Introduction of Inflow adapters - Mars & IBC adapters

[arlai-mk]

Description

This PR introduces the Inflow adapters.

What are Adapters?

Adapters are specialized smart contracts that enable the Inflow vault to deploy funds to external DeFi protocols (like Mars Protocol for lending), or execute some specific action (like IBC transfers to other chains, swap tokens, redeem dATOM).
Each adapter acts as a secure interface between the vault and a specific protocol, handling deposits, withdrawals, and position tracking.

Automation & Hot Wallet Permissions

Adapters solve a critical operational challenge: secure automation without giving full admin access to hot wallets.

Instead of requiring multisig signatures for every routine operation, adapters use a three-tier permission model:

• Admins (Multisig): Configure adapters, manage routes, and control critical settings
• Depositors (vault contracts): Deposit and withdraw funds according to allocation strategies
• Executors (hot wallets - optional): Execute pre-approved operations (like IBC transfers or swaps) within defined constraints

This enables automated operations (rebalancing, cross-chain transfers, yield optimization) while maintaining strong security boundaries. Hot wallets can only execute specific, pre-configured actions. They cannot change settings, add new routes, or access admin functions.

Adapter Configuration Types

AllocationMode

Controls whether an adapter participates in automated fund allocation:

• Automated: Included in the vault's automated deposit/withdrawal allocation via calculate_venues_allocation. The vault can automatically route funds to/from this adapter during depositing/withdrawing.
• Manual: Only accessible via explicit DepositToAdapter / WithdrawFromAdapter operations. Typically used for adapters that require deliberate admin actions (e.g., IBC transfers to specific chains).

DeploymentTracking

Controls whether adapter operations update the Control Center's (manually) deployed amount:

• Tracked: Deposits/withdrawals automatically call UpdateDeployedAmount on the Control Center. The deployed funds are included in the total deployment reporting.
• NotTracked: Position is queryable via DepositorPosition but not included in the Control Center's deployed amount. Useful for automated adapters that can track the depositors positions, and report back to the vault.

⚠️ Race Condition Warning: Using Tracked with Automated allocation can create race conditions if manual SubmitDeployedAmount proposals are in flight. The recommendation is to use NotTracked for automated adapters.

Adapters in This PR

Mars Adapter (AllocationMode::Automated, DeploymentTracking::NotTracked)

• Deposits / withdrawals on the Inflow vault are automatically deployed to/withdrawn from this adapter
• Deploys funds to Mars Protocol for lending yield
• Each depositor gets a separate Mars credit account (isolated positions)
• Instant withdrawals with no lockup period

IBC Adapter (AllocationMode::Manual, DeploymentTracking::Tracked)

• Transfers funds cross-chain via IBC (from Neutron)
• Requires executor permission for security
• Validates destination chains and recipients against allowlists

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• Targeted the correct branch
• Included the necessary unit tests
• Added/adjusted the necessary interchain tests
• Added necessary migration code for all stores that were adjusted or added
• Added a changelog entry in .changelog
• Compiled the contracts by using make compile and included content of the artifacts directory into the PR
• Regenerated front-end schema by using make schema and included generated files into the PR
• Updated the relevant documentation or specification
• Reviewed "Files changed" and left comments if necessary
• Confirmed all CI checks have passed

[immunefi-magnus]

🛡️ Immunefi PR Reviews

We noticed that your project isn't set up for automatic code reviews. If you'd like this PR reviewed by the Immunefi team, you can request it manually using the link below:

🔗 Send this PR in for review

Once submitted, we'll take care of assigning a reviewer and follow up here.

[p-offtermatt]

why perform changes to this file?

[arlai-mk]

This is to fix a clippy (v0.1.91) warning.

[Copilot]

Pull request overview

This PR introduces the Inflow adapters infrastructure, enabling the vault to deploy funds to external DeFi protocols through specialized smart contract interfaces. The implementation includes two adapters: Mars Adapter for automated lending operations and IBC Adapter for manual cross-chain transfers.

Key Changes

• Adapter interface definition with standardized execute/query messages for protocol integrations
• Vault contract enhanced with automated allocation logic and adapter management functions
• Control Center updated to support bidirectional deployed amount tracking (add/subtract)

Reviewed changes

Copilot reviewed 88 out of 109 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
packages/interface/src/inflow_adapter.rs	New adapter interface with standard messages and serialization helpers
packages/interface/src/inflow_vault.rs	Vault interface with adapter management messages (replaces inflow.rs)
packages/interface/src/inflow_control_center.rs	Added DeploymentDirection enum for tracking add/subtract operations
contracts/inflow/vault/src/contract.rs	Core vault logic with adapter allocation, registration, and deposit/withdrawal routing
contracts/inflow/vault/src/state.rs	Added ADAPTERS storage map for adapter registry
contracts/inflow/vault/src/error.rs	New adapter-specific error types
contracts/inflow/vault/src/testing_adapters.rs	Comprehensive test suite for adapter functionality (2863 lines)
contracts/inflow/vault/src/testing_mocks.rs	Mock adapter infrastructure for testing
ts_types/*.ts	TypeScript type definitions generated from contract schemas
scripts/deploy-inflow-test.sh	Deployment script for test environment setup

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The retry_command helper uses eval on a constructed command string (eval "$1"), and that string incorporates values loaded from the external config file (e.g., neutron_rpc_node via NEUTRON_NODE_FLAG and neutron_binary/neutron_dir via NEUTRON_CLI). If an attacker can influence the config file or any other caller-provided value passed into retry_command, they can inject shell metacharacters (such as ;, backticks, or $(...)) and achieve arbitrary command execution when the script runs. To avoid this, refactor retry_command to execute commands via positional parameters (e.g., using "$@" without eval) or otherwise ensure that untrusted data is never interpolated into a shell command string executed by eval.