# Treasury and Fund Security

#### Objective

To ensure DAO funds (e.g., SOL, tokens) can only be moved by the DAO governance mechanism.

#### Structure

All DAO assets are held in a `DaoTreasury` account. Any attempt to withdraw or interact with the treasury must be signed by the current `authority`.

#### Anchor Code

```
#[account(mut, has_one = authority)]
pub struct DaoTreasury {
    pub authority: Pubkey,
    pub balance: u64,
    ...
}

pub fn withdraw(ctx: Context<Withdraw>, amount: u64) -> Result<()> {
    require!(ctx.accounts.authority.key() == ctx.accounts.dao_account.authority, CustomError::Unauthorized);
    // transfer logic
    Ok(())
}

```

#### Security Notes

* Withdrawals and fund operations require signature validation.
* Uses Anchor’s `has_one` and PDA (Program Derived Address) constraints.
* Prevents unauthorized access or tampering from external actors.