Threat Model
Surf is designed under the assumption that every layer can fail and that adversarial behaviour is the default state of open financial systems. The security model does not rely on trust in the AI, operators, or off-chain components. It is built on explicit threat modelling and deterministic containment.
The primary question we design for is not:
“Can the system make money?”
It is:
“What happens when something goes wrong, and how is loss prevented or contained?”
Core Threat Classes
1. AI Decision Risk
The AI can:
Misinterpret signals
Overfit to short-term noise
Propose actions that are statistically valid but operationally unsafe
React incorrectly under regime shifts
Mitigation:
AI has zero direct execution authority. Every action must pass the Guardian Layer, which enforces:
Allowlisted venues only
Exposure and allocation caps
Slippage and price-impact bounds
Volatility and anomaly filters
Cooldown and rate limits
Simulation-based pre-checks
If a proposal violates any invariant, it is rejected and nothing moves.
2. Smart Contract Risk
Threats include:
Logic bugs
Reentrancy
Oracle manipulation
State desynchronisation
Upgrade path abuse
Mitigation:
Vaults are isolated per user
Execution modules are permissioned and minimal
External protocol interactions are allowlisted
Continuous internal audits and external security reviews
Emergency pause and unwind paths are hard-coded
No strategy logic can arbitrarily move funds outside its authorised execution scope.
3. Liquidity and Market Structure Risk
Includes:
Sudden liquidity withdrawal
MEV and sandwich attacks
Oracle lag
Extreme volatility and gap moves
CLMM range breaks
Lending market utilisation spikes
Mitigation:
Pre-trade simulation and price impact checks
Maximum position sizing per venue
Dynamic slippage ceilings
Volatility regime detection
Circuit breakers that freeze execution during stress
Fallback to safe-state allocations
The system is built to prefer not executing over executing in degraded conditions.
4. Cross-Chain and Bridge Risk
Threats:
Bridge compromise
Message reordering
Replay or finality failure
Liquidity fragmentation
Mitigation:
Chain abstraction is execution-controlled, not free-routing
Bridges are allowlisted per asset and per route
Finality thresholds enforced before state transitions
Cross-chain moves require Guardian approval
Emergency asset isolation per chain
No autonomous cross-chain movement can bypass risk checks.
5. Custody and Key Management Risk
Threats:
Key compromise
Operator abuse
Hot wallet drain
Signature forgery
Mitigation:
User-owned vaults
MPC (Multi-Party Computation) signing
No single key can move funds
Deterministic signing policies
Hardware-backed security for operational keys
Role separation between planning, approval, and execution
6. Governance and Upgrade Risk
Threats:
Malicious upgrades
Governance capture
Backdoor insertion
Mitigation:
Time-locked upgrades
Multi-sig and MPC enforcement
Public audit trails
Emergency veto paths
Invariant checks that cannot be overridden by governance
Failure Containment Philosophy
Surf assumes that:
Markets will break
Oracles will lag
Liquidity will disappear
AI will be wrong
Smart contracts will be probed
Adversaries will continuously attack
The system is therefore built around containment, not optimism.
When something fails:
The action is blocked by rules
Capital remains in the vault
State is frozen or reverted
Emergency exit paths are available
Human and automated monitors are triggered
No cascading execution is allowed
Loss is not allowed to propagate across:
Users
Strategies
Chains
Venues
Design Invariant
The fundamental invariant of Surf is:
No component, human or AI, can move user funds outside deterministic safety boundaries.
Everything else, including performance, comes second.
This threat model is why Surf behaves differently from:
Strategy routers
Yield aggregators
Black-box agents
Custodial automation platforms
Surf is built as an execution system under adversarial assumptions, not as an optimisation script.
That is what makes it safe to let AI touch real capital.
Last updated