Governance Best Practices
Long-lived Solana protocols need governance beyond token votes: engineering standards, audit loops, dependency policy, and transparent authority addresses. These practices keep systems safe and auditable as teams and TVL grow.
How to Use This List
- Gate mainnet launch on sections A and B
- Review C and D quarterly with security and tech lead
- Public protocols: publish subset of B and D to community
A - On-Chain Safety
- Multisig or governance program holds upgrade authority before TVL. Document addresses in ADR.
- Pause or circuit breaker on fund-holding programs. Drilled quarterly.
- CPI targets allowlisted in constants; no arbitrary
invoke. - Immutable decision documented when chosen. Burn authority tx linked.
- Public program IDs and verifiable hashes on website/docs.
B - Auditability
- Pre-launch audit for user-fund logic; findings closed per policy.
- Bug bounty live at launch with published scope.
- LiteSVM regression per audit finding and exploit class.
- Post-upgrade diff re-audit budgeted in roadmap.
- Blameless post-mortem within 5 days of Sev-1.
C - Engineering Governance
- Cargo.lock committed; cargo deny in CI.
- Coding standards enforced via review + clippy.
- ADR index current; superseded ADRs linked.
- Runbooks with owner, backup, last drill date.
- Contribution and security disclosure policies published.
D - Future-Proofing
- Ecosystem upgrade calendar maintained monthly.
- Spikes time-boxed; adoptions recorded in ADR.
- stackVersions manifest pinned; docs footers match.
- Deprecation tickets with fix-by dates.
- Lessons-learned catalog reviewed in design reviews.
FAQs
DAO vs engineering governance?
DAO votes parameters; multisig/ADR governs implementation quality - both public.
Minimum TVL for full list?
A and B non-negotiable at any user funds; scale C-D with team size.
Open source required?
No; but public protocols benefit from published standards subset.
Immutable protocol?
Skip upgrade items; intensify audit and bounty.
Centralized admin?
Disclose in docs; timelock where community trust needed.
Insurance?
Governance docs support underwriting; not substitute for controls.
Third-party audits enough?
No without internal review, tests, and monitoring.
Regulatory?
Legal counsel outside engineering; compliance gates in stakeholder process.
Measure governance health?
Audit finding age, ADR freshness, drill dates, open Critical lessons count.
Startup skip?
Never skip A pause/multisig plan before mainnet funds.
Related
- Audit & Bug-Bounty Program - audit detail
- Coding & Program Standards - implementation norms
- Delivery Best Practices - ship safely
Stack versions: This page was written for Agave 4.1.1, Solana CLI 3.0.10, Anchor 0.32.1, anchor-lang 0.32.1, Rust 1.91.1, @solana/kit 7.0.0, Surfpool 0.12.0, and LiteSVM 0.6.x.