# Mainnet Checklist > ksUSD is **not yet deployed to mainnet.** This page is the launch checklist that gates the mainnet program-deploy transaction. One program, one vault, one mint. *** ## Phase 1 — Engineering (in progress) * [x] Single-program rewrite: 29 instructions across `keystone_finance` * [x] Drift v2 CPI surface verified against the published Drift IDL * [x] Kamino KLend CPI surface (reverse-basis path + idle/reserve lending) * [x] Jupiter V6 swap CPI helper with explicit `min_*_out` slippage bounds * [x] Hardened account-context offsets (`checked_add` on all slice math) * [x] Funding EMA + staleness guard on-chain (`funding_apr_smoothed_bps`, `FundingSignalStale`) * [x] Drawdown latency (`consecutive_dd_settles_required`, `DrawdownTriggerLatent`) * [x] LST depeg auto-pause (`lst_depeg_bps`, `LstDepeg`) * [x] Reserve fund segregation (`reserve_ata`, separate cToken ATA, excluded from `effective_nav_usdc`) * [x] Wind-down terminal path (`init_wind_down`, `claim_wind_down`) * [x] Devnet round-trip test scaffold (`scripts/devnet/test-roundtrip.ts`) * [ ] Keeper bot end-to-end on devnet (open/close normal + reverse + settle + emergency\_close + lend cranks) * [ ] Replay-protected admin transfer demo (`transfer_admin` + `accept_admin`) * [ ] Devnet QA: ≥ 30 days continuous keeper operation with no manual intervention * [ ] `scripts/mainnet/v1.0-bootstrap.ts` dry-run on mainnet RPC *** ## Phase 2 — Audit * [ ] Audit firm engaged (Ottersec / Sec3 / Neodyme — pick one) * [ ] All issues triaged; high / critical findings resolved * [ ] Public audit report published in the repo and linked from the whitepaper * [ ] Bug bounty stood up (Immunefi or equivalent) *** ## Phase 3 — Mainnet deployment * [ ] Final program build under audit-locked commit; `anchor idl build` regenerated * [ ] Admin multisig (Squads or equivalent) provisioned and tested on devnet * [ ] Program deployed to mainnet under a *new* keypair (do not reuse devnet ID) * [ ] On-chain IDL upgraded * [ ] `initialize` with conservative launch params: * `deposit_cap_usdc` = $1M (raise after 30 days of clean operation) * `liquidity_buffer_bps` = 1\_000 (10%) * `emergency_close_dd_bps` = 500 (5% drawdown auto-trip) * `consecutive_dd_settles_required` = 2 * `perf_fee_bps` = 2\_000 (20% above HWM) * `reserve_skim_bps` = 500 (5% of perf fee) * `lst_depeg_bps` = 500 (5%) * `max_nav_change_bps_per_hour` = 5\_000 (±50%/hr) * [ ] `set_oracles` with Pyth pull-oracle pubkeys for SOL/USD + jitoSOL/USD * [ ] `enable_drift` against Drift mainnet sub-account * [ ] `enable_lending` against Kamino USDC reserve * [ ] `enable_reverse` against Kamino main market (optional — gate behind reverse-basis being ready) * [ ] `transfer_admin` → `accept_admin` to the multisig (two-step) *** ## Phase 4 — Private beta * [ ] Invite-only with hard $1M deposit cap * [ ] Keeper bot running with redundancy (≥ 2 independent operators) * [ ] `lend_idle_usdc` running so the buffer's excess sits in Kamino productively * [ ] Monitoring + alerting wired ([/for-operators/monitoring.md](/for-operators/monitoring.md)) * [ ] First `collect_fees` cycle after 30 days * [ ] Public dashboard with live NAV, share price, position mode, queue depth, reserve fund *** ## Phase 5 — Public launch * [ ] Raise `deposit_cap_usdc` to $5M, then $25M as TVL fills * [ ] First composability integration (Kamino accepts ksUSD as collateral; Marginfi v1.1 second-venue) * [ ] DAO / treasury wrappers announced (Solana-aligned partners) * [ ] Public docs polish + integrator quickstarts *** ## Rollback / circuit-breaker plan If any of the following occur in the first 90 days post-launch: | Trigger | Action | | -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | | Audit reveals a missed critical issue | `set_pause(true)` immediately; if non-recoverable, `init_wind_down` and coordinate redeploy under new program ID | | NAV drawdown exceeds 3% within a week | `emergency_close` + `set_pause(true)`; investigate before resuming | | Drift or Kamino announce a critical incident | `set_pause(true)` until the dependency is verified safe | | Pyth feed instability for > 1h | `set_pause(true)`; instant withdrawals stay open | | LST depeg auto-trip | Vault is already paused by `settle`; admin investigates and either unpauses or emergency-closes | > **In all cases**, instant withdrawals from the liquidity buffer remain available. Depositors can always exit during a pause. *** ## Related * [Devnet deployment](/deployment/devnet.md) * [Security model](/reference/security.md) · [Admin operations](/for-operators/admin-ops.md) * [Pre-mainnet audit notes](https://github.com/kamwithak/keystone-contracts/blob/main/docs/PRE_MAINNET_AUDIT.md) * [Whitepaper](/reference/whitepaper.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keystonefi.xyz/deployment/mainnet-checklist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.