{"id":50496201,"url":"https://github.com/davidweb3-ctrl/vesting-dapp","last_synced_at":"2026-06-02T07:04:14.357Z","repository":{"id":337268670,"uuid":"1152889098","full_name":"davidweb3-ctrl/vesting-dapp","owner":"davidweb3-ctrl","description":"A decentralized token lockup and vesting protocol built on Solana, featuring Cliff \u0026 Linear vesting models with dual implementations via Anchor and Pinocchio frameworks.","archived":false,"fork":false,"pushed_at":"2026-02-08T16:35:11.000Z","size":249,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-08T22:31:35.603Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidweb3-ctrl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-08T15:40:27.000Z","updated_at":"2026-02-08T16:35:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/davidweb3-ctrl/vesting-dapp","commit_stats":null,"previous_names":["davidweb3-ctrl/vesting-dapp"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/davidweb3-ctrl/vesting-dapp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidweb3-ctrl%2Fvesting-dapp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidweb3-ctrl%2Fvesting-dapp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidweb3-ctrl%2Fvesting-dapp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidweb3-ctrl%2Fvesting-dapp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidweb3-ctrl","download_url":"https://codeload.github.com/davidweb3-ctrl/vesting-dapp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidweb3-ctrl%2Fvesting-dapp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33810348,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-02T07:04:13.251Z","updated_at":"2026-06-02T07:04:14.348Z","avatar_url":"https://github.com/davidweb3-ctrl.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure Token Vesting \u0026 Escrow DApp\n\n\u003e 基于 Solana 的去中心化 Token 锁仓与释放基础设施,支持 Cliff + 线性释放模型,提供 Anchor 与 Pinocchio 双合约实现。\n\n## 💻 项目 Repo\n\nhttps://github.com/davidweb3-ctrl/vesting-dapp\n\n## 📌 项目简介\n\n**Secure Token Vesting \u0026 Escrow DApp** 是一个构建在 Solana 主链上的 Token 锁仓与释放基础设施模块。通过链上 Program 托管 Token,按预设时间规则(Cliff + Linear)自动释放资产,解决当前 Solana 生态中 Token 分发安全性不足、标准缺失、工程重复的问题。\n\n在 Solana 生态 TVL 达 $350 亿、年部署 Token 超 500 万个的市场背景下,98.7% 的 Pump.fun Token 呈现 Rug Pull 特征。本项目通过 **PDA 控制 Vault(无私钥)**、**参数创建后不可篡改**、**released_amount 单调递增** 等机制,从架构层面杜绝 Rug Pull 风险,让 Token 释放成为链上可验证、可审计的标准能力。\n\n项目同时提供 **Anchor** 和 **Pinocchio(原生 Solana Program)** 两套实现,功能完全一致,用于交叉验证和 CU 性能对比。\n\n---\n\n## 🛠️ 技术栈\n\n- **智能合约**:Rust + Anchor Framework 0.32.1 + Pinocchio 0.10\n- **前端**:Next.js 16 + React 19 + TypeScript + Tailwind CSS\n- **钱包适配**:@solana/wallet-adapter(Phantom / Solflare)\n- **链上交互**:@solana/web3.js 1.x + @coral-xyz/anchor + @solana/spl-token\n- **状态管理**:TanStack React Query\n- **测试**:ts-mocha + Chai + solana-test-validator\n- **工具链**:Solana CLI 3.1.7, Anchor CLI 0.32.1, pnpm, Rust 1.92.0\n\n---\n\n## 🎬 Demo 演示\n\n### 演示链接\n\n- 🌐 **在线 Demo**:本地运行 `cd app \u0026\u0026 pnpm dev`,访问 http://localhost:3000,连接 Devnet 钱包即可体验\n- 🔗 **Devnet 合约**:Anchor `BB1JtUxXtmDnb6L5qXUSfuvT18TggYuSLBzfmjoYFnb4` | Pinocchio `3XcZJ34qBmN2g9joSeVH2kBQkmh2ZVV3e6dRMb7TCq3h`([Explorer](https://explorer.solana.com/address/BB1JtUxXtmDnb6L5qXUSfuvT18TggYuSLBzfmjoYFnb4?cluster=devnet))\n- 📖 详细测试步骤:[Devnet 测试指南](docs/DEVNET_TESTING.md)\n\n### 功能截图\n\n**首页**\n\n![Home Page](https://github.com/user-attachments/assets/8aa45b1f-fcab-42cf-afb8-8c82983a9b26)\n\n**创建锁仓计划**\n\n![Create Vesting](https://github.com/user-attachments/assets/bd29304f-3ddf-4d42-b441-1ee12a0a8d5e)\n\n**创建锁仓计划 — 创建成功**\n\n![Create Success](https://github.com/user-attachments/assets/29eaf60a-c085-43be-909f-15fc3d55bb71)\n\n**Dashboard — Admin 视图(已充值)**\n\n![Dashboard Admin](https://github.com/user-attachments/assets/d6444419-7e08-4d35-90c8-9e86ae7cfbf0)\n\n**Dashboard — Beneficiary 视图**\n\n![Dashboard Beneficiary](https://github.com/user-attachments/assets/0b736ede-47d9-4467-907e-662a6382b1c3)\n\n**Claim 页面 — 领取 Token**\n\n![Claim Page](https://github.com/user-attachments/assets/ecd3a491-5d71-4e2d-9a01-21535b5d534c)\n\n**Claim 成功**\n\n![Claim Success](https://github.com/user-attachments/assets/670f941b-4a5f-4a10-83a7-78d52ac60205)\n\n---\n\n## 💡 核心功能\n\n1. **创建锁仓计划** — Project Owner 为指定 Beneficiary 创建链上 Vesting,设定 Cliff 期与线性释放周期\n2. **存入 Token(Escrow)** — Admin 将 Token 存入 Program 控制的 Vault(PDA 为 owner,无私钥),实现单向托管\n3. **自主领取 Token(Claim)** — Beneficiary 在 Cliff 后按线性释放规则自主 Claim,无需项目方操作\n4. **链上可审计** — 所有状态链上可查,Vault 余额 = total_amount - released_amount,任何人可独立验证\n5. **双合约交叉验证** — Anchor + Pinocchio 双实现,相同 PDA、相同逻辑、相同数据格式,CU 对比可量化\n\n---\n\n## 📊 性能对比(CU 消耗)\n\n| 指令 | Anchor | Pinocchio | 节省 |\n| --- | --- | --- | --- |\n| `create_vesting` | 44,606 CU | 1,620 CU | **96.4%** |\n| `deposit` | 21,355 CU | 7,788 CU | **63.5%** |\n\n---\n\n## 📁 项目结构\n\n```\nvesting-dapp/\n├── docs/ # 项目文档\n│ ├── PROJECT_PROPOSAL.md # 产品立项说明书\n│ ├── SRS.md # 软件需求规格说明书\n│ ├── ARCHITECTURE.md # 技术架构说明书\n│ └── reports/ # 测试报告\n│ ├── TEST_REPORT.md # 综合测试报告(需求覆盖率 + 代码覆盖率)\n│ └── SECURITY_TEST_REPORT.md # 安全测试报告\n│\n├── programs/anchor-vesting/ # Anchor 版合约\n│ └── src/\n│ ├── lib.rs # Program 入口\n│ ├── instructions/ # 指令实现 (create, deposit, claim)\n│ ├── state/ # VestingAccount 状态定义\n│ └── errors.rs # 错误码 (10 种)\n│\n├── pinocchio-vesting/ # Pinocchio 版合约(原生实现)\n│ └── src/\n│ └── lib.rs # 完整实现 (手动校验 + CPI)\n│\n├── app/ # Next.js 前端\n│ └── app/\n│ ├── components/ # UI 组件 (Header, VestingCard)\n│ ├── hooks/ # useVestingProgram (React Query)\n│ ├── providers/ # Wallet/Cluster/Query Providers\n│ ├── create/page.tsx # 创建锁仓页面\n│ ├── dashboard/page.tsx # 锁仓列表 Dashboard\n│ └── claim/page.tsx # Claim 页面\n│\n├── tests/ # 集成测试 (48 用例,100% 通过)\n│ ├── anchor-vesting.test.ts # Anchor 测试 (19 用例)\n│ ├── pinocchio-vesting.test.ts # Pinocchio 测试 (10 用例)\n│ ├── comparison.test.ts # CU 对比测试 (3 用例)\n│ └── security.test.ts # 安全测试 (16 用例)\n│\n├── scripts/test.sh # 一键测试脚本\n├── Anchor.toml # Anchor 配置\n├── Cargo.toml # Rust workspace\n└── package.json # Node.js 依赖\n```\n\n---\n\n## 🚀 快速开始\n\n### 环境要求\n\n- Rust 1.92+\n- Solana CLI 3.x\n- Anchor CLI 0.32.x\n- Node.js 20+\n- pnpm 10+\n\n### 1. 克隆与安装\n\n```bash\ngit clone https://github.com/davidweb3-ctrl/vesting-dapp.git\ncd vesting-dapp\npnpm install\n```\n\n### 2. 构建合约\n\n```bash\n# 构建 Anchor 合约\nanchor build\n\n# 构建 Pinocchio 合约\ncd pinocchio-vesting \u0026\u0026 cargo build-sbf \u0026\u0026 cd ..\n```\n\n### 3. 运行测试\n\n```bash\n# 一键测试(推荐)\nbash scripts/test.sh\n\n# 或手动启动 validator 后运行\nsolana-test-validator --bind-address 127.0.0.1 --rpc-port 8899 \\\n --ledger .anchor/test-ledger --reset \\\n --bpf-program BB1JtUxXtmDnb6L5qXUSfuvT18TggYuSLBzfmjoYFnb4 target/deploy/anchor_vesting.so \\\n --bpf-program EzRUZpW3CsvnKzEUiF7fAPHyHWsv2D3ERR482BPKHwYk pinocchio-vesting/target/deploy/pinocchio_vesting.so\n\n# 另一个终端\nANCHOR_PROVIDER_URL=http://127.0.0.1:8899 ANCHOR_WALLET=~/.config/solana/id.json \\\n pnpm exec ts-mocha -p ./tsconfig.json -t 1000000 \"tests/**/*.test.ts\"\n```\n\n### 4. 启动前端\n\n```bash\n# 方法 1: 使用启动脚本(推荐)\nbash scripts/start-frontend.sh\n\n# 方法 2: 手动启动\ncd app\npnpm install\npnpm dev\n```\n\n访问 http://localhost:3000\n\n### 5. 测试 Devnet 部署\n\n前端默认连接到 Devnet。测试步骤:\n\n1. **连接钱包**: 点击右上角 \"Select Wallet\",选择 Phantom/Solflare\n2. **切换到 Devnet**: 确保钱包网络设置为 Devnet\n3. **获取 Devnet SOL**: \n ```bash\n solana airdrop 2 \u003c你的钱包地址\u003e\n # 或访问 https://faucet.solana.com\n ```\n4. **创建测试 Token**(如需要): 使用 SPL Token CLI 创建\n5. **开始测试**: \n - 创建锁仓计划 (`/create`)\n - 存入 Token (`/dashboard`)\n - 领取 Token (`/claim`)\n\n详细测试指南请查看:[Devnet 测试指南](docs/DEVNET_TESTING.md)\n\n---\n\n## 🧪 测试覆盖\n\n| 维度 | 覆盖率 |\n| --- | --- |\n| SRS 需求覆盖率(TR-1 ~ TR-5,25 用例) | **100%** |\n| 错误码覆盖率(FR-7,10 个错误码) | **100%** |\n| 指令级覆盖率(正常 + 错误路径) | **100%** |\n| 核心算法分支覆盖率(calculate_released) | **100%** |\n| 数据不变量覆盖率(INV-1 ~ INV-7) | **100%** |\n| 威胁模型覆盖率(7 种威胁) | **100%** |\n\n详细报告见:\n- [综合测试报告](docs/reports/TEST_REPORT.md)\n- [安全测试报告](docs/reports/SECURITY_TEST_REPORT.md)\n\n---\n\n## 🔐 安全设计\n\n| 安全机制 | 说明 |\n| --- | --- |\n| PDA 控制 Vault | Vault 的 owner 为 PDA,无私钥,无法被人工签名转出 |\n| 参数不可篡改 | 创建后所有参数(含 end_time、total_amount)不可修改 |\n| 无 Withdraw 指令 | 合约不提供任何取回 Token 的指令,从设计上杜绝 Rug Pull |\n| released_amount 单调递增 | 不可回退已释放状态,使用 checked_add 防溢出 |\n| u128 安全运算 | 释放计算使用 u128 中间变量,整数除法向下取整,防止超额释放 |\n| 严格角色隔离 | Admin 只能 deposit,Beneficiary 只能 claim,互不越权 |\n\n---\n\n## 📄 项目文档\n\n| 文档 | 说明 |\n| --- | --- |\n| [产品立项说明书](docs/PROJECT_PROPOSAL.md) | 市场分析、竞品对比、商业模式、演进路径 |\n| [软件需求规格说明书](docs/SRS.md) | 业务需求、功能需求、非功能需求、测试需求、验收标准 |\n| [技术架构说明书](docs/ARCHITECTURE.md) | 数据模型、指令流程、安全架构、前端架构、CPI 设计 |\n| [综合测试报告](docs/reports/TEST_REPORT.md) | 48 用例结果、需求覆盖率、代码覆盖率、CU 对比 |\n| [安全测试报告](docs/reports/SECURITY_TEST_REPORT.md) | 威胁模型验证、访问控制、数据完整性、溢出防护 |\n\n---\n\n## 🏗️ 合约地址\n\n### Devnet(已部署)\n\n| Program | Program ID | 状态 | Explorer 链接 |\n| --- | --- | --- | --- |\n| Anchor Vesting | `BB1JtUxXtmDnb6L5qXUSfuvT18TggYuSLBzfmjoYFnb4` | ✅ 已部署 | [查看](https://explorer.solana.com/address/BB1JtUxXtmDnb6L5qXUSfuvT18TggYuSLBzfmjoYFnb4?cluster=devnet) |\n| Pinocchio Vesting | `3XcZJ34qBmN2g9joSeVH2kBQkmh2ZVV3e6dRMb7TCq3h` | ✅ 已部署 | [查看](https://explorer.solana.com/address/3XcZJ34qBmN2g9joSeVH2kBQkmh2ZVV3e6dRMb7TCq3h?cluster=devnet) |\n\n### Localnet(测试)\n\n| Program | Program ID |\n| --- | --- |\n| Anchor Vesting | `BB1JtUxXtmDnb6L5qXUSfuvT18TggYuSLBzfmjoYFnb4` |\n| Pinocchio Vesting | `EzRUZpW3CsvnKzEUiF7fAPHyHWsv2D3ERR482BPKHwYk` |\n\n\u003e **注意**:Pinocchio 的 Program ID 在 Devnet 和 Localnet 上不同,因为原生 Solana 程序的 Program ID 就是 keypair 的公钥。测试文件中的 `EzRUZpW3CsvnKzEUiF7fAPHyHWsv2D3ERR482BPKHwYk` 是 Localnet 测试用的 keypair。\n\n---\n\n## ✍️ 项目创作者\n\n1. **昵称**:david.xia\n2. **联系方式**:prodavidweb3@gmail.com\n3. **Solana USDC 钱包地址**:EDFxPF6yAQNod3nFzwV7z1qwSjt42WDYzmdT6b6YHDh7\n\n---\n\n## 📜 License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidweb3-ctrl%2Fvesting-dapp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidweb3-ctrl%2Fvesting-dapp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidweb3-ctrl%2Fvesting-dapp/lists"}