Model
- Isolated custody: Per‑user Gnosis Safe; no pooled funds
- Permissioned exec: Whitelisted selectors via modules/roles
- Guards: Pre/post tx validation; pause support
- Immutable core: Predictable, auditable behavior
Components
- RolesGuard: pause + tx checks
- RolesReceiver/Broadcaster: cross‑chain coordination
- Market wrappers/adapters: slippage and oracle validation
Emergency controls allow fast pause across chains while preserving withdrawal access from the Safe.
Developers: explore the SDKs for programmatic access with strict types and Safe‑aware workflows.
Security Flow
Defense in Depth
Layer 1: Safe Isolation
- Per-user Safes: Each user has their own Gnosis Safe with full custody
- No Pooled Funds: Zero risk of cross-user contamination
- Direct Withdrawal: Users can always withdraw directly from their Safe
Layer 2: Access Control
- Role-based Permissions: OpenZeppelin AccessControl with PAUSER_ROLE
- Executor Validation: Only authorized executors can trigger strategy operations
- Delegatecall Security: Controllers can only execute within Safe context
Layer 3: Transaction Guards
- RolesGuard: Validates all transactions against pause state and permissions
- Slippage Protection: Oracle-based validation with configurable limits
- Input Validation: Comprehensive parameter validation across all adapters
Layer 4: Emergency Controls
- System-wide Pause: Can halt all non-owner transactions instantly
- Cross-chain Coordination: Pause state synchronized across all chains
- Safe Owner Override: Safe owners retain full control even during pauses
Layer 5: Economic Security
- Inflation Attack Protection: Dual-layer defense in MarketWrapper
- Flashloan Security: Atomic operations with proper authorization
- Oracle Integration: Real-time price validation for all operations