The Problem
Vaults on Solana today are monoliths. Every team building a tokenized strategy ships its own program for subscriptions, redemptions, access control, policies, NAV, and DeFi execution. The cost compounds: every vault gets its own audit, wallets and custodians write bespoke integration code, allocators have no common surface to compare strategies, and compliance providers face a different attack surface for each issuer. Institutional adoption stalls, not for lack of demand, but because integration cost stacks up at every layer.
The Solana Vault Standard (sRFC-40), developed by Exo Tech with Solana Foundation support, addresses one half of this. It defines a common interface for the investor side of a vault. What it intentionally leaves open is everything behind the interface: the half that decides whether the vault is safe to allocate into.
The Solana Vault Standard gives allocators a common way to enter and exit; GLAM Vaults give managers an onchain control plane for everything that happens inside them.
The Standard as an Interface
The Solana Vault Standard specifies an Async Vault model. Investors create subscription or redemption requests, a vault authority approves or rejects them, and investors claim shares or assets when ready. Wallets, custodians, and allocators get a predictable model to integrate against.
GLAM connects to the standard vault via two instructions: Withdraw Assets lets the Authority pull assets out for use elsewhere, and Update NAV lets the Authority write valuation back in.
Token ACL, a separately scoped standard, handles permissioned transfers without breaking composability. Share tokens stay locked until a wallet clears the vault's compliance checks, which can encode any criteria the issuer needs, from KYC and accreditation to sanctions screening. Enforcement sits at the account level, so the shares stay composable with the rest of Solana DeFi.
Why the Operating Layer Has to Be Onchain
Offchain policy systems ask investors to trust that operators follow rules. GLAM enforces every rule on every transaction.
If a delegate has permission to swap on Jupiter but not to deposit into lending markets, any attempt to route funds into Kamino will cause the transaction to revert. Instead of trusting the operator or risking silent offchain failures, you get onchain enforcement by the program.
What GLAM Adds
- Granular Access Control. Owners control the vault. Delegates receive narrow permissions: which protocols, which actions. Sensitive changes stage behind timelocks; ownership can sit behind a multisig.
- Onchain Policy Engine. Policies live in the vault state and are enforced before execution. They control what a vault can hold, where it can deploy, how it can trade, and which oracles it trusts.
- DeFi Integrations. Jupiter Swaps and Kamino are live; Loopscale, Phoenix, Orca, Exponent, and Meteora in active development; stake pools and native staking built, pending audit. Each with its own dedicated policies and permissions.
- Bridging & External Positions. Support for CCTP and LayerZero OFT. External Positions reflect crosschain or offchain holdings, for example a vault on an EVM chain or an account at a qualified custodian. For a deeper dive, see our recent blog post on bridging and external positions.
- NAV Calculation. Positions native to Solana are priced directly from the protocol. Crosschain and offchain positions are added through the External Position Integration (EPI).
A Hybrid Architecture
GLAM ships with native subscriptions and redemptions, but it's designed to also act as the onchain engine behind an sRFC-40 interface. Two instructions connect the layers:
- Transfer policy: The standard vault can be configured to transfer only to a corresponding GLAM vault, and vice versa. The bidirectional constraint keeps the two systems behaving as one logical vault while preventing assets from leaking through misconfigured authorities.
- NAV write: A GLAM instruction CPIs into the Async Vault to write NAV into the standard vault account, which uses it for approval and claim logic.
A Worked Example: Tokenized Private Credit
A vault takes USDC deposits and deploys across onchain lending plus a basket of offchain positions. Shares are issued through a standard Async Vault.
Underneath, the manager powers the strategy and GLAM provides the infrastructure and guardrails. Delegate permissions are scoped to specific lending protocols and a narrow set of accepted oracles. A separate role can update positions through EPI but cannot move assets.
To fulfill pending redemptions, the manager unwinds positions as needed: pulling USDC out of lending protocols via Withdraw Assets, and recalling funds from external positions where applicable.
Once liquidity is in place, the manager triggers NAV publication. GLAM prices lending positions directly from the protocols, pulls AUM from EPI, sums the components, and writes the result via CPI. The base asset is then transferred back to the standard vault, which processes pending claims against the published NAV. If a delegate constructs a transaction that violates a policy, it fails.
Vaults can serve a wide range of use cases: tranched stablecoins that separate senior and junior risk, indices tracking baskets of tokenized equities, strategy-driven vaults running basis trades or RWA looping, all the way to managed accounts with custom mandates and guardrails for AI agents.
The Bigger Picture
Tokenized vaults are shaping up to be ETFs 2.0: programmable, composable, and settled onchain. Whether sRFC-40 or a successor wins the interface, the operating layer still has to do what GLAM already does: enforce policies onchain, price across heterogeneous positions, and cleanly segregate authorities.
That's what institutions can actually underwrite: a familiar wrapper on the outside, programmable guardrails on the inside.
If you're exploring vaults on Solana, let's talk.
Special thanks to Taylor Johnson, Co-founder of Exo Technologies for input and review.
Resources:
