Version: 1.0.0
Last Updated: 2026-02-01
Status: PRE-LAUNCH
This checklist must be completed before deploying SolVoid to Solana Mainnet-Beta. Each item requires sign-off from the responsible party.
- Solana Program Audit - External security firm review of
programs/solvoid-zk - All critical/high findings resolved
- Medium findings addressed or accepted with documentation
- Audit report published
- ZK Circuit Review - Formal verification of
circuits/withdraw.circom - Poseidon Implementation Audit - Cross-platform hash consistency verified
- Groth16 Verifier Audit - On-chain verifier matches snarkjs output
- Relayer Security Review - Replay protection, rate limiting verified
- SDK Security Review - No secret leakage, proper randomness
- SDK unit tests passing -
npm run test:unit - Rust unit tests passing -
cargo test - Code coverage ≥ 80%
- End-to-end deposit/withdraw flow -
npm run test:integration - Cross-platform hash consistency - TypeScript ↔ Rust ↔ Circom
- Merkle tree state synchronization
- Circuit soundness tests passing - Invalid proofs rejected
- Verifier consistency tests passing - On-chain = off-chain
- State invariant tests passing - No double-spend possible
- Adversarial tests passing - Attack simulations fail
- Proof generation < 10 seconds on consumer hardware
- Transaction simulation successful on mainnet RPC
- Load testing completed - 100+ concurrent operations
- Powers of Tau downloaded - Hermez pot14_0000.ptau
- Circuit-specific ceremony completed - withdraw_final.zkey generated
- Verification key exported - verification_key.json validated
- Ceremony transcript published - Reproducible build verified
- Verification key hash published - SHA256 commitment
- On-chain VK matches ceremony output
- Independent verification by third party
- Program ID reserved - Keypair generated and secured
- Upgrade authority configured - Multi-sig or frozen
- Program deployed to devnet - Full test cycle completed
- Program deployed to mainnet -
anchor deploy --provider.cluster mainnet
- State PDA initialized -
solvoid init - Verifier state initialized - Verification key loaded
- Root history initialized - Empty tree root stored
- Economic state initialized - Default parameters set
- Vault PDA funded - Minimum reserve deposited
- Treasury PDA created - Fee accumulator ready
- Multi-sig authority deployed - Recommended: 3-of-5
- Authority transferred to multi-sig
- Emergency procedures tested - Circuit breaker, emergency mode
- Primary relayer deployed - Geographic redundancy
- Backup relayer deployed - Failover tested
- Rate limiting configured - 100 req/min/IP
- Monitoring enabled - Alerts for anomalies
- Primary RPC endpoint - Low latency, high availability
- Fallback RPC endpoints - 3+ alternatives configured
- WebSocket connections - Real-time state updates
- Transaction monitoring - Success/failure rates
- Vault balance monitoring - Reserve threshold alerts
- Circuit breaker monitoring - Automatic notifications
- Uptime monitoring - Relayer availability
- Getting started guide - First deposit walkthrough
- CLI reference - All commands documented
- SDK reference - API documentation complete
- FAQ - Common questions answered
- Trust assumptions document - TRUST_ASSUMPTIONS_FREEZE.md
- Security policy - Responsible disclosure process
- Incident response plan - Emergency procedures documented
- Architecture overview - System design documented
- API reference - Relayer endpoints documented
- Deployment guide - Reproducible deployment steps
- Terms of service - User agreements
- Privacy policy - Data handling practices
- Regulatory assessment - Jurisdiction-specific review
- OFAC screening integration - Optional compliance mode
- Audit trail capability - For institutional users
- Final security review completed
- Mainnet deployment verified
- Monitoring systems active
- Support channels ready
- Circuit breaker in standby mode
- Team on-call for 24 hours
- Initial deposits monitored closely
- Public announcement published
- No critical issues reported
- Transaction volume within expectations
- User feedback collected
- Bug bounty program announced
# Halt all withdrawals immediately
solvoid admin trigger-circuit-breaker# Increase fees to deter attacks
solvoid admin trigger-emergency --multiplier 10 --reason "Suspicious activity"- Root cause analysis template ready
- Communication templates ready
- Rollback procedures documented
| Role | Name | Date | Signature |
|---|---|---|---|
| Lead Developer | |||
| Security Lead | |||
| Operations Lead | |||
| Project Manager |
By signing above, we certify that all checklist items have been completed and the protocol is ready for mainnet deployment.
Final Approval Date: _______________
This checklist must be version-controlled and updated for each deployment.