Security
Security and risk transparency
Capital resilience needs verifiable controls. This page tracks audit posture, threat modeling references, and vulnerability disclosure paths.
Planned
Core Protocol Contracts Audit
Scope definition for Vault, Reserve, and settlement-critical contracts.
Planned
Autonomous Allocation Agent Controls Review
Model guardrails, policy boundaries, and override constraints.
In Design
Continuity Engine Failover Review
Substitution logic, evacuation sequencing, and recovery-state validation.
Current assumptions and unaudited areas
Security maturity requires explicit assumptions. These are active design assumptions under ongoing review:
- External execution venues and dependency providers can degrade or fail unexpectedly.
- Governance participation can become adversarial or unavailable during stress windows.
- Telemetry and oracle inputs can be delayed, noisy, or partially compromised.
Open attack surfaces under active hardening
These areas receive priority analysis before formal audit publication:
- Cross-layer interactions between allocation policy outputs and execution constraints.
- Failure-mode transitions where substitution logic and settlement timing interact.
- Reserve accounting edge cases during prolonged drawdown and partial recovery.
Threat modeling summary
High-risk scenarios are mapped to deterministic response doctrine. Current matrix highlights:
Slow drawdown
Reserve dampening with gradual de-risking.
Flash volatility spike
Continuity mode with strict risk reduction.
Vault outflow surge
Priority routing and tighter liquidity controls.
Reserve depletion pressure
Automatic protective posture and allocation contraction.
Escrow imbalance
Rebalance doctrine and delayed release conditions.
Allocation drift
Deterministic corrective weighting by policy cycle.
Bug bounty and disclosure
Coordinated disclosure path for researchers and integrators.
- Critical flaws that could violate principal-protection invariants.
- Settlement-order manipulation or reserve accounting inconsistencies.
- Execution-boundary bypasses affecting Escrow isolation.
- Governance or continuity-mode abuse paths with high-impact outcomes.
Need an architecture risk review?
Sagitta Labs can run protocol-level threat reviews across custody, reserve, execution, and continuity layers.
Contact security team