Security measures

The security of funds is the cornerstone of Noya. Our mission is to ensure Noya is secure enough to protect and manage assets reliably, particularly as we operate across multiple chains (omnichain), which presents complex and unpredictable scenarios. Therefore, our focus is to implement robust security measures to keep the system as secure as possible.

Noya employs a modular security module, designed to evolve over time to keep user funds safe. Changes to this module are not made unilaterally but decided upon via the NOYA Decentralized Autonomous Organization (DAO) and then executed with a three-month time lock. This process ensures that the community is notified of any changes, providing ample time to address any potential issues, or for users to exit the system if they choose to.

Noya's security settings can be divided into three sections:

  1. Smart Contract Security: This section includes rules for users and strategy managers when interacting with the system. Some of the primary rules include:

    • Dex and bridge interactions are limited to vault settings: Each vault has its own security settings, which are enforced with every transaction. This measure helps mitigate the risk of high slippage fees in Dex.

    • Delayed admin actions: All admin actions, such as adding a new chain to trusted chains or a new protocol integration, are delayed, giving users a window to withdraw their assets if they disagree with the new decision.

    • Delayed and capped deposits and withdrawals: Due to our omnichain architecture, we must use messaging protocols, which inherently carry risks. Deposits and withdrawals are therefore delayed to provide a window to react to fraudulent messages.

    • and many others that was explained here

  2. ZKML - Verifier of the Strategy Execution: Our Agent's Machine Learning (ML) approach aids asset movement in the right direction by predicting future yields. However, smart contracts can't ascertain whether the movement command is the decision of the model or not. Thus, we use Zero-Knowledge (ZK) scalability to verify the ML model on-chain and keep the model weights private. For asset movement, the strategy manager needs to provide a valid proof.

  3. Watchers of the System Integrity: Noya's structure includes a set of decentralized watchers that monitor the system's actions. These watchers are incentivized to alert the smart contract if they notice a potential security exploit in the smart contract itself or in the integrated protocols. In such instances, Noya's smart contracts halt the system actions, providing a window to ensure the safety of user funds. This is a protective feature not intended for everyday use but for potential emergency situations.

Last updated