Security & How Your Funds Are Protected

SynthOS is designed with security and transparency first. This guide explains how your funds are protected and what security measures are in place.

Non-Custodial Architecture

You Always Control Your Assets

What this means:

• Only you can deposit, withdraw, or allocate funds
• Your private keys never leave your wallet
• SynthOS smart contracts are proxies, not custodians
• No admin backdoors to access user vaults

How it works:

Traditional Finance:
You → Bank (holds your money) → Investments
Risk: Bank can freeze, lose, or misuse your funds

SynthOS:
You → Your Vault (you control) → Yield Strategies
Risk: Only smart contract risk, no custodial risk

Your permissions:

• Deposit assets to your vault
• Allocate funds to strategies
• Withdraw from positions
• Withdraw from vault to wallet
• Recover stuck ETH

SynthOS CANNOT:

• Withdraw your funds
• Move your assets without approval
• Freeze your vault
• Block your withdrawals
• Access your private keys

Smart Contract Security

Audited Contracts

Audit status:

• Core smart contracts audited by independent security firms
• Audit reports publicly available (link to audits)
• Critical vulnerabilities fixed before mainnet launch
• Regular re-audits when significant changes are made

What auditors check:

• Reentrancy vulnerabilities
• Access control issues
• Integer overflow/underflow
• Front-running risks
• Gas optimization
• Logic errors

Audit reports:

• Available in Audits & Bug Bounty
• Includes severity ratings and remediation status
• Updated with each new audit

Beacon Proxy Pattern

What it is:

• Upgradeable smart contract architecture
• All vaults point to a single implementation
• Upgrades improve all vaults simultaneously
• Your vault address never changes

Security benefits:

• Quick security patches without user action
• No need to migrate funds during upgrades
• All users benefit from improvements
• Reduced attack surface (single implementation)

Upgrade safety:

• 1-day minimum delay enforced by contract
• Upgrades cannot access or move user funds
• All storage (your positions) preserved across upgrades
• Announcement 24+ hours in advance

Example upgrade process:

Day 1: Admin proposes upgrade (security patch)
Day 2: Timelock period (community review)
Day 3: Upgrade executed
Result: All vaults use new logic, funds untouched

Reentrancy Guards

What they protect against:

• Malicious contracts calling back into your vault
• Recursive withdrawals draining funds
• State manipulation attacks

How they work:

// Simplified example
function withdraw() external nonReentrant {
    // Prevents recursive calls
    uint amount = userBalance[msg.sender];
    userBalance[msg.sender] = 0;  // Update state first
    msg.sender.transfer(amount);   // Then transfer
}

Coverage:

• All deposit functions
• All withdrawal functions
• All allocation functions
• Cross-chain operations

Whitelisted Tokens

What this means:

• Only approved assets can be deposited
• Prevents malicious token attacks
• Reduces smart contract risk

Current whitelist:

• USDC (Circle's stablecoin)
• USDT (Tether stablecoin)
• ETH (Native ether)
• WETH (Wrapped ether)

Why whitelist?

• Prevents fake token deposits
• Avoids tokens with malicious code
• Ensures liquidity for withdrawals
• Simplifies accounting and tracking

Adding new tokens:

• Requires governance approval
• Security review of token contract
• Liquidity analysis
• Community discussion

Slippage Protection

Built into all operations:

• Cross-chain deposits
• Cross-chain withdrawals
• Token swaps
• Bridge operations

How it protects you:

You set: 1% maximum slippage
Expected: 1,000 USDC → 950 aUSDC
Minimum: 940.5 aUSDC (1% below expected)

If actual < 940.5 aUSDC:
    No Transaction reverts
    Funds returned to your vault
    Only lose gas fees (~$0.05)

Protection against:

• Unfavorable exchange rates
• Bridge fee spikes
• Market volatility
• Low liquidity conditions

Validator Trust Model

What the Validator Can Do

Monitor operations:

• Watch LayerZero for message delivery
• Confirm deposits completed successfully
• Confirm withdrawals completed successfully
• Detect failed or stuck operations

Update vault state:

• Mark deposits as "Confirmed" when complete
• Mark withdrawals as "Completed" when funds return
• Mark operations as "Failed" to trigger refunds

Trigger refunds:

• If bridge operation fails
• If destination protocol rejects deposit
• If operation stuck for 24+ hours

What the Validator CANNOT Do

Cannot access funds:

• No private keys or withdrawal permissions
• Cannot move assets from your vault
• Cannot withdraw on your behalf
• Cannot bypass slippage protection

Cannot create fake positions:

• Cannot mark deposit as complete without actual receipt tokens
• Cannot inflate your balance
• Cannot modify position amounts arbitrarily

Cannot prevent withdrawals:

• Cannot block your withdrawal requests
• Cannot freeze your vault
• Cannot override your permissions

Validator Transparency

On-chain verification:

• Validator address is public in UserVaultManager contract
• All validator actions recorded on-chain
• You can verify confirmations independently
• Transaction hashes provided for every action

Example verification:

1. Check LayerZero Scan for message delivery
2. Verify destination transaction on block explorer
3. Confirm vault update transaction on Scroll
4. All three should match your operation

Trust model:

• Validator is a notary, not a custodian
• Worst case: Delays in confirmation (not loss of funds)
• Backup validators available if primary fails
• Community can run independent validators (coming soon)

Bridge Security

LayerZero Integration

Why LayerZero:

• Industry-standard cross-chain messaging protocol
• Used by 100+ protocols with $billions in volume
• Audited by multiple security firms
• Battle-tested across thousands of operations

Security features:

• Message verification on both chains
• Relayer decentralization
• Configurable security levels
• Automatic retry mechanisms

How it protects you:

Step 1: Your vault sends message on Scroll
Step 2: LayerZero relayers verify and transmit
Step 3: Destination chain receives and validates
Step 4: Only then does your vault update

If any step fails → Automatic refund

Bridge Operation Verification

Every bridge operation:

1. Recorded on source chain (Scroll)
2. Transmitted via LayerZero
3. Confirmed on destination chain
4. Verified by validator
5. Updated in your vault

Verification points:

• Transaction hash on source chain
• LayerZero message GUID
• Transaction hash on destination chain
• Validator confirmation transaction
• All publicly verifiable

Failed Bridge Handling

What happens if bridge fails:

Scenario 1: Message never delivered

Your USDC left Scroll → LayerZero marks as FAILED
→ Validator detects failure
→ Calls markDepositFailed() on your vault
→ Triggers refund flow on destination chain
→ Your funds return to your vault on Scroll

Scenario 2: Destination rejects deposit

Message delivered → Destination protocol rejects
→ Validator detects rejection
→ Marks operation as failed
→ Refund automatically processed
→ Funds return to your vault

Scenario 3: Stuck message

Message stuck for 24+ hours
→ Validator triggers timeout refund
→ Manual recovery process initiated
→ Funds recovered to your vault

Your protection:

• Automatic refund mechanisms
• 24-hour timeout safety net
• Manual recovery as last resort
• Funds never permanently lost

Emergency Recovery

Stuck ETH Recovery

If ETH gets stuck in your vault:

function recoverETH() external onlyOwner {
    // You can recover stuck ETH anytime
    payable(msg.sender).transfer(address(this).balance);
}

When this might happen:

• Accidental ETH sent to vault
• Failed transaction refunds
• Gas refunds from sponsored transactions

How to recover:

1. Navigate to vault settings
2. Click "Recover ETH"
3. Approve transaction
4. ETH sent to your wallet

Failed Bridge Recovery

If bridge operation fails:

Automatic recovery:

• Validator detects failure within 60 seconds
• Calls markDepositFailed() or markWithdrawalFailed()
• Refund processed automatically
• Funds return to your vault

Manual recovery (if automatic fails):

1. Contact support with message GUID
2. Team verifies operation status
3. Manual refund transaction submitted
4. Funds recovered within 24 hours

Your safety net:

• Funds never lost, only delayed
• Multiple recovery mechanisms
• Support team available 24/7
• All recovery operations on-chain and verifiable

Lost Message GUID

If you lose your message GUID:

Recovery steps:

1. Provide your vault address
2. Provide approximate transaction time
3. Support team locates your operation
4. Message GUID retrieved from blockchain
5. Recovery process continues normally

Prevention:

• Message GUID shown in pending operations
• Transaction hash also works for recovery
• Keep screenshots of pending operations
• Check email for transaction confirmations

Protocol Risk Management

Strategy Vetting Process

Before listing any strategy:

1. Protocol audit check

   • Must have independent security audit
   • No critical vulnerabilities
   • Audit report publicly available

2. TVL and maturity check

   • Minimum $10M TVL
   • Operating for 90+ days
   • No major security incidents

3. ERC4626 compatibility

   • Standard vault interface
   • Or custom adapter available
   • Tested integration

4. Oracle reliability

   • Reliable price feeds
   • Manipulation-resistant
   • Multiple data sources

Continuous monitoring:

• Daily TVL checks
• APY anomaly detection
• Security incident monitoring
• Community feedback review

Risk Isolation

Position-level isolation:

• Each position is independent
• Exploit in one protocol doesn't affect others
• Your vault holds receipt tokens, not base assets directly

Example:

Your portfolio:
- 1,000 USDC in Aave (Arbitrum)
- 1,000 USDC in Morpho (Base)
- 1,000 USDC in Compound (Optimism)

If Aave is exploited:
 Morpho position unaffected
 Compound position unaffected
 Aave position may lose value
Risk: Limited to 33% of portfolio

Diversification benefits:

• Spread risk across protocols
• Spread risk across chains
• No single point of failure
• Bundles automatically diversify

Incident Response

If external protocol suffers security incident:

Immediate actions:

1. Disable affected strategy (no new deposits)
2. Publish incident report on dashboard
3. Provide recommended actions to users
4. Monitor situation closely

User options:

1. Withdraw from affected strategy immediately
2. Wait for protocol recovery
3. Move funds to unaffected strategies
4. Withdraw all funds to wallet

Communication:

• Real-time alerts on dashboard
• Email notifications to affected users
• Telegram announcements
• Twitter updates

Recovery coordination:

• Work with affected protocol on recovery
• Provide guidance on claiming refunds
• Assist with insurance claims if available
• Transparent updates throughout process

Smart Contract Upgrade Safety

Upgrade Process

Step 1: Proposal (Day 1)

• Admin proposes upgrade to beacon
• Upgrade code published for review
• Reason for upgrade explained
• Community discussion begins

Step 2: Timelock (Day 2-3)

• 24-hour minimum delay enforced
• Community can review code
• Security researchers can audit
• Users can withdraw if concerned

Step 3: Execution (Day 3)

• Upgrade executed after timelock
• All vaults use new implementation
• User funds never touched
• Positions preserved

Step 4: Verification (Day 4+)

• Upgraded contract verified on block explorer
• Functionality tested
• Community confirms no issues
• Normal operations resume

What Upgrades Can Change

Allowed changes:

• Fix security vulnerabilities
• Add new features
• Optimize gas usage
• Improve user experience
• Add new integrations

Forbidden changes:

• Access user funds
• Modify user balances
• Change ownership of vaults
• Bypass security checks
• Remove user permissions

User Protection During Upgrades

Your options:

• Monitor upgrade proposals
• Review upgrade code (if technical)
• Withdraw funds before upgrade (if concerned)
• Participate in community discussion
• Report concerns to team

Safety guarantees:

• Minimum 24-hour notice
• Cannot be rushed or bypassed
• All storage preserved
• Funds never at risk
• Can withdraw anytime

Security Best Practices

For Users

Protect your wallet:

• Use hardware wallet for large amounts
• Never share private keys or seed phrases
• Verify contract addresses before approving
• Use separate wallet for DeFi (not your main holdings)

Monitor your positions:

• Check dashboard regularly
• Set up email/Telegram alerts
• Verify transactions on block explorer
• Keep records of deposits and withdrawals

Start small:

• Test with small amounts first
• Understand how system works
• Gradually increase allocation
• Diversify across strategies

Stay informed:

• Join Telegram for real-time updates
• Follow Twitter for announcements
• Read security advisories
• Participate in community discussions

Red Flags to Watch For

Warning signs:

• 🚩 Sudden large APY increases (may indicate exploit)
• 🚩 Withdrawal delays (check protocol status)
• 🚩 Unusual vault balance changes (verify transactions)
• 🚩 Unannounced contract upgrades (should never happen)

Immediate actions if you see red flags:

1. Stop new deposits immediately
2. Check official channels (Telegram, Twitter)
3. Verify on block explorer
4. Contact support if suspicious
5. Consider withdrawing funds

Security Roadmap

Current (v1)

• Audited smart contracts
• Non-custodial architecture
• Beacon proxy upgrades
• Validator monitoring
• Slippage protection

In Progress

• 🔄 Bug bounty program launch
• 🔄 Additional security audits
• 🔄 Formal verification of core contracts
• 🔄 Insurance partnership exploration

Planned (v2)

• 📋 Decentralized validator network
• 📋 On-chain governance for upgrades
• 📋 Emergency pause mechanisms
• 📋 Multi-sig admin controls
• 📋 Time-locked withdrawals (optional)

Common Security Questions

Q: What if SynthOS gets hacked?
A: Your funds are in your non-custodial vault, not held by SynthOS. An exploit would need to target specific smart contracts, not "SynthOS" as a company. We have multiple layers of protection and insurance is being explored.

Q: Can the team steal my funds?
A: No. The smart contracts have no admin functions that allow withdrawing user funds. Even during upgrades, user balances cannot be modified.

Q: What if LayerZero bridge fails?
A: Failed bridges trigger automatic refunds. Your funds return to your vault on Scroll. In the worst case, manual recovery is available.

Q: What if a strategy protocol gets exploited?
A: Risk is isolated to that specific position. Your other positions are unaffected. You can immediately withdraw from unaffected strategies.

Q: How do I verify my transactions?
A: Every operation has a transaction hash. Check on Scrollscan (for Scroll transactions) or LayerZero Scan (for cross-chain messages). All operations are publicly verifiable.

Q: What if the validator goes rogue?
A: The validator cannot access your funds or create fake positions. Worst case is delayed confirmations. Backup validators are available, and the community can run independent validators.

Next Steps

• Risk & Security Overview - High-level security summary
• Audits & Bug Bounty - Audit reports and bounty program
• Troubleshooting Guide - What to do if something goes wrong
• Key Concepts - Understanding the technical architecture

Ready to start securely? Launch SynthOS App →