Alpha Vault controls access at the escrow-creation layer. A user must have an escrow for the vault before they can deposit.
Access Models
| Access model | Who can create the escrow | How user quota is set |
|---|
| Permissionless | Anyone can create an escrow during the deposit window. | Permissionless FCFS uses individual_depositing_cap; permissionless Pro Rata effectively has no individual cap. |
| Merkle proof | A user or payer creates an escrow with a valid Merkle proof. | The Merkle leaf includes the wallet and max_cap; the escrow stores that max_cap. |
| Authority-managed | The vault authority creates the escrow for a selected wallet. | The authority passes a positive max_cap; the escrow stores that max_cap. |
Permissionless Escrows
Permissionless mode lets anyone create an escrow while the vault is open. The escrow address is derived from the vault and owner, so each owner has one escrow per vault.
Permissionless vaults may charge an escrow creation fee. The program caps this fee at 10,000,000 lamports (0.01 SOL) and sends it to the Meteora treasury account. The fee is recorded in total_escrow_fee and is not refunded when the escrow is closed.
Merkle Proof Escrows
Merkle proof mode is built for larger allowlists.
The vault authority or a program admin creates a MerkleRootConfig for the vault. Each user then proves membership with a leaf built from:
The program stores the supplied max_cap in the user’s escrow after verifying the proof. Deposits are then limited by the escrow’s remaining cap.
The program also supports Merkle proof metadata with a proof_url, which can point clients to off-chain proof data.
The Merkle root account is versioned, so teams can publish multiple root versions for the same vault when needed.
Authority-Managed Escrows
Authority-managed mode is for curated lists. The vault authority signs the escrow creation transaction and selects the owner and max_cap.
This mode is operationally simple for small lists because the team can create the escrow accounts directly. It is less scalable than Merkle proof mode for large public allowlists.
Permissioned Vault Fee Rule
Permissioned vaults cannot charge an escrow creation fee.
The initialization path rejects any nonzero escrow_fee when whitelist_mode is Merkle proof or authority-managed. This avoids charging users or teams for escrow creation in permissioned flows where the project may create many escrows.
Vault Authority and Admins
The vault authority is normally the vault creator. It can:
- Create Merkle root configs for a Merkle-proof vault.
- Create Merkle proof metadata.
- Create authority-managed escrows when the vault uses authority mode.
- Transfer vault authority to a new pubkey.
Program admins can create global Pro Rata and FCFS config accounts, update vault parameters through admin-only instructions, create crank-fee whitelist accounts, and also create Merkle root configs or metadata.
Wallet Caps
Caps are enforced during deposit, not just during escrow creation.
| Cap source | Applies when | Behavior |
|---|
individual_depositing_cap | Permissionless FCFS | Limits each escrow’s accepted deposit. |
u64::MAX | Permissionless Pro Rata | Means the individual cap is effectively ignored. |
Escrow max_cap | Merkle proof and authority-managed vaults | Limits deposits for that permissioned escrow. |
max_depositing_cap | FCFS vaults | Limits total accepted vault deposits. |
max_buying_cap | Pro Rata vaults | Limits how much quote the vault can swap, not how much it can accept. |
