Security

Security-first protocol design with non-custodial architecture, transparent on-chain execution, and comprehensive audit coverage. Your capital security is our highest priority.

Non-Custodial Architecture

All user assets remain under user control at all times. Protocol smart contracts execute strategies without custodial access to funds. Private keys never leave user devices.

Users maintain sole control of private keys

Smart contracts cannot transfer user assets without explicit approval

No admin keys or backdoors in vault contracts

Withdrawal rights cannot be revoked or frozen by protocol

On-Chain Transparency

Complete transparency of vault accounting, strategy execution, and risk controls verifiable on Solana blockchain. All operations are publicly auditable.

Real-time vault balances and share accounting

Public strategy allocation and rebalancing history

Transparent fee structure and distribution

Open-source smart contracts with verified deployments

Multi-Signature Governance

Critical protocol operations require multi-signature approval from distributed key holders with time-locked execution.

5-of-9 multisig for emergency actions

7-of-9 multisig for protocol upgrades

48-hour timelock on all parameter changes

Geographic and organizational distribution of signers

Security Audits

Comprehensive security audits by multiple leading blockchain security firms with public report publication.

Pre-launch audits by 3 independent firms

Formal verification of critical vault logic

Ongoing security reviews for new features

Public disclosure of all audit findings

Bug Bounty Program

Active bug bounty program incentivizing responsible disclosure of vulnerabilities with rewards up to $500K.

Critical vulnerabilities: Up to $500,000

High severity: $50,000 - $100,000

Medium severity: $10,000 - $25,000

Low severity: $1,000 - $5,000

Risk Controls

Automated on-chain risk enforcement prevents excessive exposure and protects capital in all market conditions.

Protocol concentration limits: Max 30% per protocol

Daily drawdown limits: -10% circuit breaker

Leverage constraints per vault risk tier

Correlation-based diversification requirements

Security Audit Status

SEQUELIZE is undergoing comprehensive security audits with multiple leading blockchain security firms. All audit reports will be published publicly upon completion.

Trail of Bits

Scheduled

Core vault contracts and risk modules

Q2 2024

OpenZeppelin

Scheduled

Strategy contracts and oracle integration

Q2 2024

Certik

Scheduled

Full protocol review and formal verification

Q3 2024

Threat Model & Mitigations

Comprehensive analysis of potential threats and implemented mitigation strategies to protect protocol and user assets.

Smart Contract Vulnerabilities

Critical Severity

Mitigation: Multiple security audits, formal verification, comprehensive test coverage (>95%), and ongoing security reviews

Oracle Manipulation

High Severity

Mitigation: Multi-source price feeds (Pyth, Switchboard, Chainlink), TWAP implementation, deviation checks, and circuit breakers

Protocol Integration Risk

High Severity

Mitigation: Continuous monitoring of integrated protocols, risk scoring system, automated strategy adjustment, and exposure limits

Economic Attacks

Medium Severity

Mitigation: Drawdown thresholds, flash loan protection, time-weighted operations, and concentration limits

Governance Attacks

Medium Severity

Mitigation: Multi-sig controls, time-locked execution, quorum requirements, and emergency pause mechanism

Front-Running

Low Severity

Mitigation: Batched execution, slippage protection, MEV-aware transaction ordering, and commit-reveal schemes

Bug Bounty Program

We maintain an active bug bounty program to incentivize responsible disclosure of security vulnerabilities. Rewards are determined by severity and impact according to industry-standard CVSS scoring.

Critical

$500,000

High

$50K-$100K

Medium

$10K-$25K

Low

$1K-$5K

Contact: security@sequelize.fi
Response Time: Within 24 hours for critical issues
Disclosure: Coordinated disclosure with 90-day window

User Security Best Practices

Use Hardware Wallets: Store private keys on hardware wallets like Ledger for maximum security

Verify URLs: Always verify you're on the official sequelize.fi domain before connecting wallet

Review Transactions: Carefully review all transaction details before signing

Start Small: Test with small amounts before committing significant capital

Monitor Activity: Regularly check your vault positions and transaction history

Enable Notifications: Set up alerts for deposits, withdrawals, and risk events

Risk Disclosure

DeFi protocols carry inherent risks including smart contract vulnerabilities, market volatility, oracle failures, and protocol integration risks. Despite comprehensive security measures, no system can guarantee absolute security. Users should only deposit capital they can afford to lose and conduct independent research before participating. Past security audits do not guarantee future safety.