> ## Documentation Index
> Fetch the complete documentation index at: https://docs.boltliquidity.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Security model and protective mechanisms for Bolt deployments.

Bolt is built with security-first principles. Archway deployments are protected by multiple independent security layers that work together to prevent exploitation, mitigate market volatility, and ensure transaction finality.

<Warning>
  Bolt is in Beta. Liquidity provision is currently permissioned. Do not provide liquidity through unauthorized channels.
</Warning>

## Security Architecture

Bolt's security model comprises four core protective layers:

<Steps>
  <Step title="Oracle Validation">
    The Price Oracle is the primary trust boundary. Oracle prices are validated for freshness, with expiration windows preventing the use of stale data. Prices older than configured thresholds are rejected, defending against delayed-price attack vectors.
  </Step>

  <Step title="Deviation Limits">
    Deviation limits act as circuit breakers during extreme volatility. When market prices move beyond configured thresholds relative to the oracle feed, swap execution is halted. This protects the execution layer from pricing anomalies and cascading liquidations.
  </Step>

  <Step title="Swap Minimums">
    Minimum swap values mitigate DDoS-style attacks and economic inefficiencies. Transactions below the minimum threshold are rejected, preventing spam attacks that would drain liquidity provider reserves through repeated tiny swaps.
  </Step>

  <Step title="Adaptive Velocity Oracle (AVO)">
    The AVO ensures prices reflect best-available market rates by ingesting real-time order books from multiple centralized exchanges, applying an adaptive velocity model to predict where price is heading, and sizing spreads using Avellaneda-Stoikov market-making theory. The on-chain price cannot deviate meaningfully from real-time market consensus, and every fill is scored for flow toxicity.
  </Step>
</Steps>

## Security Layers

<Tabs>
  <Tab title="On-Chain Security">
    Contract-level protections embedded in the Bolt Outpost and Pool contracts.

    ### Access Control

    Outpost functions enforce role-based access control. Only authorized signers can execute administrative functions like emergency pauses or parameter updates. Pool operations are restricted to the Outpost to prevent direct manipulation.

    ### Reentrancy Protection

    CosmWasm message execution prevents cross-contract reentrancy by default through its actor model. Bolt contracts maintain additional state guards to detect and reject recursive calls.

    ### Integer Overflow Protection

    Rust's type system and overflow-checking arithmetic prevent integer overflow vulnerabilities. All arithmetic operations use checked methods that fail safely on overflow.

    ### Input Validation

    All external inputs are validated on contract entry. Asset denominations, amounts, and addresses are checked against whitelist and range constraints before processing.
  </Tab>

  <Tab title="Oracle Security">
    Protections applied to price feed validation and management.

    ### Price Freshness

    Prices are timestamped on-chain. Expired prices (older than the configured expiration window) are rejected automatically. The expiration window is tunable per asset, with shorter windows for volatile pairs.

    ### Multiple Price Sources

    The oracle aggregates price data from multiple independent providers. No single provider can unilaterally move prices. Prices are computed using resistant aggregation functions that reject extreme outliers.

    ### Deviation Monitoring

    Real-time price deviations relative to historical baselines trigger alerts and can trigger automated circuit breakers. Deviations beyond configured limits halt swap execution until manual review.

    ### Cryptographic Commitment

    Oracle prices are committed to a Merkle tree and published on-chain. Historical prices remain verifiable and immutable, enabling post-hoc auditing of oracle behavior.
  </Tab>

  <Tab title="Operational Security">
    Practices and mechanisms protecting against hedging and rebalancing risks.

    ### Liquidity Rebalancing

    Bolt maintains balanced liquidity across asset pairs. Rebalancing operations are time-locked and visible on-chain, preventing flash-loan style attacks that exploit temporary imbalances.

    ### Hedging Verification

    All hedging positions are tracked and verified against actual liquidity. Off-chain hedges are reconciled with on-chain reserves hourly, with mismatches triggering alerts.

    ### Admin Key Separation

    Administrative functions are separated across multiple keys with different privilege levels. No single compromised key can trigger high-impact operations like emergency pause or asset withdrawal.

    ### Emergency Pause

    The execution layer can be paused in response to detected threats or market anomalies. Pause authority is held by a time-locked multisig, preventing unilateral shutdown.
  </Tab>
</Tabs>

## Adaptive Velocity Oracle (AVO) Verification

<Info>
  The AVO provides verifiable proof that the oracle delivered the most efficient prices available at execution time. The AVO pipeline includes: multi-venue composite pricing (depth-weighted mid-prices across Gate.io, Binance, OKX, Bybit, Crypto.com), adaptive velocity prediction (6-step EMA model), Avellaneda-Stoikov reservation pricing adjusted by net inventory, optimal spread sizing adapted to volatility regime, and per-tick clamping to a maximum 0.7% deviation. Every fill is scored for flow toxicity within 100 to 500ms, informed flow is hedged aggressively via taker orders, and circuit breakers halt quoting if price jumps exceed 1.5%, fewer than 2 venues are live, or the hedge-venue basis exceeds 5x.
</Info>

## Deployment Languages

Bolt is implemented in multiple languages optimized for each deployment target:

* **CosmWasm Rust**: Archway deployments use Rust compiled to WebAssembly. Rust's type system provides compile-time guarantees against memory safety vulnerabilities. CosmWasm's runtime adds additional sandboxing.
* **Move**: Sui deployments use the Move language, which provides linear type guarantees and prevents use-after-free bugs at the language level.

All implementations follow identical security principles and threat models, with language-specific optimizations for each blockchain.

<CardGroup cols={2}>
  <Card title="Contract Math" icon="function" href="/contract-math">
    Understand pricing algorithms and slippage calculations.
  </Card>

  <Card title="Pool State Indexing" icon="database" href="/pool-state-indexing">
    Index and monitor real-time pool state for analysis.
  </Card>
</CardGroup>
