🛡️ Security Model

Security Model

MALGIST is designed with a non-custodial, permissioned, and defense-in-depth security model. This section explains how user funds, execution logic, and system upgrades are protected.

---

1. Non-Custodial Guarantees

• Users always retain ownership of their funds

• Assets are held inside the UniversalVault smart contract

• MALGIST:

  • Cannot withdraw user funds

  • Cannot move assets without explicit user action

• There are no admin backdoors to user balances

✅ Users interact directly with on-chain contracts.

---

2. Permission Boundaries

MALGIST enforces strict separation of responsibilities:

Strategy Contracts

• Read-only logic

• Define allocation rules and execution steps

• Cannot hold or move funds

Universal Vault

• Sole authority over user assets

• Executes strategies in a controlled manner

• Validates all adapter calls

Protocol Adapters

• Whitelisted via Adapter Registry

• Each adapter is:

  • Protocol-specific

  • Scope-limited

• Arbitrary external calls are blocked

🔒 No component has unlimited permissions.

---

3. Adapter Whitelisting & Isolation

• Only approved adapters can be executed

• Each adapter:

  • Interacts with a single protocol

  • Uses predefined interfaces

• If an adapter is compromised:

  • Impact is isolated

  • Other strategies remain unaffected

This reduces blast radius from external protocol risks.

---

4. Upgrade & Control Model

• Contracts follow a controlled upgrade path

• Upgrade authority (if enabled):

  • Limited to governance or multisig

  • Used only for:

    • Bug fixes

    • Protocol support updates

• No upgrades can:

  • Seize user funds

  • Modify user balances

⚠️ Upgradeability is transparent and auditable on-chain.

---

5. Transparency & Auditability

• All executions are:

  • Deterministic

  • On-chain

  • Publicly verifiable

• Events emitted for:

  • Deposits

  • Strategy execution

  • Adapter calls

• Users and auditors can independently verify behavior via block explorers

---

Security Principles Summary

• ✅ Non-custodial by design

• ✅ Least-privilege execution

• ✅ Adapter isolation

• ✅ Transparent upgrades

• ✅ On-chain auditability

---

➡️ Next: Risk Framework — understanding what risks remain and how users should evaluate them.