Where do vaults go from here?

“Everything worked as intended.” Haunting words.

Poor protocol design might fly for crypto infrastructure, but vaults are no longer just crypto infrastructure. They are financial infrastructure powering millions of lives and the savings of increasingly ordinary people.

In multiple war rooms over the last few weeks (months? years?) I keep coming back to one thing: the dark forest we have created will never get safer. The only solution is to build infrastructure to run in the dark.

While Superform was initially as much of a cross-chain protocol as it was a vault protocol, the focus here will be on vault security as cross-chain security can, as it was back in 2022, be boiled down to signature verification and how many signers there are on a bridge (Wormhole, Ronin, Multichain, remember Poly Network?). This was the whole reason Superform v1 was built around multiple AMB’s, a design later productized in Hyperlane ISM’s and LayerZero DVN’s (although Superform never allowed a 1:1 path!), but I digress.

DeFi Summer Era 2020–2022: More onchain, more rigid, more legible.

Early DeFi vaults were incredibly complex instruments. Every strategy was coded into the contract at deployment. Every function, permissioned or not, that moved funds without verification would be a critical in an audit report. No arbitrary selectors, no offchain logic, no manager discretion. Trust = code.

It was not perfect. Cream Finance lost $130M to a flash loan attack. Compound’s reward module was exploited for $145M by providing small amounts of collateral. These were smart contract bugs, economic attacks, and oracle manipulation. And the industry responded correctly: the auditing space exploded, smart contract engineers became the most highly in-demand role at any Web3 company, and standards emerged like ERC-4626 to improve the composability and security of onchain code. Post CeFi collapses, it really looked like it was DeFi’s time to shine.

But the model could not meet what users actually wanted and expected compared to centralized products. Cheap access, high yields, cross-chain strategies, fast responses to market conditions. Onchain logic was too expensive, too slow, too rigid, and provided too large of an attack surface.

DeFi breaks through 2022–2025: Fast, flexible, and quietly centralized.

The response was pragmatic and simple. Move more logic offchain. Replace smart contract logic with MPCs and multisigs. Strong protocols protected this with timelocks and governance decisions, but let managers make real-time decisions. Vaults became faster, cheaper, and more adaptable. TVL scaled.

As a whole though, decentralization, in practice, became a meme. The risk model we inherited sounded like DeFi, but operated more like the hedge funds many that joined the space came from, complete with human discretion and bespoke internal tooling to outperform the market.

The most important finding from this era, however, was that we encountered very few smart contract bugs. Something worked! Contracts performed exactly as written.

What remained were operational security problems, failures in controls, configuration, monitoring, and response time.

Vaults are not going back.

Users want yield, speed, flexibility, and cross-chain access. That is not going away.

But the industry cannot keep running vault infrastructure the way it ran it in this last cycle either. Even sophisticated teams, running well-known protocols, with professional risk practices, did not have the tooling to detect and respond to a live exploit in under an hour.

The missing layer is not smarter managers. It is infrastructure that standardizes this new operational surface, the same way we did smart contracts back in 2022.

Standardized data sources, marketplaces, alert systems, pluggable agents, that anyone can use. You don’t have to trust anyone with your funds, ever, if you can see the strategy you are running yourself.

What the next generation looks like.

The same way vault standards standardized accounting and made vaults legible, composable, and auditable at scale, the operational surface above the smart contract needs to set its own bar. Timelocks, governance, circuit breakers, and emergency functions are table stakes.

• Every action the strategy is authorized to take, changes to Merkle roots on both a global and strategy level, the diff, timelocked and clearly uploaded to IPFS. Overseen by guardians, independent oversight actors, and economically bonded.

• Vault PPS in the multisig era was what the manager said it was. This needs to be done independently, by multiple parties, and validated onchain.

• The manager's operational logic should be structured enough to be automated safely. Deposits, redemptions, rebalances, made on programmatic, flexible, rule-based criteria anyone can see.

Through all of these characteristics, agents can then operate inside a predefined action and data surface, the same principle that made smart contract execution trustworthy, but applied to the operational layer above it.

That is what a real vault product means in 2026. Not because regulators require it, but because the attack surface has moved. The smart contract is no longer where things break. The operational layer is, and right now, that layer is mostly improvised.

Most DeFi protocols have simply not built the infrastructure to handle that. The industry still manages risk through people, informal processes, and reaction speed.

The $100B Question.

Institutional capital does not underwrite APY. It underwrites infrastructure. Can the entire process of earning money onchain be audited, constrained, monitored, explained to an investment committee, and operated without bespoke internal tooling?

From pitching these products in 2020 to building them in 2026, that question has not had a clean answer in DeFi.

The incidents so far this year will be read, in retrospect, as the moment we acknowledged that there is a whole new layer that needs to be built.

This programmable operational layer, and the standardization of one that turns risk from something implicit and manager-dependent into something legible by anyone (or anything), parameterized, executable, and monitored, can no longer be put off.

If we can make this available to everyone, visible to the world, DeFi will win.