Security

🧱 Non-Custodial by Design

Aspis Protocol is entirely non-custodial. Neither the Aspis team, the manager, nor any connected AI agent has direct access to user funds. All funds are securely stored in on-chain smart contracts, where the logic strictly defines what actions are allowed and under which conditions.

Users interact with their vaults via intuitive interfaces (including Telegram), but all transactions are ultimately executed through permissioned smart contracts. Managers do not control user wallets; they only propose transactions that must comply with pre-defined vault logic.

This means:

• No private key or admin control over pooled funds

• No backdoors or emergency withdrawal access

• Only vault contract logic can initiate asset movements

⚖️ Built-in Risk Controls

To ensure capital safety and compliance with strategy logic, Aspis vaults embed several layers of automated risk protection:

1. Asset Whitelisting

Each vault can only interact with a pre-approved list of tokens and protocols. This prevents rug-pulls and malicious token behavior.

2. Delegated Execution

Managers use delegated calls to instruct the vault to execute trades or rebalance strategies, but cannot directly withdraw or move funds. This preserves transparency and limits trust assumptions.

3. AI Assistant Boundaries

The AI layer assists with transaction generation, analytics, and automation — but cannot execute any action without vault permission logic. Every step remains on-chain and verifiable.

🧩 Vault Smart Contract Architecture

Aspis Vaults are modular by design, ensuring clear separation of responsibilities and minimized attack surfaces. Each vault is governed by a self-contained smart contract system composed of:

1. Treasury Module

• Securely holds all user-deposited assets

• Disallows any transfer of funds unless triggered through validated, rule-compliant actions

• Prevents direct withdrawals by managers, AI agents, or frontend interfaces

2. Shareholders Registry

• Keeps track of LP token balances and ownership

• Calculates each investor's share and dynamically updates when funds are deposited or withdrawn

• Ensures proportional distribution of returns and voting power, if applicable

3. Operating Rules Engine

• Contains the fund’s logic: risk settings, allowed assets, trading limits, fee structures

• Validates every execution request before funds are moved

• Supports performance fee logic, rebalancing strategies, voting mechanics, and other governance features

4. Execution Layer Interface

• Accepts inputs from the AI assistant or the manager

• Passes execution instructions through rule validation

• Only allows actions that match the preconfigured Vault logic

5. External Security Integrations

• Oracles (Chainlink, RedStone): Provide price feeds for asset valuation and liquidation rules

• Smart Contract Monitoring: Tracks abnormal patterns and emits alerts

• Anti-Fraud Layer: (planned) Detects manipulative behavior in trading or vault parameters

• Compliance Checks: Helps align vault behavior with legal and reputational best practices (especially for institutional-grade vaults)

🛡️ Oracle Security

Accurate pricing is essential to prevent manipulation, especially during liquidations or rebalancing. Aspis integrates Chainlink oracles to supply real-time, tamper-resistant market data.

These oracles:

• Provide decentralized price feeds for on-chain decision-making

• Enable accurate position valuation and liquidation logic

• Protect against front-running or spoofing attacks using off-chain APIs

✅ Audit & Verification

Our smart contracts have undergone professional security auditing and continuous internal testing. We also support:

• Transparent contract source code publishing

• Open community reporting via bug bounty programs

• Optional multisig-controlled upgrade mechanisms for selected modules

⚡ Summary

Aspis Protocol is built to minimize trust and maximize security:

• Smart contracts enforce all rules

• Funds cannot be accessed by managers, AI, or the team

• Risk is mitigated through oracles, whitelists, and delegated logic

This approach ensures fully autonomous, transparent, and secure asset management.

"If it’s not on-chain and permissionless, it’s not truly decentralized."