Security Model Overview (PDF)

Chain: Solana | Custody: PDA-Based

This security model overview outlines the full staking architecture of Suit up NFT ecosystem. It covers front-end integration, custody model, backend logic, and associated features including governance and lottery. The evaluation is based on the live system behavior, provided source code, and standard best practices in Solana NFT.

1. Custody and On-Chain Design

Program-Derived Custody NFTs staked through Suit up are held in multiple deterministic Program Derived Addresses (PDAs), generated per user. The structure guarantees:

• No access by private keys

• Deterministic, reproducible addresses

• Stateless, program-owned custody with full user traceability

Custody implementation follows standards consistent with Solana-native protocols including Tensor and Magic Eden.

NFT Validation Before NFTs are accepted into custody, the platform performs layered validation:

• Token ownership confirmed through getParsedTokenAccountsByOwner

• NFT metadata checked against registered collection identifiers

• Programmable and compressed NFTs handled through custom logic

This multi-layered approach ensures NFTs are authentic, owned by the user, and eligible for staking.

Collection Authentication NFTs are restricted to official Suit up collections. The system validates collection origin using both local metadata (mint list) and runtime checks based on:

• Metaplex collection.verified

• updateAuthority comparison

• Creator array validation

This architecture prevents invalid or unauthorized tokens from entering the staking pool.

2. Front-End Integration

The staking system operates within a custom-built Next.js app, using:

• React server components

• @solana/wallet-adapter with Phantom, Solflare, and Torus support

• Umi for transaction construction and account interaction

All staking-related actions—stake, unstake, claim—are initiated through wallet-signed transactions. No transactions are triggered without user intent.

Batch Staking The platform supports staking of up to 19 NFTs simultaneously. Logic includes:

• Individual transaction tracking

• Error reporting per mint

• Retry fallback with transaction persistence via executeCNFTTransactionWithRetry

This design supports scale and minimizes user friction.

3. Governance Module

Proposal Creation and Voting Users who have staked NFTs can participate in governance via wallet-gated proposals. The system supports:

• Proposal creation with start/end timestamps

• Option-based voting (e.g., binary or multiple-choice)

• Voting weight tied to staked NFTs and multiplier logic

Votes are stored in backend infrastructure and linked cryptographically to wallet signatures.

Vote Integrity Voting sessions enforce:

• One vote per wallet per proposal

• Signed payloads for tamper resistance

• Eligibility filtering based on active staking state

This design supports decentralized governance while maintaining structural integrity.

4. Lottery Infrastructure

Ticket Generation Staked users receive tickets based on:

• Total staked Printing Machine NFT

• If at least 1 Suit up NFT staked

Tickets are assigned per wallet and tied to NFT identity to prevent inflation or re-use.

Draw Mechanics

The lottery is managed off-chain but secured by:

• Deterministic ticket assignment

• Account-based uniqueness enforcement

• Audit trail of entries and draw outcomes

Prize draws are processed and recorded using reproducible logic, with historical access available to all users.

5. Backend & API Security

The platform uses Firestore as the primary data layer. APIs are implemented under Next.js and gated using:

• Wallet-based signed authentication (message signing)

• Server-side signature validation

• Rate-limited access controls to prevent abuse

Endpoints governing stake, vote, ticket, and claim operations validate ownership and block unauthorized requests.

6. System Reliability and Infrastructure

• Solana RPC endpoint configurable via environment variables

• Automatic fallbacks and retries for transaction failures

• Front-end hydration and real-time wallet state sync via wallet adapter

• Modularity to onboard new NFT collections or adjust staking rules without protocol rewrites

Conclusion

Suit up staking system is designed in alignment with best practices for secure, scalable NFT staking on Solana. It employs PDA-based custody, validated asset ownership, signed actions, and modular governance. The architecture supports expansion to future NFT collections and off-chain reward systems without compromising protocol security or user trust.

The platform meets the standards for production deployment and composability within the broader Solana ecosystem.

Staking diagram

Reference Libraries & Infrastructure

Core Development Stack

• Anchor Book (Smart Contract) Build Solana smart contracts using the Anchor framework (Rust-based)

• Metaplex Token Metadata Program Core standard for verifying and interacting with NFT metadata on-chain

• pNFT Authorization Guide Create programmable NFTs with on-chain access controls and rules

• cNFT Compression (Bubblegum) cNFT minting/storage using the Bubblegum program

• Metaplex Rust SDK Tools to integrate with Metaplex programs using Rust

Frontend & Infrastructure

• Solana Wallet Adapter Frontend library for connecting wallets like Phantom, Backpack, and others

• Helius RPC Solana RPC with NFT indexing, webhook support, and metadata APIs

1MB

Staking Security Model Overview.pdf

pdf