Skip to main content
SuperVaults are ERC-7540 tokenized vaults that give institutions full programmatic control over yield strategy execution. Depositors supply assets; institutions decide where that capital goes: which protocols, in what order, under what conditions.

Key Properties

  • Non-custodial — Depositor funds live in the vault contract, never in institution-controlled wallets
  • ERC-4626 compatible — Standard deposit/withdraw interface with async ERC-7540 extensions for cross-chain and illiquid positions
  • Merkle-verified execution — Keepers can only call hooks that match leaves in the onchain Merkle tree
  • Automated operations — Workers handle any actions, from deposits, redemptions, reward claims, swaps, and transaction management
  • Oracle-secured PPS — Price-per-share is computed by validators, signed as EIP-712 typed data, and accepted onchain only after two-thirds weighted consensus

How SuperVaults Work

1

Depositor Requests

A depositor submits a deposit or redemption request onchain via the ERC-7540 interface.
2

Keeper Workers Execute

Seven automated workers process requests: allocating deposits to configured yield sources, fulfilling redemptions, claiming rewards, and executing swaps.
3

Institution Manages Strategy

The institution sets allocation priorities, defines automated rebalancing rules, configures Merkle authorization for keeper operations, and monitors vault health.
4

Validators Secure PPS

Off-chain validators compute price-per-share, sign EIP-712 attestations, and anyone can submit the update onchain. The oracle accepts updates only with supermajority validator consensus.

Security Model

SuperVaults enforce safety at every layer:
  • Double-Merkle hook allowlisting and blacklisting at both global and strategy levels ensures vaults can only perform pre-approved actions like depositing, redeeming, swapping, and bridging. Hook-root updates are proposal based, with the aggregator hook-root timelock defaulting to 15 minutes, and keepers still cannot execute anything outside approved leaves.
  • Clear role separation across Managers, Validators, and Guardians. Managers operate through pre-approved hooks, validators attest price-per-share, and guardians retain emergency intervention powers such as pause controls.
  • Validator-signed price-per-share (PPS) with quorum, signature, staleness, and deviation checks enforced onchain.
  • Timelocked sensitive parameters such as fee changes, PPS expiration threshold updates, active PPS oracle changes after first set, and some governance actions, while other operational controls remain immediate.
  • Automated emergency controls provide pause functionality, banned leaves, and emergency withdrawal paths using authorized hooks.

Efficiency

SuperVaults are engineered for scale:
  • Native ERC-7540 compliance enables efficient flows for low-cost deposits and async withdrawals as well as onchain composability.
  • Cross-chain deposits via the SuperBundler support 8+ networks with a single signature.
  • Modular hook engine allows SuperVaults to access any yield source. Strategies can evolve as markets do, without redeployments or protocol upgrades.

Transparency

Depositors do not have to trust; they can verify:
  • A live transparency dashboard surfaces allocations, caps, validator signatures, and performance in real time.
  • PPS can be recomputed by anyone, onchain or offchain, with circuit breakers that pause abnormal behavior automatically.
  • All underlying protocols can continuously be monitored for exploit vectors and governance risk, and quickly allocated out of if needed.

Architecture

SuperVault Architecture
The architecture comprises three systems: vault triads, governance coordination, and PPS validation.

Vault Triads

Each SuperVault deployment consists of three onchain contracts managed through the SuperVaultAggregator (factory, registry, PPS oracle forwarding, upkeep accounting, and governor-level constraints):
ContractPurpose
SuperVaultERC-7540 vault that holds depositor assets and issues share tokens. Entry-point for synchronous deposits and asynchronous redeems.
SuperVaultStrategyExecution engine that manages hook authorization via dual Merkle roots, tracks PPS high water mark, queues/fulfills redemption requests, and enforces fee policies.
EscrowHolds user shares during pending redemptions (allowing cancellation) and assets during fulfillment claims.

Governance & Coordination

ComponentRole
$UP TokenProtocol token used for governance via sUP, funds SuperVault upkeep for PPS update writes, and gains validator-bonding utility in later phases.
SuperGovernorCentral registry and access control hub. Manages role-based permissions, selected timelocked parameter updates, and emergency intervention powers.
SuperBankProtocol treasury that handles protocol fees and executes governance-approved hook operations.

PPS Validation

ComponentRole
ECDSAPPSOracleValidates price-per-share updates using ECDSA signatures and forwards validated updates to the Aggregator.
Validator NetworkValidators monitor PPS updates and submit attestations, with consensus, signature, and quorum checks enforced before updates are accepted.

Supported Yield Sources

TypeDescriptionExample
erc4626Standard ERC-4626 vaultsMorpho, Aave wrappers, Euler
pendle_ptPendle Principal TokensFixed-rate yield via PT purchase
ERC-7540 yield sources (async vaults) are on the roadmap.

Live Deployments

SuperVaults are live on Ethereum and Base with flagship vaults for USDC, WETH, and WBTC. See Deployment Addresses for the full contract list.

Next Steps

Transaction Lifecycle

End-to-end flow from deposit request to yield accrual.

Economics

Fee structure, $UP upkeep, and protocol revenue.

For Institutions

Full technical guide for institutions curating vaults.