Security & trust model

Sentinel's non-custodial guarantees are mechanical, not just contractual. The MVP reduces risk surface by design: no Sentinel signing key, no Sentinel execution, no fund custody, and per-customer namespace isolation enforced by the contract itself.

Mechanical invariants

These hold even under full compromise of Sentinel's servers, because they are properties of the contract and the architecture rather than promises:

No signing key. Sentinel holds no key that can authorize an on-chain write. There is no key to steal.
No execution path. Sentinel's HTTP surface is read-only (GET-only); state-changing actions are operator-side tooling that only prepares unsigned drafts.
Namespace isolation. EvidenceRegistry.anchor writes only to anchors[msg.sender][batchId]. No party can write into a Safe's evidence record except that Safe.
No custody. Funds never touch a Sentinel-controlled account; they remain in the customer's Safe throughout.

Fail-open KYC

The KYC SBT read is fail-open and the interpretation is split by surface:

On the customer's Safe execution path — an unreadable tier means “proceed; the owner quorum is the sole authority anyway.” It never blocks.
In Sentinel's drafting UI — an unknown tier is treated conservatively (no high-tier drafting affordance) unless an operator explicitly overrides.

What Sentinel does NOT do

These constraints define the regulatory perimeter and the trust model. They are structural, not merely policy:

Holds no custody of customer funds.
Holds no signing key for any on-chain write.
Signs no Safe transactions on behalf of customers.
Cannot write into any customer's evidence namespace (writes require msg.sender == customer).
Issues, mints, or tokenizes no assets.
Trades, rebalances, or executes no liquidity.
Provides no proof-of-reserve, reserve sufficiency, or reserve attestation.
Performs no compliance attestation or legal disclosure certification.
Recommends no specific allocations, swap counterparties, or yield strategies.
Operates as no AI manager, optimizer, advisor, or autonomous agent.
Claims no compliance-enforced execution while the MVP gate is off-chain.
Performs no automated evidence anchoring; customers sign anchor proposals through their own Safe quorum.

There is no Sentinel-controlled key that can write into EvidenceRegistry or move customer funds, no admin to bribe, and no upgrade path to abuse in the MVP contract.

Security posture

Unaudited testnet MVP. Sentinel is currently an unaudited HashKey testnet MVP. No code here should be used to manage real funds without independent security review, operational controls, and protocol hardening. A full third-party audit is part of any production / mainnet deployment path.

Underlying networks have varying decentralization and security postures; Sentinel makes no warranty regarding the security or operational continuity of any underlying L1 or L2.

← Architecture For developers →