Defense Posture
Security is layered to reduce single points of failure. The posture emphasizes defense-in-depth, least privilege, secure-by-default configuration, transparency, and continuous improvement. Security is ongoing risk reduction, not a guarantee.
Defense in depth
Multiple layers protect protocol state and operator operations.
Least privilege
Roles and keys are scoped to the minimum required actions.
Secure by default
Defaults favor safety in configuration and deployment.
Transparency
Public reporting and on-chain records improve accountability.
Continuous improvement
Policies, audits, and incident learnings refine controls.
Roles and Responsibilities
Security duties are shared across builders, operators, and the Foundation. No single party can guarantee safety. Responsibilities are explicit and on-chain outcomes remain accountable.
| Role | Scope | Accountability |
|---|---|---|
| Core developers | Maintain protocol code, review changes, and publish advisories. |
Governance-approved change process and review standards. |
| Operators | Run sequencer/batch operations, node infrastructure, key management, monitoring, and uptime. |
Operator charter requirements and network governance. |
| Foundation | Publish security policy, coordinate disclosures, steward audit scope. |
Foundation governance and public reporting commitments. |
| Ecosystem builders | Secure integrations, interfaces, and off-chain services. |
Independent security practices and disclosure policies. |
Threat Model Scope
Define what is protected and what remains out of scope. Coverage focuses on protocol state, operator operations, and interface boundaries, with records that are on-chain, time-ordered, and tamper-evident.
| Surface | Coverage | Limitation |
|---|---|---|
| Assets | Protocol state, operator keys, bridge gateways, and canonical wallet rules. |
Does not cover third-party custody or unrelated chain assets. |
| Trust boundaries | Operator operations, governance actions, and reference interfaces. |
Does not extend to external services or off-chain systems. |
| Out of scope | External wallets, exchanges, and independent adapter implementations. |
Security of those surfaces is owned by their operators. |
Audit Program
Independent review tests code and assumptions to reduce risk. The audit cycle defines scope, review, remediation, and disclosure.
-
Scope definition
Kernel, modules, and reference tooling are defined with assumptions.
-
Pre-audit readiness
Documentation, tests, and threat model reviews are prepared.
-
Independent review
Findings, impact, and severity are identified by auditors.
-
Remediation and disclosure
Fixes are implemented and verified before disclosure.
Bug Bounty Program
A bug bounty provides a path for responsible disclosure. Scope, rewards, and response expectations define how reports are handled.
In-scope targets
Hub kernel and reference tooling where protocol state can be affected.
Out-of-scope targets
Third-party services, external wallets, and unrelated chains.
Disclosure process
Rules and response timelines define how reports are handled.
Manifesto
"My goal is simple: make it possible for anyone, anywhere, to form an entity that can operate with credibility, continuity, and real financial rails, built for stablecoin-native operations."
Read the ManifestoNicolas Turcotte
Founder and Lead Engineer
Contribute now
Testnet is for builders, operators, and stewards who want to validate the Hub in public.
Protocol engineers
Working on kernel definitions, message scope, and invariants.
Indexer and data engineers
Defining event schemas and reproducible view inputs.
Early operators
Testing sequencer, batch posting, and operational scope under testnet rules.
Infrastructure-aligned investors
Tracking scope, risks, and progress (no return claims implied).
Legal counsel
Reviewing boundary posture, non-custodial scope, and document stack order.
Governance stewards
Shaping kernel/adapters separation and upgrade posture.
Testnet
Testnet access
If you're building or validating the Hub, request testnet access to evaluate it.
Newsletter
Stay in the loop
Concise updates on testnet readiness, releases, and governance milestones.
Testnet
Testnet access
If you're building or validating the Hub, request testnet access to evaluate it.
Request testnet accessNewsletter
Stay in the loop
Concise updates on testnet readiness, releases, and governance milestones.