Project: EarnIdle / IDLE Protocol
Date: May 22, 2026
Purpose: Clarify technical architecture, custody model, and fund flow mechanisms before deeper investment evaluation
You use Privy MPC for the embedded wallet — is there a way to export my private key or seed phrase from the IDLE dashboard? If so, where is this option located in the UI?
Why this matters: Understanding key portability and recovery paths in case of platform downtime.
If earnidle.com goes offline or shuts down, how do I recover access to my wallet and any funds in active vault positions?
Why this matters: Assessing counterparty risk and ensuring funds are actually non-custodial as claimed.
What specific permissions does the IDLE Router have over my wallet? Specifically, what transaction types can it sign without my explicit approval each time?
Why this matters: Determining if "automated routing" relies on pre-authorized session keys or delegated signing authority, and what the security implications are.
Can I revoke the router's signing authority while keeping my funds in the vault? Or is it tied to the account creation?
Why this matters: Understanding if users have control over fund movement after initial setup.
Is the list of approved vaults (e.g., Meteora) hardcoded in the smart contracts, governed by a DAO, or managed by the IDLE team? How would users be notified if a new vault was added to the approved list?
Why this matters: Assessing protocol governance and whether there are guardrails against routing funds into untested or malicious vaults.
When I withdraw my USDC, do funds return directly from the Meteora vault to my Privy wallet, or do they pass through an intermediary contract? Can you describe the full withdrawal transaction flow?
Why this matters: Tracing complete fund flows to verify no additional custody points or fee mechanisms exist.
My wallet shows $0 on Solscan but $6 in the IDLE dashboard. Is my USDC position represented as LP tokens in the Meteora vault? If so, which token account holds them, and can I verify this on-chain?
Why this matters: Understanding how positions are tracked on-chain and confirming funds are actually in Meteora as claimed.
Are the IDLE Router and any custom yield routing contracts audited? If so, by whom and where can I see the audit report?
Why this matters: Evaluating smart contract security before committing larger amounts.
Is there a way to connect an external wallet (Phantom/Solflare) instead of the embedded Privy wallet for yield strategies? Or is the embedded wallet mandatory?
Why this matters: Understanding if users must rely on Privy's infrastructure or have alternatives for key custody.
What are the expected response times for support inquiries? Is there a dedicated support channel, Discord community, or documented SLA?
Why this matters: For a protocol handling user funds, responsiveness and transparency are critical.
Current Findings:
Status: Awaiting team response to clarify architecture and permissions.