VaultDAO is a Soroban-native treasury management dApp for high-value Stellar organizations. It brings the robust security of multi-signature wallets to the speed and efficiency of the Soroban smart contract platform.
Think of it as the "Gnosis Safe of Stellar" — built for DAOs, Enterprise Treasuries, and Investment Clubs.
| Feature | Description |
|---|---|
| Multi-Signature | M-of-N signing logic enforced on-chain. Requires cryptographic proof from multiple treasurers. |
| RBAC | Granular Role-Based Access Control (Admin, Treasurer, Member) defining exact permissions. |
| Timelocks | Large transfers (> threshold) are locked for 24 hours before execution, allowing emergency cancellation. |
| Spending Limits | Enforced Daily and Weekly allowances to prevent budget overruns or drainage. |
| Recurring Payments | Automate payroll and subscriptions with rigorous interval checks. |
VaultDAO handles treasury funds, so security is paramount. The contract leverages Rust for memory safety and Soroban's simplified host environment to minimize attack vectors.
To optimize for ledger rent and data capabilities, we use a hybrid storage model:
- Instance Storage: Used for
Config(Global Settings) andRoles. This data is "hot" and always available to every contract invocation. - Persistent Storage: Used for
ProposalsandRecurringPayments. These records must persist until explicitly removed or expired.- TTL: Automatically extended on access.
- Temporary Storage: Used for Daily/Weekly Spending Limits.
- Why? These records are ephemeral. Once the time period (day/week) passes, the data can be safely evicted by the network, saving rent costs.
- 100% Logic Coverage: The multi-signature voting engine, timelock delays, and limit trackers are fully covered by unit tests in
src/test.rs. - RBAC Verification: Every sensitive function invokes
require_auth()and checks the caller's role against the stored registry.
See docs/TESTING.md for the full testing guide.
VaultDAO is designed for scale and security.
- Smart Contracts: Built with Rust/Soroban using a hybrid storage model (Instance, Persistent, Temporary) to optimize for ledger rent.
- Frontend: A premium React dashboard integrated with the Freighter wallet.
See ARCHITECTURE.md for a deep dive into the system design and STRUCTURE.md for folder organization.
- Rust (1.70+) & WASM Target:
rustup target add wasm32-unknown-unknown - Node.js (18+)
- Stellar CLI:
cargo install --locked stellar-cli - Freighter Wallet: Browser Extension
Ensure you have Rust and the wasm32 target installed.
# Clone the repository
git clone https://github.com/NovaGrids/VaultDAO.git
cd vaultdao
# Build the contract
cargo build --target wasm32-unknown-unknown --release
# Run Tests
cargo testNavigate to the frontend directory.
cd frontend
# Install dependencies
npm install
# Start the dev server
npm run devOpen http://localhost:5173 to view the dashboard.
For detailed setup and deployment instructions, see docs/DEPLOYMENT.md.
cd contracts/vault
cargo testIntegrate VaultDAO into your own application using the official TypeScript SDK.
npm install @vaultdao/sdk- API Reference: docs/API.md
- SDK README: sdk/README.md
- Usage examples:
sdk/examples/
VaultDAO has a comprehensive test suite covering smart contract logic and (soon) frontend components.
# Smart contract tests
cd contracts/vault && cargo test
# Frontend tests (after setup)
cd frontend && npm testRead the full guide: docs/TESTING.md
We are actively participating in the Stellar Community Drips Wave. We welcome developers to help us build the future of Stellar treasury management!
- Browse Wave Issues for tasks.
- Read CONTRIBUTING.md to get started.
- Security: Please read our SECURITY.md for our vulnerability disclosure policy.
- Conduct: We follow the Contributor Covenant.
VaultDAO is licensed under the AGPL-3.0 License. See the LICENSE file for details.