Skip to main content
Whitelisted Reserves is a smart contract-level restriction that ensures your vault’s funds can only be allocated into reserves that Kamino has explicitly verified. Once enabled, even a compromised admin key cannot direct vault funds into unvetted markets. Whitelisted Reserves is required for any vault to appear on Kamino’s UI. All vaults currently featured on Kamino have both flags enabled.

Why enable it

In a scenario where your vault’s admin keys are compromised, the attacker could gain operational control and redirect funds to a malicious or unvetted market, draining the vault’s liquidity. With Whitelisted Reserves enabled, that attack path is closed. The smart contract rejects any allocation or investment into a reserve that Kamino has not explicitly whitelisted, regardless of who signs the transaction. This is protocol-level security, not operational security. The constraint is enforced by the smart contract itself, independent of your key management practices or multisig configuration.

The two flags

There are two independent on-chain restrictions. Both must be enabled for your vault to appear on Kamino’s UI.
FlagWhat it restricts
AllowAllocationsInWhitelistedReservesOnlyAllocation control — you cannot create or increase allocations to any reserve outside the whitelist. Existing allocations can still be edited or removed.
AllowInvestInWhitelistedReservesOnlyInvestment control — depositor funds cannot flow into any unvetted reserve. This is stricter — it prevents any investment in unverified reserves, not just allocation creation.
Both restrictions are irreversible once activated.

Whitelist management

Kamino maintains the whitelist at the protocol level. Curators can activate Whitelisted Reserves enforcement on their vault and manage allocations within it, but have no control over the whitelist itself.

Enabling Whitelisted Reserves

Both flags are available under your vault’s settings. Toggle each one individually.
  1. Navigate to your vault’s Settings page
  2. Enable AllowAllocationsInWhitelistedReservesOnly
  3. Enable AllowInvestInWhitelistedReservesOnly
  4. Confirm each transaction
Enabling Whitelisted Reserves is a one-way action. Once set to true, it cannot be reverted — this is enforced at the smart contract level. This is by design: it prevents the setting from being reversed by a compromised key or malicious actor.

Withdrawals

Withdrawals are always permitted, regardless of whitelist status. You can de-allocate from any reserve at any time. Depositors are free to enter or exit your vault at any time, subject to available liquidity.

Best practices

  • Enable both flags — both are required for your vault to appear on Kamino’s UI. AllowAllocationsInWhitelistedReservesOnly alone still allows investment into previously added non-whitelisted reserves. Enable both for complete coverage.
  • Enable during vault setup — enable both flags before depositors enter. This is the strongest signal and a prerequisite for UI visibility.
  • Pair with the Insurance Pool — Whitelisted Reserves protects against where capital goes; the Insurance Pool protects against what happens if something goes wrong. Together they represent the highest trust configuration for a vault.