Vault Lifecycle State Machine¶
stateDiagram-v2
[*] --> Undeployed
Undeployed --> Deployed: CenturionVaultFactory deployVault
Deployed --> SeatInitialized: controller initializeSeat
SeatInitialized --> DepositReady: depositReadiness ok
DepositReady --> Funded: beacon deposit accepted
Funded --> Running: rewards/observations flow
Running --> ExitRequested: controller requestExit
ExitRequested --> ExitAccepted: owner records acceptance
ExitAccepted --> SettlementPending: settlement proposed
SettlementPending --> SettlementFinalized: finalizeSettlement
SettlementFinalized --> PrincipalClaimable
PrincipalClaimable --> RemainderDrainable
RemainderDrainable --> Closed
Closed --> [*]
States¶
The vault is a beacon proxy bound to one validator pubkey hash. Its controller controls exits and transfers. Its metadata is part of the deposit custody proof.
Allowed Callers¶
- Factory deploys and initializes the vault.
- Controller calls
setExitRequestFallback,transferETH, andrequestExit. - External callers reach vault fund receipt through plain ETH transfers.
Failure/Hold States¶
Invalid fallback route, already-submitted exit, insufficient fee, wrong pubkey, insufficient vault balance, or controller mismatch stops the transition. Settlement and drain paths must wait for controller-side accounting state.
Operator Implications¶
Vault identity must be checked by pubkey hash, credentials, config hash, controller, factory, beacon, and code hash. A vault address alone is not enough evidence.
Expanded State Model¶
State List¶
NotDeployed.Deployed.ReadinessProven.HoldingFunds.ExitPending.SettlementFinalized.Drained.
Transition Table¶
| From | To | Transition trigger | Actor or data source | Fail-closed behavior |
|---|---|---|---|---|
NotDeployed | Deployed | Source event/function evidence | Operator or controller data source | Fail closed if evidence missing |
Deployed | ReadinessProven | Source event/function evidence | Operator or controller data source | Fail closed if evidence missing |
ReadinessProven | HoldingFunds | Source event/function evidence | Operator or controller data source | Fail closed if evidence missing |
HoldingFunds | ExitPending | Source event/function evidence | Operator or controller data source | Fail closed if evidence missing |
ExitPending | SettlementFinalized | Source event/function evidence | Operator or controller data source | Fail closed if evidence missing |
SettlementFinalized | Drained | Source event/function evidence | Operator or controller data source | Fail closed if evidence missing |
Contract And Function References¶
Use the generated Solidity inventory to reconcile each transition with the current contract functions and events before relying on the state machine for production. For vault transitions, source-grounded references must include the relevant controller, deposit, governor, gatekeeper, factory, or vault function named by the page.
Operational Impact¶
Every transition changes what an operator is allowed to do next. A transition into a blocked, cancelled, slashed, unsafe, or final state must stop routine automation until an independent reviewer confirms the next runbook.
Incident Implications¶
Unexpected transitions are incident evidence. Archive block number, transaction hash, decoded events, current state reads, and offchain source data. If the transition cannot be traced to a known runbook or approved automation, escalate before retrying dependent actions.