Security Model
Dephi implements defense-in-depth security with immutable contracts, scoped admin permissions, and optional guardian 2FA for withdrawals. This page details each security layer.
Defense in Depth
Security is implemented in multiple independent layers. Compromising one layer does not compromise others.
Layer 1: Immutable Contracts
Core vault contracts are deployed without proxy patterns or upgrade mechanisms. Once deployed, the bytecode is permanently fixed on-chain. This eliminates several attack vectors:
Protected Against
- Malicious upgrade attacks
- Governance takeover via upgrades
- Proxy storage collisions
- Timelock bypass exploits
Implementation
- No UUPS or Transparent Proxy patterns
- No delegatecall to external contracts
- No SELFDESTRUCT capability
- Bytecode verified on Etherscan
Trade-off
Immutability means bugs cannot be patched. This is why Stone Vault was audited by Nethermind before deployment and uses only battle-tested protocol integrations (Spark, Aave, Curve).
Layer 2: Scoped Admin Permissions
Admin functions exist only for protocol fee collection. There is no admin capability to:
No Asset Access
Cannot withdraw user funds
No Upgrades
Cannot change contract code
No Pausing
Cannot freeze withdrawals
Admin CAN Only
- Adjust protocol fee percentage (capped at maximum)
- Collect accrued protocol fees
- Update fee recipient address
Fee Structure
Performance Fee
10% of generated yield
Management Fee
0% (no annual fee)
Layer 3: Guardian 2FA Protection
Optional second-factor authentication for withdrawals. Even if your primary wallet is compromised, attackers cannot withdraw without the guardian signature.
How Guardian 2FA Works
Primary Wallet
Signs withdrawal
Guardian Wallet
Off-chain signature
Withdrawal
Approved
Guardian Setup
- 1. Create a new wallet (never used before)
- 2. Store seed phrase securely offline
- 3. Do NOT fund this wallet (zero balance)
- 4. Register public address as guardian
Security Properties
- Guardian address not stored publicly
- Zero-knowledge proof verification
- Off-chain signature (no gas needed)
- Can be changed with both signatures
Important
If you lose access to your guardian wallet, you will need to use the Emergency Withdraw function which has a 24-hour timelock and small penalty fee. Store your guardian seed phrase securely!
Layer 4: Position Isolation
Each user position is completely isolated from others. This prevents cascading failures and limits blast radius of any potential exploit.
Isolation Guarantees
- Separate accounting per position
- Independent action execution
- No shared state between users
- Error boundaries per position
Blast Radius
- Bug affects only that position
- Other positions unaffected
- Protocol continues operating
- No systemic contagion risk