Security

Strata is committed to a security-centric process across the entire lifecycle of our smart contracts, from development to deployment and ongoing monitoring.

Audits

Strata works with top auditors like Cyfrin, Guardian and Quantstamp to secure the protocol smart contracts. Read more here:

Multisigs & Timelocks

Admin Multisig A 3-of-5 Gnosis Safe responsible for executing higher-impact protocol actions that require stricter controls but still occur more frequently than full timelock-governed changes. The Admin Multisig manages roles such as PAUSER_ROLE and supervises operational parameters that influence system behavior without altering core protocol logic. All actions are subject to a 48h timelock except pausing the protocol and can be cancelled by the Guardian, ensuring strong oversight and protection against misconfiguration or compromise.

Operational Multisig A dedicated 2-of-3 Gnosis Safe used to execute routine, low-risk protocol actions that require timely updates but do not affect core security parameters. It is managed by trusted contributors and handles tasks such as refreshing APR feeds, performing strategy updates, and maintaining configuration within predefined limits. All activity is constrained by role-based permissions and benefits from additional oversight through the timelock and Guardian.

Know more about roles and permissions for multisigs and timelocks to enhance security and transparency: Roles and Permissions

On-Chain Monitoring

Our team has built a comprehensive suite of internal on-chain monitoring tools and bots that continuously track protocol activity. These systems detect anomalies such as unexpected multisig actions, unusual contract interactions, or deviations in expected protocol behavior.

In the event of a critical issue, our monitoring stack can automatically trigger protective responses, including pausing relevant contracts, ensuring rapid mitigation without relying on external infrastructure.