TESTNET
Markets
Trade
Lending Vaults
More
User Docs Developer Docs Sdk API Docs Help
Welcome to Polyester
Concepts
Overview
Creating an Account
Authentication Methods
Turnkey
Smart Wallets
Dashboard
Account Security
MFA
Asset Lifecycle
Supported Assets
Deposit Funds
Withdraw Funds
Transfer Funds
Inventory and Supply
Overview
Trading Fees
Base vs Quote
Lending Fees
Withdrawal Fees
Liquidation Fees
Rebates
Overview
On-chain Visibility
Overview
Supplying
Borrowing
Collateral
Interest
Liquidations
Overview
Trades
Candles
Order Book
Data Delivery
Notifications
Appearance
Localization
Sound Effects
Overview
Architecture
Benchmarks
Matching Engine
Settlement
Safeguards
Overview
Validators
Gas Abstraction
Layer-1 Benchmarks
Audits
Read Pre-compiles
Create Invite Code
Managing Links/Codes
Claiming Rewards
Auto-Convert Rewards
Overview
Create/Delete subaccounts
Permissions
Roles
Audit Logs
Unified Trading Account
Spot Trading
Order Types
Tools
Privacy
Custom Layouts
Overview
Asset Wrapping
Vaults
Zipper Security
What Is TEE?
  1. Zipper
  2. /
  3. Vaults

Vaults

Vaults are where external assets are held while they are represented and used inside Polyester.

Zipper manages vaults on each supported external chain to securely custody deposited assets, maintain clear accounting per token and chain, and support redemptions back to external networks. Every asset represented inside Polyester is backed by assets held in these vaults.


Vault Architecture

Vaults are protocol-controlled wallets deployed on external chains.

Each vault holds one specific token on one specific chain and is controlled by multi-signature keys.

For example: on Ethereum there is a USDT vault, a USDC vault, an ETH vault, etc.

Each vault holds only that asset and nothing else.

This structure is identical across all supported external chains.


Deposit Addresses and Vaults

When users deposit assets into Polyester, each is given a deposit address for each supported chain. Deposit addresses are not the same as vaults.

These deposit addresses are unique per user, per chain, owned and controlled by Zipper, and use the same secure key management as vaults.

Deposit addresses act as intake points, while vaults act as consolidation points.

Users can send any supported token on that chain to their deposit address. For example, on Ethereum, a single deposit address can receive ETH, USDT, USDC, or other supported ERC-20s.

Zipper continuously monitors deposit addresses and, when network conditions are optimal, moves assets from deposit addresses into their corresponding token vaults.

Deposit Addresses Use Vault Security
Assets are just as secure while they reside in deposit addresses. Deposit addresses and vaults share the same custody model and security guarantees.

Asset Flow on External Chains

External asset flow is deterministic in both directions.

On deposit:

  1. Assets are sent to user-specific deposit addresses on the external chain
  2. Zipper detects and validates the deposits
  3. When network conditions are optimal, assets are transferred from deposit addresses into their corresponding token-specific vaults

Once assets reach a vault, vault balances remain stable until a withdrawal is requested.

On withdrawal:

  1. A withdrawal request is submitted and finalized on Polyester Chain
  2. Zipper detects and verifies the approved withdrawal
  3. The requested amount of the asset is transferred from the corresponding vault to the specified destination address on the external chain

Balances change only in response to validated deposits or approved withdrawals.


Key Management and Custody

Vaults and deposit addresses use a key management system, with signing keys secured inside trusted execution environments (TEEs) using AWS Nitro Enclaves.

  • Private keys are never exposed to application code.
  • Signing operations occur inside isolated hardware-backed environments.
  • Vault transfers require multi-signature authorization.

There is no single key or operator that can unilaterally move assets.

(Details on execution roles, approvals, and recovery mechanisms are covered in the Security section.)


Handling Unsupported or Malicious Tokens

Unsupported or malicious tokens sent to a deposit address do not interfere with custody of Polyester-supported tokens.

Zipper operates under deterministic rules:

  • Only explicitly supported tokens are ever acted upon.
  • Unsupported tokens sent to a deposit address are ignored.
  • Vault transfers, minting, and accounting logic never interact with unknown assets.

Because vaults are token-specific and Zipper only processes known assets, sending arbitrary or malicious tokens to a deposit address does not affect system integrity or other users’ funds.


Transparency and Auditability

All Zipper vaults are publicly visible on their respective external chains.

A complete registry of Zipper-controlled vault addresses, organized by chain and asset, is publicly available:

Zipper Vault Registry

Anyone can inspect these addresses using standard block explorers to verify balances and asset custody directly.

Polyester also maintains a growing registry of user deposit addresses. Auditing total external inventory involves checking both vault balances and assets currently held in deposit addresses.

The deposit address registry is available here:

Zipper Deposit Address Registry

Previous

Asset Wrapping

Next

Zipper Security

  • Vault Architecture
  • Deposit Addresses and Vaults
  • Asset Flow on External Chains
  • Key Management and Custody
  • Handling Unsupported or Malicious Tokens
  • Transparency and Auditability