# Security & Authentication ### Multi-Layer Security Model #### User Custody Layer **Safe Smart Accounts** provide foundational security: * Users maintain full custody via Safe ownership * Multi-signature support (though typically 1-of-1) * Battle-tested Safe v1.3.0+ infrastructure * Optional additional signers for enhanced security #### Transaction Validation Layer **BravaGuard** enforces protocol boundaries: * Validates all transactions before execution * Only registered actions can be called * Restricts interactions to approved protocols * Prevents fund extraction outside Brava ecosystem #### Execution Layer **SequenceExecutor** provides atomic safety: * All actions execute via delegatecall in Safe context * All-or-nothing transaction semantics * Action validation against AdminVault registry * Prevents partial execution failures #### Governance Layer **AdminVault** manages system configuration: * Time-delayed proposals for all changes * Role-based access control (RBAC) * Mandatory waiting periods before execution * Emergency cancellation mechanisms *** ### Role-Based Access Control AdminVault implements hierarchical RBAC with separation of duties: #### Role Hierarchy ``` OWNER_ROLE (Emergency only) └─ ROLE_MANAGER_ROLE (Day-to-day admin) ├─ ACTION_PROPOSER → ACTION_EXECUTOR → ACTION_DISPOSER ├─ POOL_PROPOSER → POOL_EXECUTOR → POOL_DISPOSER ├─ FEE_PROPOSER → FEE_EXECUTOR → FEE_CANCELER └─ TRANSACTION_PROPOSER → TRANSACTION_EXECUTOR → TRANSACTION_DISPOSER ``` **Key Principles:** * **Separation of Duties:** Propose, execute, and cancel are separate roles * **Time Delays:** Mandatory waiting period between proposal and execution * **Emergency Override:** OWNER\_ROLE can bypass delays (use sparingly) * **Cancellation** : CANCELER roles provide safety valve during delay period *** ### Time-Locked Governance All system changes follow a proposal-delay-execution pattern: 1. **Propose** - Submit action/pool/fee change (PROPOSER role) 2. **Wait** - Mandatory delay period (default 24 hours) 3. **Execute** - Apply approved change (EXECUTOR role) 4. **Cancel** - Abort during delay if needed (CANCELER role) *** ### Cross-Chain Security **EIP712TypedDataSafeModule** enables secure multi-chain execution: * Single signature authorizes bundle across chains * EIP-712 structured data for signature clarity * Per-Safe sequence nonces prevent replay * Bundle expiry timestamps * Chain ID validation *** ### Authentication Methods #### Direct Safe Owner Execution Standard Safe transaction signing for direct sequence execution via SequenceExecutor #### EIP-712 Bundle Signatures via Module User signs typed data bundle once, which is then relayed and executed through the EIP712TypedDataSafeModule authorized on their Safe. This enables: * Single signature for multi-chain execution * Gasless transactions (relayer pays gas) * Cross-chain coordination *** ### Fee System * **Rate**: 0.50% annual fee on deposited funds * **Calculation**: Prorated daily (365-day year) * **Collection**: Triggered by FEE\_TAKER\_ROLE * **Tracking**: AdminVault records last fee timestamp per pool * **Prevention**: Cannot collect fees twice for same period * **Precision**: Basis points (10000 = 100%) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.brava.finance/technical/technical-architecture/security-and-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.