# Security & Authentication ### Multi-Layer Security Model #### User Custody Layer **Safe Smart Accounts** provide foundational security: * Users maintain full custody via Safe ownership * Multi-signature support (though typically 1-of-1) * Battle-tested Safe v1.3.0+ infrastructure * Optional additional signers for enhanced security #### Transaction Validation Layer **BravaGuard** enforces protocol boundaries: * Validates all transactions before execution * Only registered actions can be called * Restricts interactions to approved protocols * Prevents fund extraction outside Brava ecosystem #### Execution Layer **SequenceExecutor** provides atomic safety: * All actions execute via delegatecall in Safe context * All-or-nothing transaction semantics * Action validation against AdminVault registry * Prevents partial execution failures #### Governance Layer **AdminVault** manages system configuration: * Time-delayed proposals for all changes * Role-based access control (RBAC) * Mandatory waiting periods before execution * Emergency cancellation mechanisms *** ### Role-Based Access Control AdminVault implements hierarchical RBAC with separation of duties: #### Role Hierarchy ``` OWNER_ROLE (Emergency only) └─ ROLE_MANAGER_ROLE (Day-to-day admin) ├─ ACTION_PROPOSER → ACTION_EXECUTOR → ACTION_DISPOSER ├─ POOL_PROPOSER → POOL_EXECUTOR → POOL_DISPOSER ├─ FEE_PROPOSER → FEE_EXECUTOR → FEE_CANCELER └─ TRANSACTION_PROPOSER → TRANSACTION_EXECUTOR → TRANSACTION_DISPOSER ``` **Key Principles:** * **Separation of Duties:** Propose, execute, and cancel are separate roles * **Time Delays:** Mandatory waiting period between proposal and execution * **Emergency Override:** OWNER\_ROLE can bypass delays (use sparingly) * **Cancellation** : CANCELER roles provide safety valve during delay period *** ### Time-Locked Governance All system changes follow a proposal-delay-execution pattern: 1. **Propose** - Submit action/pool/fee change (PROPOSER role) 2. **Wait** - Mandatory delay period (default 24 hours) 3. **Execute** - Apply approved change (EXECUTOR role) 4. **Cancel** - Abort during delay if needed (CANCELER role) *** ### Cross-Chain Security **EIP712TypedDataSafeModule** enables secure multi-chain execution: * Single signature authorizes bundle across chains * EIP-712 structured data for signature clarity * Per-Safe sequence nonces prevent replay * Bundle expiry timestamps * Chain ID validation *** ### Authentication Methods #### Direct Safe Owner Execution Standard Safe transaction signing for direct sequence execution via SequenceExecutor #### EIP-712 Bundle Signatures via Module User signs typed data bundle once, which is then relayed and executed through the EIP712TypedDataSafeModule authorized on their Safe. This enables: * Single signature for multi-chain execution * Gasless transactions (relayer pays gas) * Cross-chain coordination *** ### Fee System * **Rate**: 0.50% annual fee on deposited funds * **Calculation**: Prorated daily (365-day year) * **Collection**: Triggered by FEE\_TAKER\_ROLE * **Tracking**: AdminVault records last fee timestamp per pool * **Prevention**: Cannot collect fees twice for same period * **Precision**: Basis points (10000 = 100%)