Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Co-signer Validation

Problem

Fireblocks policies provide transaction-level controls (amount limits, destination whitelists) but lack deep inspection of Solana program instructions. For complex DeFi operations, you need to understand what the transaction actually does before signing.

Solution: Carbon + Co-signer Callbacks

Carbon is a Rust framework that decodes Solana program instructions into strongly-typed data structures. We leverage it for transaction validation in co-signer callbacks.

Note

Carbon was originally built for indexers but works perfectly for transaction validation due to its strongly-typed decoders.

How It Works

Fireblocks Transaction Request
         |
         v
Co-signer Callback Handler (your Rust service)
         |
         v
Carbon Decoder (parse instruction data)
         |
         v
Business Logic (validate against rules)
         |
         v
Response: APPROVE | REJECT | RETRY

The callback handler has 30 seconds to respond with:

  • APPROVE - Sign the transaction
  • REJECT - Deny with optional reason (logged in audit)
  • RETRY - Retry up to 20 times over 60 minutes
  • IGNORE - Skip this approval (for multi-sig scenarios)

Benefits

  • Type Safety: Compile-time guarantees on instruction parsing
  • Performance: Rust’s speed ensures sub-second validation
  • Maintainability: Strongly-typed code vs parsing raw bytes
  • Testing: Unit test business rules against real transaction data
  • Coverage: 60+ popular Solana programs already supported

Example: CCTP Transfer Limits

Circle’s CCTP enables cross-chain USDC transfers. The protocol burns USDC on the source chain and mints on the destination.

Business Requirement: Block any cross-chain transfer exceeding 1,000 USDC.

With Carbon, we decode the depositForBurn instruction:

#![allow(unused)]
fn main() {
use carbon_circle_cctp_decoder::TokenMessengerMinterV2Instruction;

pub struct CctpValidator;

#[async_trait]
impl Processor for CctpValidator {
    type InputType = InstructionProcessorInputType<TokenMessengerMinterV2Instruction>;

    async fn process(
        &mut self,
        data: Self::InputType,
        _metrics: Arc<MetricsCollection>,
    ) -> CarbonResult<()> {
        let (metadata, ix, _nested_instructions, _idx) = data;

        match ix.data {
            TokenMessengerMinterV2Instruction::DepositForBurn(args) => {
                let amount_usdc = args.params.amount / 1_000_000; // USDC has 6 decimals
                
                if amount_usdc > 1_000 {
                    // Return REJECT to Fireblocks callback
                    return Err(format!("Transfer amount {} USDC exceeds limit", amount_usdc));
                }
                
                tracing::info!(amount_usdc, "CCTP transfer approved");
                Ok(())
            }
            _ => Ok(()), // Ignore other instructions
        }
    }
}

# Advanced: Cross-Program Invocations (CPIs)

Carbon decodes nested instruction calls, critical for DeFi protocols. Example: Jupiter's swap router internally calls the Token Program to perform swaps.

**Use Case**: Validate that a Jupiter swap doesn't exceed slippage tolerance or interacts only with approved liquidity pools.

```rust
use carbon_jupiter_swap_decoder::JupiterSwapInstruction;

match ix.data {
    JupiterSwapInstruction::SharedAccountsRoute(args) => {
        // Inspect swap parameters, check slippage, validate pools
        let slippage_bps = args.quoted_out_amount - args.slippage_bps;
        if slippage_bps > MAX_SLIPPAGE {
            return Err("Slippage too high");
        }
    }
    _ => {}
}
}

Implementation Requirements

  1. Deploy co-signer infrastructure (AWS Nitro Enclaves or GCP Confidential Space)
  2. Configure callback endpoint in Fireblocks console
  3. Implement Carbon-based validation logic
  4. Test against real Solana transactions
  5. Production monitoring and audit log integration

Note: Co-signer infrastructure requires significant compute resources (large EC2 Nitro instances for SGX/enclave support).

Program Decoders

Decoders for most popular Solana programs are published and maintained:

Crate NameDescriptionProgram ID
carbon-address-lookup-table-decoderAddress Lookup Table DecoderAddressLookupTab1e1111111111111111111111111
carbon-associated-token-account-decoderAssociated Token Account DecoderATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL
carbon-bonkswap-decoderBonkswap Program DecoderBSwp6bEBihVLdqJRKGgzjcGLHkcTuzmSo1TQkHepzH8p
carbon-boop-decoderBoop Decoderboop8hVGQGqehUK2iVEMEnMrL5RbjywRzHKBmBE7ry4
carbon-bubblegum-decoderBubblegum DecoderBGUMAp9Gq7iTEuizy4pqaxsTyUCBK68MDfK752saRPUY
carbon-circle-cctp-decoderCircle DecoderCCTPV2Sm4AdWt5296sk4P66VBZ7bEhcARwFaaS9YPbeC
carbon-drift-v2-decoderDrift V2 Program DecoderdRiftyHA39MWEi3m9aunc5MzRF1JYuBsbn6VPcn33UH
carbon-fluxbeam-decoderFluxbeam Program DecoderFLUXubRmkEi2q6K3Y9kBPg9248ggaZVsoSFhtJHSrm1X
carbon-gavel-decoderGavel Pool DecodersrAMMzfVHVAtgSJc8iH6CfKzuWuUTzLHVCE81QU1rgi
carbon-heaven-decoderHeaven Program DecoderHEAVENoP2qxoeuF8Dj2oT1GHEnu49U5mJYkdeC8BAX2o
carbon-jupiter-dca-decoderJupiter DCA Program DecoderDCA265Vj8a9CEuX1eb1LWRnDT7uK6q1xMipnNyatn23M
carbon-jupiter-limit-order-decoderJupiter Limit Order Program DecoderjupoNjAxXgZ4rjzxzPMP4oxduvQsQtZzyknqvzYNrNu
carbon-jupiter-limit-order-2-decoderJupiter Limit Order 2 Program Decoderj1o2qRpjcyUwEvwtcfhEQefh773ZgjxcVRry7LDqg5X
carbon-jupiter-perpetuals-decoderJupiter Perpetuals Program DecoderPERPHjGBqRHArX4DySjwM6UJHiR3sWAatqfdBS2qQJu
carbon-jupiter-swap-decoderJupiter Swap Program DecoderJUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4
carbon-kamino-farms-decoderKamino Farms Program DecoderFarmsPZpWu9i7Kky8tPN37rs2TpmMrAZrC7S7vJa91Hr
carbon-kamino-lending-decoderKamino Lend DecoderKLend2g3cP87fffoy8q1mQqGKjrxjC8boSyAYavgmjD
carbon-kamino-limit-order-decoderKamino Limit Order Program DecoderLiMoM9rMhrdYrfzUCxQppvxCSG1FcrUK9G8uLq4A1GF
carbon-kamino-vault-decoderKamino Vault DecoderkvauTFR8qm1dhniz6pYuBZkuene3Hfrs1VQhVRgCNrr
carbon-lifinity-amm-v2-decoderLifinity AMM V2 Program Decoder2wT8Yq49kHgDzXuPxZSaeLaH1qbmGXtEyPy64bL7aD3c
carbon-marginfi-v2-decoderMarginfi V2 Program DecoderMFv2hWf31Z9kbCa1snEPYctwafyhdvnV7FZnsebVacA
carbon-marinade-finance-decoderMarinade Finance Program DecoderMarBmsSgKXdrN1egZf5sqe1TMai9K1rChYNDJgjq7aD
carbon-memo-program-decoderSPL Memo Program DecoderMemo1UhkJRfHyvLMcVucJwxXeuD728EqVDDwQDxFMNo
carbon-meteora-damm-v2-decoderMeteora DAMM V2 Program DecodercpamdpZCGKUy5JxQXB4dcpGPiikHawvSWAd6mEn1sGG
carbon-meteora-dbc-decoderMeteora DBC Program Decoderdbcij3LWUppWqq96dh6gJWwBifmcGfLSB5D4DuSMaqN
carbon-meteora-dlmm-decoderMeteora DLMM Program DecoderLBUZKhRxPF3XUpBCjp4YzTKgLccjZhTSDM9YuVaPwxo
carbon-meteora-pools-decoderMeteora Pools Program DecoderEo7WjKq67rjJQSZxS6z3YkapzY3eMj6Xy8X5EQVn5UaB
carbon-meteora-vault-decoderMeteora Vault Program Decoder24Uqj9JCLxUeoC3hGfh5W3s9FM9uCHDS2SG3LYwBpyTi
carbon-moonshot-decoderMoonshot Program DecoderMoonCVVNZFSYkqNXP6bxHLPL6QQJiMagDL3qcqUQTrG
carbon-mpl-core-decoderMPL Core Program DecoderCoREENxT6tW1HoK8ypY1SxRMZTcVPm7R94rH4PZNhX7d
carbon-mpl-token-metadata-decoderMPL Token Metadata Program DecodermetaqbxxUerdq28cj1RbAWkYQm3ybzjb6a8bt518x1s
carbon-name-service-decoderSPL Name Service Program DecodernamesLPneVptA9Z5rqUDD9tMTWEJwofgaYwp8cawRkX
carbon-okx-dex-decoderOKX DEX Decoder6m2CDdhRgxpH4WjvdzxAYbGxwdGUz5MziiL5jek2kBma
carbon-openbook-v2-decoderOpenbook V2 Program Decoderopnb2LAfJYbRMAHHvqjCwQxanZn7ReEHp1k81EohpZb
carbon-orca-whirlpool-decoderOrca Whirlpool Program DecoderwhirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc
carbon-pancake-swap-decoderPancake Swap Program DecoderHpNfyc2Saw7RKkQd8nEL4khUcuPhQ7WwY1B2qjx8jxFq
carbon-phoenix-v1-decoderPhoenix V1 Program DecoderPhoeNiXZ8ByJGLkxNfZRnkUfjvmuYqLR89jjFHGqdXY
carbon-pumpfun-decoderPumpfun Program Decoder6EF8rrecthR5Dkzon8Nwu78hRvfCKubJ14M5uBEwF6P
carbon-pump-swap-decoderPumpSwap Program DecoderpAMMBay6oceH9fJKBRHGP5D4bD4sWpmSwMn52FMfXEA
carbon-pump-fees-decoderPump Fees Program DecoderpfeeUxB6jkeY1Hxd7CsFCAjcbHA9rWtchMGdZ6VojVZ
carbon-raydium-amm-v4-decoderRaydium AMM V4 Program Decoder675kPX9MHTjS2zt1qfr1NYHuzeLXfQM9H24wFSUt1Mp8
carbon-raydium-clmm-decoderRaydium CLMM Program DecoderCAMMCzo5YL8w4VFF8KVHrK22GGUsp5VTaW7grrKgrWqK
carbon-raydium-cpmm-decoderRaydium CPMM Program DecoderCPMMoo8L3F4NbTegBCKVNunggL7H1ZpdTHKxQB5qKP1C
carbon-raydium-launchpad-decoderRaydium Launchpad Program DecoderLanMV9sAd7wArD4vJFi2qDdfnVhFxYSUg6eADduJ3uj
carbon-raydium-liquidity-locking-decoderRaydium Liquidity Locking Program DecoderLockrWmn6K5twhz3y9w1dQERbmgSaRkfnTeTKbpofwE
carbon-raydium-stable-swap-decoderRaydium Stable Swap Program Decoder5quBtoiQqxF9Jv6KYKctB59NT3gtJD2Y65kdnB1Uev3h
carbon-sharky-decoderSharkyFi DecoderSHARKobtfF1bHhxD2eqftjHBdVSCbKo9JtgK71FhELP
carbon-solayer-pool-restaking-decoderSolayer Pool Restaking Program DecodersSo1iU21jBrU9VaJ8PJib1MtorefUV4fzC9GURa2KNn
carbon-stabble-stable-swap-decoderStabble Stable Swap DecoderswapNyd8XiQwJ6ianp9snpu4brUqFxadzvHebnAXjJZ
carbon-stabble-weighted-swap-decoderStabble Weighted Swap DecoderswapFpHZwjELNnjvThjajtiVmkz3yPQEHjLtka2fwHW
carbon-stake-program-decoderStake Program DecoderStake11111111111111111111111111111111111111
carbon-swig-decoderSwig DecoderswigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB
carbon-system-program-decoderSystem Program Decoder11111111111111111111111111111111
carbon-token-2022-decoderToken 2022 Program DecoderTokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb
carbon-token-program-decoderToken Program DecoderTokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA
carbon-vertigo-decoderVertigo Program DecodervrTGoBuy5rYSxAfV3jaRJWHH6nN9WK4NRExGxsk1bCJ
carbon-virtuals-decoderVirtuals Program Decoder5U3EU2ubXtK84QcRjWVmYt9RaDyA8gKxdUrPFXmZyaki
carbon-wavebreak-decoderWavebreak Program DecoderwaveQX2yP3H1pVU8djGvEHmYg8uamQ84AuyGtpsrXTF
carbon-zeta-decoderZeta Program DecoderZETAxsqBRek56DhiGXrn75yj2NHU3aYUnxvHXpkf3aD