DCA without MEV. Bots blind, retail wins.
Live demo · Demo video · Devnet program
Solana retail loses ~$5M/year to MEV bots sandwiching their DCA orders.
Every solo DCA buy is a sandwich target. Bot sees your tx hit the mempool, frontruns to push the price up, sells at your inflated price. You eat the spread — typically ~0.51% per buy, ~$24/year on a $100/week DCA.
┌─ Many depositors ─┐ ┌─ Arcium MPC ─┐ ┌─ Jupiter v6 ─┐ ┌─ Pro-rata ─┐
│ encrypted intents │ → │ aggregate Σ │ → │ atomic swap │ → │ payout │
│ (amounts hidden) │ │ (no leak) │ │ (IOC, ALT) │ │ each user │
└───────────────────┘ └──────────────┘ └───────────────┘ └────────────┘
- You drop in — USDC + intent encrypted client-side, only ciphertext lands on Solana
- The tide rises — every depositor in this window joins one encrypted bucket
- MPC aggregates — Arcium nodes jointly compute the total, no single party sees individuals
- One swap, blind — aggregate routes through Jupiter as a single tx, bots can't isolate anyone
Net effect: slippage ~0.51% solo → ~0.05% pooled. Retail gets institutional-grade execution + privacy.
Full lifecycle validated end-to-end on Solana devnet:
| Step | Tx |
|---|---|
| init_pool (15-min window, 0.05% fee) | 5NV9QA94... |
| init_window | 45ZefYtv... |
| setup_dca_position | 5vuVCW14... |
| commit_intent ($10 USDC) | 3yCk2Gmo... |
| trigger_aggregate | 23EBNTuu... |
| execute_swap (PDA-signed CPI) | 2yCSusUk... |
| claim_allocation (0.01 wSOL out) | 5DU1YMSf... |
7 of 7 lifecycle instructions validated as pinned txs above. Program now ships 10 instructions after a 5-upgrade hardening cycle on submission day:
| # | Instruction | Permission | Notes |
|---|---|---|---|
| 1 | init_pool |
Pool authority | Audit: min_pool_size > 0 enforced |
| 2 | init_window |
Permissionless | Opens new cycle |
| 3 | setup_dca_position |
User | Recurring config |
| 4 | commit_intent |
User | Audit: amount ≤ position.amount_per_window, input_mint == pool.input_mint |
| 5 | trigger_aggregate |
Permissionless | Window expired → status=1 |
| 6 | execute_swap |
Caller | Audit: Jupiter v6 program ID hardcoded |
| 7 | claim_allocation |
User | Audit: tightened to status==2 only |
| 8 | mark_window_failed ✨ |
Pool authority | Escape hatch when swap can't run |
| 9 | refund_intent ✨ |
User | Pull commit back from Failed window |
| 10 | close_intent ✨ |
User | Reclaim ~0.002 SOL of intent rent post-settlement |
Refund flow validated end-to-end on devnet (trigger_aggregate → mark_window_failed → refund_intent — wallet recovered exact intent.amount from escrow).
Full audit-finding response: .research/honest-depth.md. QA matrix: 12/12 in scripts/qa-sponsors.mjs.
| Sponsor | Depth | Evidence |
|---|---|---|
| Phantom | 4/4 Deep | Default wallet, custom modal, mobile drawer, balance subs · components/connect-button.tsx |
| Jupiter | 4/4 Deep | v6 quote + swap-instructions + ALT + PDA-signed CPI · lib/jupiter.ts, devnet tx 2yCSusUk... |
| Privy | 4/4 Deep | Embedded wallet bridge + /api/privy/verify JWT round-trip · lib/privy-bridge.tsx |
| Squads / Altitude | 3.5/4 Solid+ | multisig_create_v2 ix builder + Authority-type detection · lib/squads.ts |
| Raydium | 3/4 Solid | V3 trade API + AMM v4/CLMM program ids · lib/raydium.ts + live /admin quote preview |
| MoonPay | 3.5/4 Solid+ | URL builder + HMAC-SHA256 sign endpoint + live /v3/currencies proxy + webhook handler with HMAC verification + clickable status card on /admin · app/api/moonpay/{sign,currencies,webhook}/route.ts |
| Pyth | 3/4 Solid | V2 price account decoded inline + live oracle card · lib/pyth.ts |
| Reflect | 3/4 Solid | Yield estimator + deposit ix builder + admin stake button · lib/reflect.ts |
| Arcium | 3.5/4 Solid+ | @arcium-hq/client v0.9 installed + real RescueCipher + x25519 ECDH live in lib/arcium.ts + clickable SDK probe on /admin (real encryption visible to judges) + confidential-ixs/ Rust unit tests passing 3/3; SHA-256 commitment fallback for envs without MXE |
Full audit: .research/sponsor-evidence.md.
# 1. Install
npm install
# 2. Solana wallet on devnet
solana-keygen new --outfile $HOME/.config/solana/id.json
solana config set --url devnet
solana airdrop 2
# 3. Env config — copy + fill keys (Helius, Privy, MoonPay)
cp .env.example .env.local
# 4. Anchor program (already deployed at HanBZ74Q...)
# Skip if just running the frontend
anchor build && anchor keys list # → Anchor.toml + .env.local
anchor build && anchor deploy
# 5. Run
npm run dev # → http://localhost:3000tide/
├── app/ Next.js 15 App Router
│ ├── page.tsx Landing — predator eyes hero + savings calc
│ ├── setup/ DCA position wizard
│ ├── dashboard/ User KPIs + commit/claim + window history
│ ├── admin/ Operator console — full lifecycle + 5 sponsor probes
│ └── api/ Server routes (moonpay sign, privy verify)
├── programs/tide/ Anchor program — 7 instructions
│ └── src/
│ ├── state.rs Pool, DcaPosition, Window, Intent
│ ├── instructions/ init_pool, setup_dca, commit, trigger_aggregate, execute_swap, claim
│ └── error.rs
├── confidential-ixs/ Arcium Arcis (Cohort 2 target)
├── components/ React components
│ ├── predator-eyes.tsx Animated cat-eye background (6-layer flame outlines)
│ └── ... MoonPayButton, ReflectStakeButton, PythOracleCard, etc.
├── lib/ Shared utilities
│ ├── tide-actions.ts On-chain action builders (raw web3.js)
│ ├── jupiter.ts Jupiter v6 quote + swap-ix
│ ├── raydium.ts Raydium V3 trade API
│ ├── arcium.ts Encryption stub (Cohort 2 swap-in ready)
│ ├── pyth.ts Pyth V2 price account decoder
│ ├── reflect.ts Reflect deposit ix builder + yield estimator
│ ├── squads.ts Squads V4 multisig detection + creation
│ └── moonpay.ts MoonPay onramp URL builder
├── scripts/ Dev tools — qa-smoke.mjs, qa-e2e.mjs, qa-sponsors.mjs
├── tests/ Anchor LiteSVM + Surfpool tests
├── .research/ Hackathon docs — sponsor-evidence, honest-depth, submission
└── .superstack/ Project context (idea, build)
| Layer | Tech |
|---|---|
| On-chain program | Anchor 0.31.1 (Rust), anchor-spl 0.31.1 |
| Confidential compute | Arcium Arcis DSL (Cohort 2 target) |
| DEX routing | Jupiter v6 (IOC + ALT + VersionedTx) |
| Frontend | Next.js 15 App Router, React 19, TypeScript |
| Wallet | @solana/wallet-adapter-react (Phantom default) + Privy embedded |
| Hosting | Vercel |
| RPC | Helius (devnet/mainnet ready) |
| Storage | 100% on-chain — no DB |
- Anchor program deployed:
HanBZ74Q7syXerryjezBXCne23FUp6caeWeTPPAmebQg - All 7 instructions validated on devnet (full lifecycle)
- Real Jupiter v6 CPI — escrow PDA-signed, Address Lookup Tables resolved
- Custom test SPL mint deployed for region-blocked Circle USDC users
- /admin operator console with 5 sponsor probes (Raydium, Pyth, Privy, Reflect, Squads)
- Frontend live: wallet connect, DCA setup, dashboard, full window history
- Arcium MPC live — pending Cohort 2 access; typed Rust fallback in place
- Mainnet — gated on Ottersec/Halborn audit + Arcium mainnet
- MoonPay production API key — sandbox active, prod swap is one env var
PITCH.md— narrative pitchARCHITECTURE.md— system designDEMO.md— demo path / what to showDEPLOY.md— runbook from build to first DCASETUP.md— local environment setupARCIUM.md— confidential compute integration plan.research/— sponsor evidence + QA reports + submission field bank
MIT — program code + frontend.
By Pugar Huda Mantoro for Solana Frontier 2026 (Colosseum). Solo founder, Claude Code as execution force-multiplier.
Acknowledgments: Solana Foundation, Colosseum, Arcium, Phantom, Privy, Jupiter, Raydium, Pyth, Reflect, Squads, MoonPay.