Security is a design property
This page documents how Multyr is designed to be robust, what testing it undergoes, and what external reviews are planned.
Non-custodial by construction
Deposits convert to ERC-4626 shares. The protocol never holds user funds off-chain.
Separation of powers
ROOT_TIMELOCK, SAFE_GOV, SAFE_GUARDIAN, and SAFE_VETO split propose, execute, cancel, and pause authority.
Timelock-gated changes
All parameter changes pass through a 48h delay so users have visibility before execution.
Isolated strategies
Strategy Vaults are scoped so a failure in one does not automatically cross-contaminate another.
Exit paths preserved
Instant, queued, and force-withdrawal mechanisms are designed to preserve exit even in degraded states.
Internal testing
- Unit tests
- Fuzz testing
- Invariant testing
- Fork tests against live Arbitrum state
- Continuous shadow testing with controlled capital
External review
Top-tier auditor firms are being evaluated for external review. Final engagement is targeted for end of Q2 / early Q3 2026.
A public bug bounty is scheduled to go live together with the first audit publication, targeted for Q3 2026.
Responsible disclosure contact: security@multyr.fi