Risk controls are a product feature, not a footnote.
A protocol that manages autonomous capital needs its security story in public. This page should show the trust model, the operational roles, and what still needs review before broader deployment.
What is enforced by the program
The protocol checks transaction size, daily spend, recipient and program allowlists, time windows, and frozen status before a request can become an execution path.
Why the review surface matters
Security review is not just about code correctness. It is about proving that the public behavior, operational roles, and launch configuration match the trust assumptions the site presents.
- Document the program ID, deployed commit, and binary hash.
- Keep owner and emergency roles clearly assigned.
- Validate the read layer before scaling the dashboard.
- Review any upgrade or release path before mainnet.
What happens if something looks wrong
The response model should prioritize the freeze authority, log inspection, and rapid communication. If a model or integration behaves badly, the protocol must let the operator stop movement immediately.
What users deserve to know
Visitors should be able to see whether the protocol is devnet or mainnet, whether an audit is complete, and which operational roles are active. That transparency is part of the security story.
What still needs verification
Before mainnet, security review, deployment discipline, and role assignment need to be finished. The site should not pretend otherwise.