Security & Governance Architecture

This section describes how the protocol secures user funds, manages restaked assets, governs AI decision-making, and ensures safe protocol upgrades through transparent, on-chain mechanisms.

The architecture is designed specifically for a Restaking-Powered AI Infrastructure on Solana, where economic security, AI-assisted risk management, and governance separation are core principles.

Design Principles

The protocol security model is built on five core principles:

  1. Restaking-backed economic security

  2. AI-assisted risk detection, not fund control

  3. Strict separation of roles and authorities

  4. Multisig-first asset custody

  5. Governance-guarded upgrades with fail-safes

Smart Contract Security Architecture

Modular Protocol Design

The protocol is composed of isolated smart contract modules:

  • Restaking Vault Module Handles user deposits, withdrawals, and issuance of restaked positions.

  • Delegation & Allocation Module Allocates restaked assets across validators, services, or AI-secured tasks.

  • AI Risk Engine Interface Consumes off-chain AI risk scores and feeds them into on-chain risk parameters.

  • Slashing & Risk Control Module Applies exposure limits, cooldowns, and automated de-delegation.

  • Governance & Authority Module Controls upgrades, parameters, and emergency actions.

Each module is permission-scoped to minimize blast radius in case of failure.

Core Security Invariants

The protocol enforces the following invariants at all times:

  • Users cannot withdraw more assets than their restaked balance.

  • Delegation cannot be changed without valid on-chain authorization.

  • AI systems cannot directly move or control user funds.

  • All protocol upgrades require multisig approval.

  • Treasury assets are isolated from protocol execution logic.

Squads Multisig Treasury & Asset Custody

Squads as the Asset Custody Layer

All protocol-owned assets are secured using Squads Multisig, the standard multisig infrastructure on Solana.

Squads is used for:

  • Protocol treasury custody

  • Restaking reward management

  • Insurance & risk reserve funds

  • Operational and ecosystem allocations

No single-signer wallet is used to custody protocol funds.

Multisig Configuration

Purpose

Multisig Setup

Treasury & Asset Custody

Squads Multisig 3/5

Protocol Upgrade Authority

Squads Multisig 3/5

AI Parameter Updates

Squads Multisig 2/3

Emergency Guardian

Limited authority (pause-only)

Key Separation & Operational Security

To reduce operational risk:

  • Treasury keys are separated from upgrade keys.

  • All multisig signers use hardware wallets.

  • No multisig signer has unilateral execution power.

  • All executed transactions are publicly verifiable on-chain via Squads.

Restaking Risk & Slashing Protection Layer

Slashing Risk Model

Restaked assets may be exposed to slashing due to:

  • Validator misbehavior (double signing, prolonged downtime)

  • Service-level failures

  • Risk threshold violations detected by AI monitoring

  • Protocol-defined economic penalties

AI-Assisted Risk Mitigation

The AI system acts as a risk intelligence layer, not a custodian:

  • Continuously monitors validator performance and on-chain signals

  • Generates risk scores for validators and services

  • Triggers automated safeguards when thresholds are exceeded

Safeguards include:

  • Exposure caps per validator or service

  • Automatic rebalancing or de-delegation

  • Cooldown periods before stake reallocation

  • Early warning alerts for governance intervention

AI Does Not Control Funds

The AI Risk Engine:

  • Cannot sign transactions

  • Cannot withdraw, transfer, or reallocate funds directly

  • Cannot bypass governance or multisig controls

All fund movements are executed exclusively by smart contracts governed by multisig-approved parameters.

AI Governance & Model Security

AI Model Update Governance

AI model updates follow a controlled process:

  1. Model training and validation off-chain

  2. Model version published to IPFS / Arweave

  3. Model hash registered on-chain

  4. Squads multisig approval required

  5. Activation after a predefined delay window

This ensures transparency, auditability, and protection against malicious updates.

Anti-Manipulation & Data Integrity

To prevent AI manipulation:

  • Risk signals are sourced from multiple independent data feeds

  • On-chain behavior is cross-validated

  • Anomaly detection flags outliers

  • Risk score outputs are bounded within protocol-defined limits

All AI decisions affecting protocol parameters are publicly observable.

Governance & Protocol Upgrades

Governance Scope

Governance controls:

  • Protocol upgrades

  • Risk parameters and thresholds

  • Treasury allocation

  • AI integration rules

  • Emergency response actions

Upgrade Safety Mechanisms

All upgrades require:

  • Multisig proposal and approval

  • Public notice and review period

  • Optional timelock (24–72 hours)

  • Post-upgrade monitoring

Upgrades cannot:

  • Mint new tokens outside tokenomics

  • Bypass slashing rules

  • Access treasury funds without multisig approval

Emergency Controls

In case of critical risk:

  • Emergency guardian can pause protocol operations

  • Pausing does not allow fund withdrawal

  • Resumption requires multisig confirmation

  • All emergency actions are publicly logged

Audit & Verification Strategy

The protocol follows a multi-layer security review process:

  • Independent smart contract audits (OtterSec, Halborn, Zellic, Certik )

  • Continuous testing and fuzzing

  • AI risk simulation and adversarial testing

  • Ongoing monitoring post-deployment

PreviousSystem ArchitectureNextSlashing & Security Model

Last updated