Security

Vault Architecture

Your vault is a Program-Derived Address (PDA) on Solana, a smart contract account with no private key. Here's exactly how this works and why it means only you can access your funds.

What is a PDA?

A Program-Derived Address is a special type of Solana account address that's mathematically derived from two inputs: your wallet address and the Amyth program ID. The key property is that a PDA has no private key. Unlike a regular wallet, nobody holds a secret that can sign transactions for it. Instead, only the Amyth onchain program can authorize operations on the PDA, and the program's code enforces strict rules about who can do what.

Think of it like a lockbox that's built into a bank vault. The bank vault (Solana) holds the lockbox. The lockbox (PDA) can only be opened by your specific key (your wallet signature). The bank (Amyth's program) enforces the rules, but the bank itself doesn't hold a master key.

The permission model

Every Amyth vault has two roles, enforced by the onchain Anchor program:

Admin (Your Wallet)

✓ Deposit USDC into the vault
✓ Withdraw USDC from the vault
✓ Change vault settings (leverage, risk caps)
✓ Stop or start the bot
✓ Delete the vault

Relayer (Amyth's Backend)

✓ Submit trade instructions (open/close positions)
✗ Cannot withdraw or transfer funds. Physically impossible
✗ Cannot change vault parameters
✗ Cannot call any program other than Jupiter Perps (hardcoded)

What happens if Amyth disappears?

Your funds are safe. They're in a Solana PDA controlled by your wallet. If Amyth's servers go offline permanently:

• The bot stops trading (no new signals will be submitted).

• Any open positions remain open until Jupiter's keeper acts or you close them.

• You can withdraw your collateral by interacting with the onchain program directly using any Solana tool (e.g., Anchor CLI).

• The program ID and instructions for manual withdrawal are publicly verifiable.

Verifying the program

The Amyth vault program is deployed to a specific Solana program ID that you can verify independently on Solscan or any Solana explorer. The program's instructions, account structure, and permission checks are all visible onchain. You don't have to trust Amyth's claims. You can read the code yourself.

Non-custodial means non-custodial

This isn't a service-level promise like "we promise not to touch your funds." It's a cryptographic guarantee. The onchain program makes it physically impossible for anyone other than the admin wallet to withdraw. Even if Amyth's entire infrastructure were compromised, the attacker could only submit trades within your risk rails. They could never access your funds.

Was this page helpful?

← PreviousSecurity & Trust Next →Onchain Risk Rails