Security Model

Dephi implements defense-in-depth security with immutable contracts, scoped admin permissions, and optional guardian 2FA for withdrawals. This page details each security layer.

Defense in Depth

Security is implemented in multiple independent layers. Compromising one layer does not compromise others.

Layer 1: Immutable Core Contracts
Layer 2: Scoped Admin Permissions
Layer 3: Guardian 2FA Protection
Layer 4: Position Isolation

Layer 1: Immutable Contracts

Core vault contracts are deployed without proxy patterns or upgrade mechanisms. Once deployed, the bytecode is permanently fixed on-chain. This eliminates several attack vectors:

Protected Against

  • Malicious upgrade attacks
  • Governance takeover via upgrades
  • Proxy storage collisions
  • Timelock bypass exploits

Implementation

  • No UUPS or Transparent Proxy patterns
  • No delegatecall to external contracts
  • No SELFDESTRUCT capability
  • Bytecode verified on Etherscan

Trade-off

Immutability means bugs cannot be patched. This is why Stone Vault was audited by Nethermind before deployment and uses only battle-tested protocol integrations (Spark, Aave, Curve).

Layer 2: Scoped Admin Permissions

Admin functions exist only for protocol fee collection. There is no admin capability to:

No Asset Access

Cannot withdraw user funds

No Upgrades

Cannot change contract code

No Pausing

Cannot freeze withdrawals

Admin CAN Only

  • Adjust protocol fee percentage (capped at maximum)
  • Collect accrued protocol fees
  • Update fee recipient address

Fee Structure

Performance Fee

10% of generated yield

Management Fee

0% (no annual fee)

Layer 3: Guardian 2FA Protection

Optional second-factor authentication for withdrawals. Even if your primary wallet is compromised, attackers cannot withdraw without the guardian signature.

How Guardian 2FA Works

Primary Wallet

Signs withdrawal

+

Guardian Wallet

Off-chain signature

=

Withdrawal

Approved

Guardian Setup

  1. 1. Create a new wallet (never used before)
  2. 2. Store seed phrase securely offline
  3. 3. Do NOT fund this wallet (zero balance)
  4. 4. Register public address as guardian

Security Properties

  • Guardian address not stored publicly
  • Zero-knowledge proof verification
  • Off-chain signature (no gas needed)
  • Can be changed with both signatures

Important

If you lose access to your guardian wallet, you will need to use the Emergency Withdraw function which has a 24-hour timelock and small penalty fee. Store your guardian seed phrase securely!

Layer 4: Position Isolation

Each user position is completely isolated from others. This prevents cascading failures and limits blast radius of any potential exploit.

Isolation Guarantees

  • Separate accounting per position
  • Independent action execution
  • No shared state between users
  • Error boundaries per position

Blast Radius

  • Bug affects only that position
  • Other positions unaffected
  • Protocol continues operating
  • No systemic contagion risk

Security Checklist

Immutable contracts (no upgrades)
No admin asset access
Audited by Nethermind
Oracle-less design
No blacklistable tokens
Guardian 2FA option
Emergency exit path
Position isolation
On-chain audit trail
Battle-tested protocols only
← ArchitectureDeposit Flow →