CCTP IntegrationProduction
deposit_for_burn
Burns vault USDC through CCTP for an outbound cross-chain transfer.
Handler narrative
- Load the GLAM state or program account required by the instruction and verify the signer.
- Verify that the integration is enabled on the vault and that the caller has the required delegate permission or owner authority.
- Validate the instruction-specific policy, then invoke the external protocol with the vault authority where required.
Required conditions
- The submitted accounts must match the declared account list, signer requirements, writable requirements, fixed program addresses, and account relationships shown below.
- The GLAM state account is the source of truth for owner, enabled integrations, delegate permissions, policies, assets, borrowable assets, timelock settings, mint linkage, and pricing records.
- The vault account must be the PDA controlled by the core protocol program and derived conceptually from the state account; instructions use it as the vault authority for SOL, token accounts, and external positions.
- The vault integration ACL must enable this integration before the instruction is accepted; that enablement is defined on the GLAM state account.
- If the signer is not the owner, the delegate ACL on the GLAM state must contain the exact protocol permission required by this instruction; registering a delegate alone is insufficient.
- Instruction-specific destination accounts must satisfy the external protocol's own account model; GLAM validates the accounts it needs for authorization and policy enforcement, then passes the remaining protocol accounts through CPI.
- Asset, amount, and destination restrictions must satisfy the configured transfer or destination policy when that policy is present.
Accounts
Uses the standard Big Seven account pattern, plus the instruction-specific accounts below.
| Account | Role | Description |
|---|---|---|
| sender_authority_pda | read-only | Instruction-specific account supplied by the caller or SDK. |
| burn_token_account | writable | Token account read or written by the instruction. |
| denylist_account | read-only | Instruction-specific account supplied by the caller or SDK. |
| message_transmitter | writable | Instruction-specific account supplied by the caller or SDK. |
| token_messenger | read-only | Instruction-specific account supplied by the caller or SDK. |
| remote_token_messenger | read-only | Instruction-specific account supplied by the caller or SDK. |
| token_minter | read-only | Token mint account used by the instruction. |
| local_token | writable | Instruction-specific account supplied by the caller or SDK. |
| burn_token_mint | writable | Token mint account used by the instruction. |
| message_sent_event_data | signer, writable | Token account read or written by the instruction. |
| message_transmitter_program | read-only | Fixed program or sysvar account required by this instruction. |
| token_messenger_minter_program | read-only | Token mint account used by the instruction. |
| event_authority | read-only | Instruction-specific account supplied by the caller or SDK. |
Arguments
| Argument | Type | Notes |
|---|---|---|
| args | DepositForBurnParams | Instruction parameter object; field details are listed below. Fields: amount: u64; destination_domain: u32; mint_recipient: pubkey; destination_caller: pubkey; max_fee: u64; min_finality_threshold: u32 |
Policy & permissions
- Enable
CCTPon the vault integration ACL. Protocol bitflag:0b00000001. - Delegate permission: CCTP
Transfer(0b0000000000000001). - Destination and asset restrictions must satisfy the configured transfer or destination policy when one is set.
TypeScript SDK usage
await glamClient.cctp.bridgeUsdc(
new BN(1_000_000),
0,
destinationAddress,
{ maxFee: new BN(500_000), minFinalityThreshold: 1000 },
);Cross-instruction constraints
- No additional cross-instruction constraint is documented beyond account initialization, authority checks, and policy validation.