Skip to content

Vault System Overview

VaultFactory Responsibility

CenturionVaultFactory deploys validator-specific custody vault proxies and initializes seats in controller.

Core duties:

  • enforce single vault per validator pubkey hash
  • enforce credential type and max effective balance constraints
  • create deterministic CREATE2 deployment addresses
  • bind vault metadata (validatorPubkeyHash, config hash, controller, exit request contract)

WithdrawalVault Responsibility

CenturionWithdrawalVault holds funds and exposes controller-only operations:

  • transfer ETH
  • request validator exit
  • update exit fallback contract
  • expose readiness and binding views

Beacon Proxy Pattern

  • each vault is a CenturionBeaconProxy
  • beacon implementation can be upgraded by governor authority
  • per-vault state remains in proxy storage

Deployment and Binding Flow

  1. factory validates validator and config params
  2. factory deploys vault via CREATE2 beacon proxy
  3. controller initializes seat for vault
  4. factory marks vault registries

Controller/Gatekeeper/Beneficiary Wiring

  • vault controller set at initialization
  • controller binds claim gatekeeper separately
  • seat beneficiary and principal destination live in controller seat config

Withdrawal Credential Assumption

Execution withdrawal credentials are computed from vault address; deposit path validates this relationship strictly.