Whitelisted Reserves

Whitelisted Reserves is an irreversible security setting that restricts your vault to only allocate and invest into reserves that have been verified by Kamino. Once enabled, even a compromised admin key cannot direct vault funds into unvetted markets.

Why enable it

The primary threat this protects against: an attacker gains access to your vault’s admin key, spins up a fake lending market with manipulated collateral, allocates vault capital into it, and drains the funds by borrowing against the fake collateral. With Whitelisted Reserves enabled, this attack is blocked at the protocol level. The attacker can only allocate into Kamino-verified reserves — there is no path to drain funds into a fraudulent market. This is protocol-level security, not operational security. It doesn’t depend on your key management practices or multisig configuration.

The two flags

There are two independent on-chain toggles. Both should be enabled for maximum protection.

Flag	What it restricts
`AllowAllocationsInWhitelistedReservesOnly`	Only allows adding allocations to Kamino-verified reserves. Existing allocations can still be edited or removed.
`AllowInvestInWhitelistedReservesOnly`	Only allows depositor funds to flow into Kamino-verified reserves. This is stricter — it prevents any investment in unverified reserves, not just allocation creation.

Kamino maintains the whitelist of verified reserves at the protocol level. Curators cannot whitelist reserves themselves. The whitelist covers established reserves for major assets (USDC, USDS, USDT, PYUSD, SOL, and others) across Kamino’s core markets.

Enabling Whitelisted Reserves

Both flags are available under your vault’s settings. Toggle each one individually.

Navigate to your vault’s Settings page
Enable AllowAllocationsInWhitelistedReservesOnly
Enable AllowInvestInWhitelistedReservesOnly
Confirm each transaction

Use the KaminoManager class to enable each flag. Both are vault config updates.

import { createSolanaRpc, address } from '@solana/kit';
import { KaminoManager, KaminoVault } from '@kamino-finance/klend-sdk';

const rpc = createSolanaRpc('https://api.mainnet-beta.solana.com');
const vault = new KaminoVault(rpc, address('<VAULT_ADDRESS>'));
const kaminoManager = new KaminoManager(rpc);

// Enable allocation whitelisting
const allocIx = await kaminoManager.updateVaultAllowAllocationsInWhitelistedReservesOnlyIxs(vault, true);

// Enable investment whitelisting
const investIx = await kaminoManager.updateVaultAllowInvestInWhitelistedReservesOnlyIxs(vault, true);

Enabling Whitelisted Reserves is a one-way action. Once set to true, it cannot be reverted — this is enforced at the smart contract level. This is by design: it prevents the setting from being reversed by a compromised key or malicious actor.

Best practices

Enable both flags — AllowAllocationsInWhitelistedReservesOnly alone still allows investment into previously added non-whitelisted reserves. Enable both for complete coverage.
Enable early — ideally during vault setup, before depositors enter. Turning it on later is fine, but doing it from the start is the strongest signal.
Pair with the Insurance Pool — Whitelisted Reserves protects against where capital goes; the Insurance Pool protects against what happens if something goes wrong. Together they represent the highest trust configuration for a vault.

Getting Started

Management

Data & API

Reference

Why enable it

The two flags

Enabling Whitelisted Reserves

Best practices

Getting Started

Management

Data & API

Reference

​Why enable it

​The two flags

​Enabling Whitelisted Reserves

​Best practices

Why enable it

The two flags

Enabling Whitelisted Reserves

Best practices