Has FBYT undergone a security audit, and where can I read the results?

Yes, FBYT's smart contracts have been independently audited, and the full audit reports are publicly available as PDFs on the FBYT security page at /security. Each report details the scope of review, findings, and remediation status so users can verify the results themselves. Reviewing the audit scope carefully is important — understanding exactly which contracts and integrations were covered is as valuable as the audit badge itself.

What does 'non-custodial vault on Solana' actually mean for my funds?

A non-custodial vault on Solana means your deposited assets are held in a program-derived address (PDA) — an on-chain account controlled entirely by smart contract logic, not by any private key or individual. FBYT's program code governs what can be done with funds in the vault; no team member, admin wallet, or third party can unilaterally move them. This is fundamentally different from custodial platforms, where the service provider holds the private keys to your assets.

Is FBYT safe to use, and how can I verify that independently?

FBYT is designed so that safety guarantees are enforced at the protocol level by Solana validators on every transaction, rather than relying solely on legal agreements or trust in the team. Users can independently verify FBYT's on-chain program accounts and transaction history using Solana block explorers such as Solscan or Explorer.Solana.com. As with all DeFi protocols, smart contract risk remains present, and users should review available audit reports and understand the platform before depositing — crypto markets are volatile and capital is always at risk.

What can FBYT actually do with funds deposited into a vault?

FBYT's program logic is restricted to executing the trading and allocation instructions that vault managers are explicitly authorized to submit — it cannot transfer funds to arbitrary wallets, pause withdrawals unilaterally, or access balances outside the defined vault program instructions. The trust boundary is defined in code, not just in policy, meaning the Solana network itself enforces these limits on every transaction. Users should always review the full scope of vault permissions before depositing.

How does FBYT's vault architecture differ from protocols that have been exploited?

Many vault exploits — including those involving legitimate audit badges — occur through peripheral integrations such as oracle adapters or third-party price feeds that fall outside the primary audit scope. FBYT publishes its audit reports with explicit scope documentation so users can see exactly which contracts and integrations were reviewed. Minimizing unreviewed dependencies and ensuring the core program cannot be upgraded unilaterally without transparency are key structural safeguards in FBYT's design. No architecture eliminates all risk, but knowing where the attack surface lies helps users make informed decisions.

Can I withdraw my funds from an FBYT vault at any time?

Yes — FBYT vaults have no lock-up periods, and withdrawal rights are enforced by the on-chain program, not by a platform policy that could change. Because Solana settles transactions in under a second with negligible fees, exits are near-instant and do not require permission from FBYT or the vault manager. Investors retain control of their position at all times, which is a core principle of FBYT's non-custodial architecture.

FBYT Security: Non-Custodial Vault Architecture Explained

Why Vault Security on Solana Matters More Than Ever

The April 2026 Drift Exploit and What It Revealed About Vault Risk

A depositor had 12,000 USDC sitting in a Drift-adjacent vault in early April 2026. They hadn't checked the position in three days. When they did, the vault was at zero. The exploit moved fast — a vulnerability in a peripheral oracle integration let an attacker manipulate the price feed used to settle positions, draining affected vaults before any circuit breaker triggered. The audit badge was real. The audited contract wasn't the one that failed.

The incident didn't reveal a flaw unique to Drift. It revealed something structural about how most vault protocols are built: the attack surface isn't always where you expect it. Integrations, adapters, and third-party price feeds sit outside the primary audit scope more often than users realize. One unreviewed dependency is enough.

The Central Question Every Investor Should Ask: Who Controls My Funds?

Not "is this platform trusted?" Not "has it been audited?" Those questions matter, but they're secondary to a more fundamental one: at the protocol level, can anyone other than you move your funds?

In a custodial setup, the answer is yes. The platform holds your funds; you hold a claim. There's a legal and operational layer between you and the assets. That layer can freeze, fail, or be exploited. In a genuinely non-custodial setup, the on-chain program logic is the only authority. No team member, no admin wallet, no upgrade key with unilateral power over your balance.

How FBYT Was Designed to Answer That Question Definitively

FBYT's architecture starts from one constraint: the platform should be technically incapable of accessing user funds, not just contractually prohibited from doing so. That distinction matters. A terms-of-service clause is a legal instrument; it requires enforcement. Program-level constraints are enforced by Solana validators on every transaction, automatically, without exception.

Every design decision in the vault architecture flows from that starting point.

Non-Custodial Vault Architecture Explained in Plain English

Custodial vs. Non-Custodial: What the Difference Actually Means

Most people pick a vault by sorting the dashboard by 30-day return and depositing into the top row. Fewer stop to ask where their USDC actually sits after they sign the deposit transaction.

In a custodial model, your assets move to an address controlled by the platform. You get a receipt — a balance in a database, or a token representing a claim — but the private key that controls the underlying asset belongs to someone else. In a non-custodial model, assets move to a program-controlled account on-chain. No private key controls it; the program's instruction logic does. The program executes only what the code allows. Nothing more.

How FBYT Vaults Work: Smart Contracts, Not Middlemen

Wallet connecting to a keyless program-derived address block via orange permission lines

When you deposit USDC into an FBYT vault, the funds move to a program-derived address (PDA) governed by FBYT's deployed Solana program. A PDA has no private key. Nobody "owns" it in the traditional sense; the program controls it, and the program's behavior is fixed at deployment.

The vault manager — the trader running the strategy — can instruct the program to execute trades via Jupiter. The program checks those instructions against a defined set of permitted actions before execution. What the manager cannot do: initiate a transfer to an external wallet, withdraw depositor funds to their own address, or interact with any program outside the approved instruction set.

Your share of the vault is tracked proportionally, down to the lamport (Solana's smallest unit of account, equivalent to 0.000000001 SOL). When you withdraw, the program calculates your share of the current vault value and sends it to your wallet. No approval from FBYT is required.

Why FBYT Cannot Access, Lock, or Move Your Funds — Ever

This isn't a policy statement. It's an architectural one.

The FBYT program does not contain an instruction that transfers funds to an FBYT-controlled address. That instruction doesn't exist in the bytecode. If it's not in the program, it cannot be called — not by the FBYT team, not by a vault manager, not by anyone. Solana validators would reject the transaction before it landed.

Don't confuse "FBYT promises not to touch your funds" with "FBYT is technically unable to touch your funds." The second framing is what's true here, and it's verifiable on-chain.

How Your Funds Stay Under Program Control on Solana

Your Wallet Remains the Authority: Deposit and Withdrawal Mechanics

Consider a straightforward scenario: you connect your Phantom wallet, deposit 1,000 USDC into a vault, and then decide three hours later that you want out. The withdrawal transaction is signed by your wallet, submitted to the Solana network, and processed by the program. FBYT's servers are not in that flow. The frontend facilitates the transaction; the program executes it. If FBYT's frontend went offline tomorrow, you could still interact with the program directly via a Solana client or the explorer.

Deposits are similarly direct: your wallet signs, the program receives, your vault share is minted. No escrow period. No holding account. No manual processing step.

What Vault Managers Can and Cannot Instruct the Program to Do

Vault managers operate within a permission scope defined in the program code. They can: submit trade instructions to Jupiter aggregator routes, set strategy parameters within the vault's defined bounds, and close positions.

They cannot: transfer any portion of depositor funds to an external wallet, modify the withdrawal logic, override a depositor's withdrawal request, or interact with protocols outside the approved integration list. Attempts to do so would fail at the instruction validation layer, before execution.

The permission boundary isn't enforced by FBYT's backend. It's enforced by the program.

No Lock-Up Periods: Withdrawing Any Time, With No Permission Required

Some vault protocols impose lock-up windows — 7-day, 30-day, or epoch-based withdrawal queues. FBYT does not. Withdrawal is available at any time, for any reason, without notifying FBYT, the vault manager, or anyone else.

One practical caveat: if a vault has open leveraged positions at the time of withdrawal, the program will close or reduce exposure proportionally before releasing your share. That's not a lock; it's standard execution logic to ensure the math works correctly for all remaining depositors.

FBYT Security Audit: What Was Reviewed and What Was Found

Scope of the Audit: Programs, Instruction Logic, and Access Controls

The FBYT security audit covered the core vault program, including all instruction handlers (deposit, withdraw, trade execution, fee collection), access control logic (who can call which instructions and under what conditions), PDA derivation and ownership checks, and the Jupiter CPI (cross-program invocation) integration layer.

The audit scope explicitly included the integration points — the exact category where the April 2026 incident found its opening. Cross-program calls were reviewed for reentrancy risk, account validation, and privilege escalation. This is where many audits stop short; ours did not.

Key Findings and Remediations

The audit identified issues across severity tiers. All critical and high findings were resolved before program deployment. Medium findings were addressed with documented remediations and re-tested. Low-severity findings are tracked and scheduled for the next upgrade cycle.

Specific findings included: an access control issue in a fee-collection instruction that, under certain conditions, could have been called by an unauthorized signer (patched before deployment); an account validation gap in a legacy instruction handler that was removed from the final program; and two informational findings related to event logging completeness.

None of the critical or high findings reached a deployed mainnet program. The audit was conducted pre-launch.

Where to Read the Full Audit Reports

Full audit reports are publicly available. The PDFs include the original findings, FBYT's remediation responses, and the auditor's re-test results. Read them. If something in the report doesn't make sense, ask in the FBYT Discord — the technical team answers directly.

FBYT Trust Boundaries: A Clear Statement of What We Can and Cannot Do

What FBYT Can Do: Interface, Analytics, and Fee Collection

FBYT operates the frontend at fbyt.io, maintains the analytics dashboard, processes performance fees via an on-chain fee instruction (which is part of the audited program), and publishes vault statistics derived from on-chain data. These are real capabilities; transparency requires stating them.

The fee instruction is also auditable. You can verify the fee rate, the destination address, and the conditions under which it triggers — all on-chain.

What FBYT Cannot Do: Move Funds, Override Withdrawals, or Modify Program Logic Post-Deployment

The program deployed on Solana mainnet does not contain an admin withdraw function. There is no privileged instruction that lets the FBYT team, or anyone else, extract depositor funds. Withdrawal overrides do not exist in the instruction set. These aren't governance commitments — they're absent from the bytecode.

Post-deployment program modifications require an upgrade authority. FBYT's upgrade governance process requires multi-signature authorization (details are in the audit report and on-chain). Any upgrade would be visible on-chain before taking effect, and the community can monitor the upgrade authority address.

Why Immutable On-Chain Code Enforces These Limits — Not Promises

Faded policy document beside immutable glowing bytecode blocks on a dark background

A contract says what a party intends to do. Code says what a program will do.

FBYT's security guarantees aren't backed by promises or legal agreements — they're enforced by the Solana runtime on every transaction. When the network processes a deposit, a trade, or a withdrawal, it runs the bytecode, not a policy document. That's the operational meaning of "non-custodial vault Solana architecture": the enforcement mechanism is cryptographic, not contractual.

On-Chain Verifiability: You Don't Have to Take Our Word for It

Every Trade and Balance Is Publicly Recorded on Solana

Every deposit, every Jupiter fill, every fee, every withdrawal: all recorded in Solana transaction history, permanently, indexed on Solscan and Solana Explorer. A vault's historical performance isn't a number FBYT produces — it's a chain of on-chain state transitions anyone can reconstruct.

This matters in two ways. First, it means FBYT cannot retroactively alter a vault's track record. Second, it means you can audit any vault manager's strategy yourself before depositing: trade frequency, position sizes, drawdown events, fee extraction timing — all visible.

How to Read a Vault's On-Chain State Yourself

Start with the vault's program-derived address, available on the vault detail page. Paste it into Solscan. You'll see the current token balances, recent transactions, and the accounts the program has interacted with. For each trade transaction, the Jupiter route is embedded in the instruction data: which tokens, which amounts, which pools.

You don't need to parse raw instruction bytes manually. The Solscan UI decodes most of it. For deeper analysis — reconstructing historical NAV, verifying fee calculations — the FBYT open-source indexer is available on the FBYT GitHub.

Coming Next: Step-by-Step Tutorial — Verifying a Solana Vault On-Chain

A full walkthrough is coming — how to pull the vault PDA, read the token account balances, cross-reference fill prices against Jupiter's public API, and verify that withdrawal logic behaved correctly for a past transaction. If you want to move beyond "I trust the dashboard" to "I verified the math myself," that's where to start.

FBYT's Incident-Response Posture: How We Handle the Unexpected

Ongoing Security Monitoring and Upgrade Governance

FBYT runs continuous on-chain monitoring across all deployed program addresses. Anomalous instruction patterns — unexpected call volumes, unusual account interactions, transactions that deviate from normal vault behavior — trigger internal alerts. The monitoring stack is independent of the frontend, so a frontend outage doesn't affect detection capability.

Program upgrades follow a multi-sig governance process. No single FBYT team member can push a program upgrade unilaterally. The upgrade authority address is public; you can monitor it directly on Solscan if you want to be notified of any upgrade proposals.

Responsible Disclosure and Bug Bounty Program

Security researchers who identify vulnerabilities in FBYT's deployed programs can submit findings through the responsible disclosure process. The bug bounty scope covers all deployed mainnet programs. Payouts are tiered by severity.

Don't post vulnerability details publicly before contacting the team. A coordinated disclosure window gives FBYT time to patch and migrate without creating a live exploit opportunity. Researchers who follow this process are acknowledged and compensated; those who post publicly first are not.

Communication Commitments: What Users Will Be Told and When

If a security incident affects or potentially affects depositor funds, FBYT will publish an on-chain-verifiable incident notice and a written disclosure within 24 hours of confirmed detection. "We're investigating" is a valid first message — silence isn't. Updates will follow at defined intervals until resolution.

Post-incident, a full technical post-mortem will be published: what happened, which program or integration was involved, what the impact was, and what changed. The April 2026 incident in the broader ecosystem showed what happens when platforms don't communicate quickly. That's not the standard FBYT holds itself to.

Verify FBYT Security for Yourself — On-Chain, Right Now

Where to Find FBYT Program Addresses and Audit Certificates

Every deployed FBYT program address, the corresponding audit PDFs, the auditor's re-test confirmations, and the upgrade authority address are listed. The page is linked from the site footer on every page. Cross-reference the program addresses against what's deployed on mainnet using Solscan or Solana Explorer — if they match, what you're reading on the dashboard is what's actually running on-chain.

The audit certificates include the auditor's public key so you can verify the document hasn't been altered since publication.

Start Investing With the Confidence That Only Self-Custody Provides

Non-custodial vault architecture on Solana doesn't eliminate all risk — smart-contract risk, oracle risk, and strategy risk are real regardless of the custody model. What it eliminates is the category of risk where the platform itself is the threat vector. FBYT cannot take your funds. The program won't allow it. Verify that claim yourself before you deposit a single USDC.

Crypto assets are highly volatile and on-chain strategies carry real risk, including the possibility of total capital loss. Historical vault performance reflects past on-chain results and is not a guarantee of future returns. FBYT is non-custodial and does not provide financial advice — nothing on this page constitutes a recommendation to deposit. Smart-contract audits reduce risk; they do not eliminate it. Review the full audit reports, the vault's on-chain history, and the underlying strategy before allocating any funds.

How FBYT's Non-Custodial Vault Architecture Keeps Funds Safe