Skip to main content
SuperVaults are ERC-7540 tokenized vaults that give curators full programmatic control over yield strategy execution. Curators set allocation priorities, define automated rebalancing rules, manage on-chain permissions through merkle-verified hook authorization, and monitor vault health across a ~107-endpoint API surface spanning three backend services. This documentation covers everything a curator needs to operate a SuperVault: from initial vault creation and yield source whitelisting through strategy automation via the DeFiX v0.1 intent protocol.

Non-Custodial by Design

SuperVaults are ERC-4626/ERC-7540 smart contracts deployed permissionlessly on-chain. No intermediary holds custody of vault assets — depositor funds live in the contracts at all times. The curator platform at curators.superform.xyz is a management interface built on top of this decentralized infrastructure: it constructs calldata, your wallet signs, and you submit transactions directly to the protocol. Superform never touches your keys or your vault’s assets. The contracts are open-source and audited. Anyone can interact with them directly without using this interface.

Architecture at a Glance

SuperVaults split responsibilities across three backend services:
ServiceRoleLanguage
EreborVault management, analytics, merkle authorization, registry, service controlsGo
Strategy EngineRule-based strategy evaluation, intent dispatchGo
OMSDeFiX v0.1 intent execution, on-chain transaction managementGo
Every on-chain write operation follows a prepare pattern: the backend constructs EVM calldata, your wallet signs the transaction, and the backend confirms the result. Private keys never touch the server.

Key Capabilities

Strategy Automation

Define rule-based strategies with indicator expressions, conviction thresholds, and configurable tick intervals. The Strategy Engine evaluates conditions and dispatches DeFiX intents automatically.

Merkle Authorization

Whitelist exactly which hooks can be called with which parameters. Each authorized combination becomes a merkle tree leaf verified on-chain before execution.

Full API Access

~107 endpoints across three services. Programmatic control over every operation the UI exposes, plus analytics, audit logs, and admin utilities.

Documentation Structure

1

Core Concepts

What curators control, what the protocol enforces, ERC-7540 mechanics, the hook system, and merkle authorization. Read more →
2

Get Started

Prerequisites, authentication, permissions, and a quickstart walkthrough. Read more →
3

Operate

UI guide for every page in the Curator App, from Dashboard to Strategy Canvas. Read more →
4

Integrate

API reference for all four backends with endpoint tables, request shapes, and error codes. Read more →
5

Automate

Build programmatic curators: monitoring loops, service health alerting, and audit log streaming. Read more →

Security Model

SuperVaults enforce security at multiple layers:
  • On-chain merkle verification ensures keepers can only execute pre-authorized hook + parameter combinations
  • ERC-7540 async redemption separates request from fulfillment, giving curators time to source liquidity
  • Timelocked merkle root updates prevent instant unauthorized changes to keeper permissions
  • Role-based access control across primary manager, secondary manager, and view-only tiers
  • Emergency pause halts all vault operations with a single on-chain transaction
  • Audited contracts reviewed by Spearbit, Cantina, and yAudit across multiple engagements
This documentation targets curators and integrators. For depositor-facing information, see the Superform App. For protocol-level specifications, see the Superform Protocol Docs.