Introduction

Fireblocks<>Solana Rust integration providing enterprise-grade security with developer-friendly tooling.

Features

• Remote Signing: Use Fireblocks as a drop-in replacement for local Solana keypairs
• Advanced Validation: Deep program inspection via co-signer callbacks with strongly-typed Rust decoders

Remote Signing

Warning

Standard Solana tooling stores private keys in cleartext on disk.

This integration replaces that with Fireblocks’ secure key management.

Here’s a transaction signed via Fireblocks sending SOL on devnet:

Configuration

Standard Solana config (~/.config/solana/cli/config.yml):

json_rpc_url: "https://api.devnet.solana.com"
keypair_path: "/home/user/.config/solana/id.json"  # Cleartext private key

With Fireblocks integration:

json_rpc_url: "https://api.devnet.solana.com"
keypair_path: "fireblocks://sandbox"  # Secure remote signing

This single line change enables:

• Security: Keys never leave Fireblocks’ secure enclaves
• Convenience: Approve via mobile app (biometrics + PIN) or auto-sign with co-signer
• Compliance: Policy enforcement and comprehensive audit logs
• Compatibility: Works with existing Solana CLI and SDK code

See Signer for implementation details.

Co-Signer Validation

Go beyond basic policy rules with deep transaction inspection. Use Carbon’s strongly-typed Rust decoders to understand exactly what a transaction does before signing.

Example: Automatically approve USDC transfers under $1,000 but require manual approval for larger amounts.

See detailed examples and implementation guide here.

CLI

Solana CLI

SPL CLI

Solana CLI

TBD

Solana Token CLI

TBD

Programs

Create or update programs with Fireblocks policies

• native programs
• anchor programs

Securing Solana Programs

TBD

Anchor CLI

TBD

Defi

Drift

Drift

TBD

Co-signer Validation

Problem

Fireblocks policies provide transaction-level controls (amount limits, destination whitelists) but lack deep inspection of Solana program instructions. For complex DeFi operations, you need to understand what the transaction actually does before signing.

Solution: Carbon + Co-signer Callbacks

Carbon is a Rust framework that decodes Solana program instructions into strongly-typed data structures. We leverage it for transaction validation in co-signer callbacks.

Note

Carbon was originally built for indexers but works perfectly for transaction validation due to its strongly-typed decoders.

How It Works

Fireblocks Transaction Request
         |
         v
Co-signer Callback Handler (your Rust service)
         |
         v
Carbon Decoder (parse instruction data)
         |
         v
Business Logic (validate against rules)
         |
         v
Response: APPROVE | REJECT | RETRY

The callback handler has 30 seconds to respond with:

• APPROVE - Sign the transaction
• REJECT - Deny with optional reason (logged in audit)
• RETRY - Retry up to 20 times over 60 minutes
• IGNORE - Skip this approval (for multi-sig scenarios)

Benefits

• Type Safety: Compile-time guarantees on instruction parsing
• Performance: Rust’s speed ensures sub-second validation
• Maintainability: Strongly-typed code vs parsing raw bytes
• Testing: Unit test business rules against real transaction data
• Coverage: 60+ popular Solana programs already supported

Example: CCTP Transfer Limits

Circle’s CCTP enables cross-chain USDC transfers. The protocol burns USDC on the source chain and mints on the destination.

Business Requirement: Block any cross-chain transfer exceeding 1,000 USDC.

With Carbon, we decode the depositForBurn instruction:

#![allow(unused)]
fn main() {
use carbon_circle_cctp_decoder::TokenMessengerMinterV2Instruction;

pub struct CctpValidator;

#[async_trait]
impl Processor for CctpValidator {
    type InputType = InstructionProcessorInputType<TokenMessengerMinterV2Instruction>;

    async fn process(
        &mut self,
        data: Self::InputType,
        _metrics: Arc<MetricsCollection>,
    ) -> CarbonResult<()> {
        let (metadata, ix, _nested_instructions, _idx) = data;

        match ix.data {
            TokenMessengerMinterV2Instruction::DepositForBurn(args) => {
                let amount_usdc = args.params.amount / 1_000_000; // USDC has 6 decimals
                
                if amount_usdc > 1_000 {
                    // Return REJECT to Fireblocks callback
                    return Err(format!("Transfer amount {} USDC exceeds limit", amount_usdc));
                }
                
                tracing::info!(amount_usdc, "CCTP transfer approved");
                Ok(())
            }
            _ => Ok(()), // Ignore other instructions
        }
    }
}

# Advanced: Cross-Program Invocations (CPIs)

Carbon decodes nested instruction calls, critical for DeFi protocols. Example: Jupiter's swap router internally calls the Token Program to perform swaps.

**Use Case**: Validate that a Jupiter swap doesn't exceed slippage tolerance or interacts only with approved liquidity pools.

```rust
use carbon_jupiter_swap_decoder::JupiterSwapInstruction;

match ix.data {
    JupiterSwapInstruction::SharedAccountsRoute(args) => {
        // Inspect swap parameters, check slippage, validate pools
        let slippage_bps = args.quoted_out_amount - args.slippage_bps;
        if slippage_bps > MAX_SLIPPAGE {
            return Err("Slippage too high");
        }
    }
    _ => {}
}
}

Implementation Requirements

1. Deploy co-signer infrastructure (AWS Nitro Enclaves or GCP Confidential Space)
2. Configure callback endpoint in Fireblocks console
3. Implement Carbon-based validation logic
4. Test against real Solana transactions
5. Production monitoring and audit log integration

Note: Co-signer infrastructure requires significant compute resources (large EC2 Nitro instances for SGX/enclave support).

Program Decoders

Decoders for most popular Solana programs are published and maintained:

Signer Implementation

TBD