GLAMIDL Reference

GLAM IDL Reference

A searchable reference of every instruction in the GLAM Protocol family.

Global context

GLAM is a modular Solana program for tokenized vaults, external integrations, and policy enforcement. GLAM Protocol is the core program: it owns the state account, derives the vault account from the state account, records access control, stores vault-level policies, and authorizes vault-signed actions. Readers who want the underlying Solana model for deterministic program-controlled accounts can refer to the official Program Derived Addresses documentation.

GLAM Mint manages Token-2022 share mints, subscription and redemption flows, fee logic, request queues, escrows, and pricing validation for tokenized vaults. Token-2022 behavior such as extensions, transfer hooks, and default account state is documented by Solana in the official Token-2022 extensions documentation. Integration programs connect a GLAM vault to external protocols while preserving GLAM-level authorization. GLAM Config stores protocol-wide configuration, and GLAM Policies provides Token-2022 transfer-hook policy checks.

Account ownership and purpose:

This document covers 21 programs and 274 instructions. The table below summarizes the persistent accounts each program owns or controls. It intentionally describes account purpose rather than raw PDA seed arrays.

ProgramProgram IDAccounts owned or controlled
GLAM ProtocolGLAMpaME8wdTEzxtiYEAa5yD8fZbxZiz2hNtV58RZiEzState account, Vault PDA, Anchor event authority
GLAM MintGM1NtvvnSXUptTrMCqbogAdZJydZSNv98DoU5AZVLmGhTokenized vault mint, Request queue PDA, Escrow PDA, Anchor event authority
Kamino IntegrationG1NTkDEUR3pkEqGCKZtmtmVzCUEdYa86pezHkwYbLydeIntegration authority PDA, Kamino user, obligation, farm, and vault accounts
SPL IntegrationG1NTsQ36mjPe89HtPYqxKsjY5HmYsDR6CbD2gd2U2ptaIntegration authority PDA
CCTP IntegrationG1NTcMDYgNLpDwgnrpSZvoSKQuR9NXG7S3DmtNQCDmrKIntegration authority PDA, Anchor event authority
GLAM ConfiggConFzxKL9USmwTdJoeQJvfKmqhJ2CyUaXTyQ8v9TGXGlobal config PDA, Asset metadata records
GLAM Policies (Transfer Hook)po1iCYakK3gHCLbuju4wGzFowTMpAJxkqK1iwUqMonYPolicy account, Extra account metas PDA
GLAM Protocol StaginggstgptmbgJVi5f8ZmSRVZjZkDQwqKa3xWuUtD5WmJHzState account, Vault PDA, Anchor event authority
GLAM Mint Staginggstgm1M39mhgnvgyScGUDRwNn5kNVSd97hTtyow1Et5Tokenized vault mint, Request queue PDA, Escrow PDA, Token ACL gate accounts, Anchor event authority
Kamino Integration StaginggstgKa2Gq9wf5hM3DFWx1TvUrGYzDYszyFGq3XBY9UqIntegration authority PDA, Kamino user, obligation, farm, and vault accounts
SPL Integration Staginggstgs9nJgX8PmRHWAAEP9H7xT3ZkaPWSGPYbj3mXdTaIntegration authority PDA
Bridge Integration StaginggstgxS9yTioViNKdsM4DC33k1TU9un2VCYDQK8fAeSABridge registry PDA, LayerZero OFT route records, Managed transfer records
Registered Positions Integration Staginggstge5RzNEGQwpwBPKTJbP9yczoFEzzm5upSSsie9fXRegistered position registry data, Observation state PDA
Loopscale Integration StaginggstgL6y4uWjsfM3Qjs5euoTDmEcXoUjqx8rkYJhYngGLoopscale strategy accounts, Loopscale loan accounts
Neutral Trade Integration StaginggstgNyHgtURH7iuMn19GQczzv6Wc9fhPV2WDySZVyKxNeutral user bundle account
Phoenix Integration StaginggstgPL7r9aYedDDsXNtLpr4atYtNvY7zubAWWstqS3LIntegration authority PDA, Phoenix trader accounts
Jupiter Lend Integration StaginggstgJbGqoE3p1SdFA2dET9tcaCzNqGcdD8wpbGctnU9Integration authority PDA
Orca Integration Staginggstgo1EgmTp2PbLSaL6Qg57P7uADx3aiRZrMsewEdSyIntegration authority PDA, Orca Whirlpool positions
MarginFi Integration StaginggstgMghFitRBz2GXKwgpMd7L1JXd1sg59q2v5Y83vSYIntegration authority PDA, MarginFi accounts
Marinade Integration StaginggstgmvM2o7h7GcScvXymH1oFgWskukWWxRHC1UJJ9FJIntegration authority PDA
Stake Pool Integration StaginggstgS4dNeT3BTEQa1aaTS2b8CsAUz1SmwQDGosHSPswIntegration authority PDA

Policies and access control:

Access control has three layers that must be read together:

  1. The vault owner has all rights on the vault, but only for functionality enabled at the vault level (e.g., an enabled integration).
  2. Integrations are opt-in. A Kamino, SPL, CCTP, Bridge, Registered Positions, Loopscale, Neutral Trade, Phoenix, Jupiter Lend, Orca, or MarginFi instruction requires the corresponding integration to be enabled on the vault before it can run.
  3. Delegates start with no rights. Adding a delegate only registers an address; the owner must explicitly grant protocol-specific permissions before that delegate can act.

The recommended operating pattern is for the owner to be a multisig, such as Squads, with timelocks enabled for sensitive changes. Timelocks make policy, fee, integration, and access-control changes visible before they take effect. Emergency access updates are intended for narrow response actions such as disabling a compromised delegate or integration.

Policies apply even when the signer is the owner. Vault policies cover asset allowlists, borrowable assets, transfer destinations, and timelocks. Mint policies cover capacity, minimum subscription and redemption amounts, allowlists, blocklists, lockups, and fulfillment rules. Integration policies add protocol-specific restrictions such as slippage limits, market allowlists, borrow allowlists, vault allowlists, destination allowlists, etc.

Pricing atomicity:

All pricing instructions for a given pricing operation must be included in the same Solana transaction.

Splitting pricing instructions across multiple transactions is not supported and will produce incorrect or rejected NAV calculations. Pricing writes per-protocol valuation records into the GLAM state. Subscription fulfillment, redemption fulfillment, fee crystallization, and AUM validation rely on those records being fresh and internally consistent for the same operation.

Remaining-account validation:

Many GLAM instructions accept additional accounts via Anchor's remaining_accounts slot — for CPI into external programs, batch operations, or transfer-hook extra metas. These extras are not constrained by Anchor's account-struct macros, so GLAM enforces them inside the instruction: the only vault-controlled accounts the instruction can touch are the ones it is meant to act on.

For example, jupiter_swap and jupiter_swap_v2 reject any vault token accounts in remaining_accounts other than the input and output ATAs — preventing a caller from sneaking additional vault token accounts into the route and having them swapped or otherwise mutated.

This is an ongoing effort: per-instruction validation is being applied progressively across every instruction that accepts remaining accounts.

Integration programs and protocols

GLAM Protocol is the core program that owns the vault state, applies vault policies, and enforces access. Integration programsare separate Anchor programs that connect a GLAM vault to a specific external protocol — Kamino, SPL Token, CCTP, Marinade, and so on — under GLAM's authorization.

Within a single integration program, related on-chain surfaces are grouped into protocols (matching the program's SupportedProtocols enum). Each protocol corresponds to:

  • An entry the vault owner can enable or disable on the integration ACL — gating the entire protocol on or off.
  • A delegate-permission set the owner can grant to a specific delegate, scoped to that protocol only.
  • An optional protocol policy (allowlists, limits) that gates what arguments the integration will accept.

Most integrations expose a single protocol; a few — Kamino (Lending / Vaults / Farms), Stake Pool (StakePool / Sanctum / SanctumMulti), and GLAM Protocol itself (System / Stake / Jupiter Swap) — span several. The sidebar groups instructions by protocol when a program declares more than one. The program's overview page lists the protocols and what each one covers.

Big Seven account pattern

Most integration instructions share a standard account pattern before the destination protocol's own accounts appear. This common prefix gives GLAM enough information to authorize the action, prove the vault authority, and invoke the external program. The destination-program accounts that follow then mirror that protocol's instruction requirements one-for-one; GLAM validates the accounts it needs, adds any policy-specific data or checks, and forwards the external protocol accounts through CPI.

#AccountPurpose
1StateGLAM state account owned by the core protocol program. It records owner, enabled integrations, delegate permissions, policies, assets, borrowable assets, timelocks, mint linkage, and pricing records.
2VaultVault PDA controlled by the core protocol program and derived conceptually from the state account. It acts as the vault authority for SOL, token accounts, and supported registered positions.
3Signer / FeePayerOwner, authorized delegate, manager, or transaction fee payer. Delegates must hold the exact permission required by the instruction.
4Integration Authority PDAPDA controlled by the integration program for integration-level signing and authorization flows.
5Destination ProgramExternal program being invoked, such as Kamino, SPL Token, Circle CCTP, LayerZero, Loopscale, Neutral Trade, Phoenix, Jupiter Lend, Orca, or MarginFi.
6GLAM Core Protocol ProgramCore program used by the integration to authorize vault-signed CPI and update GLAM state where required.
7System ProgramSolana System Program, required for account creation, SOL movement, rent handling, or PDA-related flows.