> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meteora.ag/llms.txt
> Use this file to discover all available pages before exploring further.

# Alpha Vault Whitelist and Access

> Understand Alpha Vault permissionless escrows, Merkle proof escrows, authority-created escrows, wallet caps, vault authority, and escrow fees.

Alpha Vault controls access at the escrow-creation layer. A user must have an escrow for the vault before they can deposit.

## Access Models

| Access model      | Who can create the escrow                                     | How user quota is set                                                                                            |
| ----------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
| Permissionless    | Anyone can create an escrow during the deposit window.        | Permissionless FCFS uses `individual_depositing_cap`; permissionless Pro Rata effectively has no individual cap. |
| Merkle proof      | A user or payer creates an escrow with a valid Merkle proof.  | The Merkle leaf includes the wallet and `max_cap`; the escrow stores that `max_cap`.                             |
| Authority-managed | The vault authority creates the escrow for a selected wallet. | The authority passes a positive `max_cap`; the escrow stores that `max_cap`.                                     |

## Permissionless Escrows

Permissionless mode lets anyone create an escrow while the vault is open. The escrow address is derived from the vault and owner, so each owner has one escrow per vault.

Permissionless vaults may charge an escrow creation fee. The program caps this fee at `10,000,000` lamports (`0.01 SOL`) and sends it to the Meteora treasury account. The fee is recorded in `total_escrow_fee` and is not refunded when the escrow is closed.

## Merkle Proof Escrows

Merkle proof mode is built for larger allowlists.

The vault authority or a program admin creates a `MerkleRootConfig` for the vault. Each user then proves membership with a leaf built from:

```text theme={"system"}
owner pubkey + max_cap
```

The program stores the supplied `max_cap` in the user's escrow after verifying the proof. Deposits are then limited by the escrow's remaining cap.

The program also supports Merkle proof metadata with a `proof_url`, which can point clients to off-chain proof data.

<Note>
  The Merkle root account is versioned, so teams can publish multiple root versions for the same vault when needed.
</Note>

## Authority-Managed Escrows

Authority-managed mode is for curated lists. The vault authority signs the escrow creation transaction and selects the owner and `max_cap`.

This mode is operationally simple for small lists because the team can create the escrow accounts directly. It is less scalable than Merkle proof mode for large public allowlists.

## Permissioned Vault Fee Rule

Permissioned vaults cannot charge an escrow creation fee.

The initialization path rejects any nonzero `escrow_fee` when `whitelist_mode` is Merkle proof or authority-managed. This avoids charging users or teams for escrow creation in permissioned flows where the project may create many escrows.

## Vault Authority and Admins

The vault authority is normally the vault creator. It can:

* Create Merkle root configs for a Merkle-proof vault.
* Create Merkle proof metadata.
* Create authority-managed escrows when the vault uses authority mode.
* Transfer vault authority to a new pubkey.

Program admins can create global Pro Rata and FCFS config accounts, update vault parameters through admin-only instructions, create crank-fee whitelist accounts, and also create Merkle root configs or metadata.

## Wallet Caps

Caps are enforced during deposit, not just during escrow creation.

| Cap source                  | Applies when                              | Behavior                                                              |
| --------------------------- | ----------------------------------------- | --------------------------------------------------------------------- |
| `individual_depositing_cap` | Permissionless FCFS                       | Limits each escrow's accepted deposit.                                |
| `u64::MAX`                  | Permissionless Pro Rata                   | Means the individual cap is effectively ignored.                      |
| Escrow `max_cap`            | Merkle proof and authority-managed vaults | Limits deposits for that permissioned escrow.                         |
| `max_depositing_cap`        | FCFS vaults                               | Limits total accepted vault deposits.                                 |
| `max_buying_cap`            | Pro Rata vaults                           | Limits how much quote the vault can swap, not how much it can accept. |