VaultDAO is a Soroban-native treasury management dApp for high-value Stellar organizations. It brings the robust security of multi-signature wallets to the speed and efficiency of the Soroban smart contract platform.
Think of it as the "Gnosis Safe of Stellar" β built for DAOs, Enterprise Treasuries, and Investment Clubs.
| Feature | Description |
|---|---|
| Multi-Signature | M-of-N signing logic enforced on-chain. Requires cryptographic proof from multiple treasurers. |
| RBAC | Granular Role-Based Access Control (Admin, Treasurer, Member) defining exact permissions. |
| Timelocks | Large transfers (> threshold) are locked for 24 hours before execution, allowing emergency cancellation. |
| Spending Limits | Enforced Daily and Weekly allowances to prevent budget overruns or drainage. |
| Recurring Payments | Automate payroll and subscriptions with rigorous interval checks. |
VaultDAO handles treasury funds, so security is paramount. The contract leverages Rust for memory safety and Soroban's simplified host environment to minimize attack vectors.
To optimize for ledger rent and data capabilities, we use a hybrid storage model:
- Instance Storage: Used for
Config(Global Settings) andRoles. This data is "hot" and always available to every contract invocation. - Persistent Storage: Used for
ProposalsandRecurringPayments. These records must persist until explicitly removed or expired.- TTL: Automatically extended on access.
- Temporary Storage: Used for Daily/Weekly Spending Limits.
- Why? These records are ephemeral. Once the time period (day/week) passes, the data can be safely evicted by the network, saving rent costs.
- 100% Logic Coverage: The multi-signature voting engine, timelock delays, and limit trackers are fully covered by unit tests in
src/test.rs. - RBAC Verification: Every sensitive function invokes
require_auth()and checks the caller's role against the stored registry.
See docs/TESTING.md for the full testing guide.
VaultDAO is designed for scale and security.
- Smart Contracts: Built with Rust/Soroban using a hybrid storage model (Instance, Persistent, Temporary) to optimize for ledger rent.
- Frontend: A premium React dashboard integrated with the Freighter wallet.
See ARCHITECTURE.md for a deep dive into the system design and STRUCTURE.md for folder organization.
- Rust (1.70+) & WASM Target:
rustup target add wasm32-unknown-unknown - Node.js (18+)
- Stellar CLI:
cargo install --locked stellar-cli - Freighter Wallet: Browser Extension
Ensure you have Rust and the wasm32 target installed.
# Clone the repository
git clone https://github.com/NovaGrids/VaultDAO.git
cd vaultdao
# Build the contract
cargo build --target wasm32-unknown-unknown --release
# Run Tests
cargo testNavigate to the frontend directory.
cd frontend
# Install dependencies
npm install
# Start the dev server
npm run devOpen http://localhost:5173 to view the dashboard.
For detailed setup and deployment instructions, see docs/DEPLOYMENT.md.
The backend is a lightweight support service scaffold for future indexing, notifications, websocket, and keeper work. It does not modify the contract and it is currently protected with local Husky hooks instead of GitHub Actions.
# Install root dependencies so Husky is available
npm install
# Install backend dependencies
npm --prefix backend install
# Copy backend environment example
cp backend/.env.example backend/.env
# Start the backend in watch mode
npm run backend:devThe backend health endpoints will be available at:
GET /healthGET /api/v1/status
cd contracts/vault
cargo testIntegrate VaultDAO into your own application using the official TypeScript SDK.
npm install @vaultdao/sdk- API Reference: docs/API.md
- SDK README: sdk/README.md
- Usage examples:
sdk/examples/
VaultDAO has a comprehensive test suite covering smart contract logic and (soon) frontend components.
# Smart contract tests
cd contracts/vault && cargo test
# Frontend tests (after setup)
cd frontend && npm test
# Backend checks
npm run backend:typecheck
npm run backend:testRead the full guide: docs/TESTING.md
If you are contributing to the backend, use this flow before opening a PR:
# From the repo root
npm install
npm --prefix backend install
cp backend/.env.example backend/.envHusky is configured at the repository root for backend quality checks:
pre-commit: runslint-stagedon backend filespre-push: runs backend typecheck and backend tests
Contributors should run these commands locally while working:
npm run backend:dev
npm run backend:typecheck
npm run backend:test
npm run backend:buildIf Husky hooks are not active after install, run:
npx huskyWe are actively participating in the Stellar Community Drips Wave. We welcome developers to help us build the future of Stellar treasury management!
- Browse Wave Issues for tasks.
- Read CONTRIBUTING.md to get started.
- Security: Please read our SECURITY.md for our vulnerability disclosure policy.
- Conduct: We follow the Contributor Covenant.
VaultDAO is licensed under the AGPL-3.0 License. See the LICENSE file for details.