Skip to main content

Permissions + Threat Notes

  • Privileged actions should be owned by a multisig with clear operational SOPs.
  • A dedicated Guardian role should be able to pause both token and forecasting flows during incidents.
  • Backend signer compromise is a critical risk; treat automation keys as production-tier secrets.
  • MEV and slippage risk exists across all three AMM domains; enforce user slippage bounds and monitor sandwich patterns.
  • Oracle risk primarily affects fallback forecast resolution and TWAP-dependent checks; deterministic TournamentManager results are preferred.
  • Document pause criteria, incident runbooks, and all privileged-call audit trails.