

  • I-22zk

    Private execution preserves on-chain settlement guarantees.

    atlas-per

  • I-23zk

    Verifier accepts only ER-rooted post-states.

    atlas-per

  • I-24zk

    Execution privacy is per-vault and lifelong.

    atlas-per

  • I-25zk

    PrivateER vaults must declare an ExecutionPath* disclosure scope.

    atlas-per

  • I-26ok

    PUSD-native — non-PUSD legs > 12h fail the workspace build.

    atlas-vault-templates

§3

Cryptographic primitives

  • · SP1 zkVM (RISC-V) — execution proof.
  • · Groth16 — succinct verifier on Solana via sp1-solana.
  • · Poseidon — public-input commitment hashing.
  • · Pedersen — amount commitments (Phase 14 confidential mode).
  • · blake3 — content-addressed event ids and explanation hashes.
  • · Ed25519 — wallet signatures (SIWS, attestation keepers).
§4

Public input layouts

v2

268 bytes

plain mainnet

v3

300 bytes

+ confidential (Phase 14)

v4

396 bytes

+ private execution (Phase 18)

§5

Attack surface (8 chaos game days)

scenarioexpected outcomerunbook
helius-outagedefensive_modeops/runbooks/helius-outage.md
pyth-hermes-degradeddefensive_modeops/runbooks/pyth-hermes-degraded.md
drift-abi-breakbundle_abortsops/runbooks/drift-abi-break.md
mainnet-congestionalert_onlyops/runbooks/mainnet-congestion.md
prover-outagehaltops/runbooks/prover-outage.md
bubblegum-keeper-losshaltops/runbooks/bubblegum-keeper-loss.md
compromised-keeper-mandate-breachesreject_at_verifierops/runbooks/compromised-keeper-mandate-breaches.md
per-operator-adversarialreject_at_verifierops/runbooks/per-operator-adversarial.md
§6

Adversarial corpus

Three concentric test layers verify the invariants above under hostile load. Counts pulled from the workspace CHANGELOG.

26

invariants tracked

I-1..I-26

10

adversarial scenarios

tests/adversarial · directive §12

256

proptest cases

tests/invariants · n ∈ [2,8] protocols

8

chaos game days

ops/runbooks

· atlas-invariants-tests: 6 crate-level tests · atlas-adversarial-tests: 10 hostile-scenario tests · 256-case proptest sweep on the consensus root

§7

Audit history

Internal review · all phases (continuous).

External audit · scheduled before mainnet cutover. The audit log will publish here with firm.s…mit>.

§8

Bug bounty

Disclosure scope follows the published threat model. Email security@atlasfi.in with PoC + impact; timed-disclosure window 90 days. Public payout schedule lands with mainnet.