Core Concepts: Roles & Security Model
The vault’s security is built upon Soroban’s modern authorization framework and a clear separation of duties between different roles.Authorization with require_auth()
At the heart of the vault’s security is Soroban’s native require_auth() function.
This powerful feature ensures that critical actions can only be performed if they are cryptographically signed and authorized by the correct account. It is the fundamental building block that prevents unauthorized access and guarantees that control over assets and settings remains with the designated parties.
Role Management: Owner vs. Trader
The contract defines two distinct roles to manage its operations securely, ensuring a safe separation of duties.The Owner (Admin)
The owner has ultimate control over the vault’s configuration and is the only role that can move assets out of the contract.
Permissions:
Permissions:
- Initialize the vault
- Change the vault owner
- Set or remove the
Traderaddress - Withdraw any token from the vault
The Trader
This is an optional role that can be granted permission by the owner to execute trades. This separation allows for delegating trading operations without giving up administrative control.
Permissions:
Permissions:
- Execute all swap operations (
swap_exact_in,swap_exact_out, etc.)
Secure Initialization
When a vault is first deployed, its__constructor function is called. This process follows several key steps.
Deploy from Wasm
First, the vault’s compiled Wasm (WebAssembly) bytecode is installed on the Stellar network. A new vault instance is then deployed from this installed bytecode.
Owner Authorization Required
The deployment transaction to create the new instance must be signed by the designated owner address.
Initial State is Stored
The initial owner and router addresses are securely saved into the contract’s persistent storage.
Next Steps
Asset Management
Learn how to deposit and withdraw tokens from the vault.