search

Trust & Compliance

hashtag
Built for Security

Sova is engineered to meet high standards of on-chain safety and operational security — while maintaining the permissionless, self-custodial nature of crypto.

This is achieved through a multi-layer architecture of smart contracts, role-based controls, and audited code.

hashtag
1. Non-Custodial Architecture

Sova uses a modular architecture to separate control over assets and execution.

hashtag
Core Components

  • Conduit: A smart contract that manages all asset transfers into and out of the vault — ensuring no funds move without proper authorization

  • Vault Contract: Holds cbBTC deposits and issues svBTC tokens

  • Reporter: Provides on-chain valuation updates

Self-Custodial

Users retain on-chain ownership of their svBTC tokens at all times. The underlying cbBTC is held in the vault smart contract, not by any third party.

hashtag
2. Role-Based Access Control

Sova implements a strict hierarchical role system to minimize risks and prevent abuse:

Role
Responsibilities

Protocol Admin

System-level permissions, governance control

Strategy Admin

Approves new strategies and asset integrations

Price Updater

Updates NAV via oracle reporters

Strategy Operator

Executes operational actions (e.g., liquidity management)

Zero Unauthorized Access

Every smart contract interaction is permission-gated. Unauthorized access is blocked at the protocol level.

hashtag
3. Audit Coverage

All core contracts powering Sova are fully audited and follow security best practices:

  • ERC4626 vault logic

  • Deposit and withdrawal flows

  • Reporter and price oracle integration

  • Access control and role manager systems

Audit reports: See Securityarrow-up-right for full audit details.

hashtag
4. Oracle & Valuation Integrity

Valuation updates are submitted by authorized roles only, using the Reporter contract.

hashtag
To ensure accuracy and prevent manipulation:

  • All NAV updates are timestamped and versioned

  • Price changes above a set deviation threshold are automatically rejected

  • Role-based permissions restrict who can submit updates

hashtag
5. Smart Contract Security

hashtag
Security measures include:

  • Audited contracts by Omniscia

  • ERC-4626 standard compliance for vault operations

  • Minimal proxy pattern for gas-efficient, battle-tested deployments

  • Hook system for extensible operational controls

Transparent Operations

All vault operations are on-chain and verifiable on BaseScan.

PreviousLegal DisclaimerNextTerms of Use

Last updated