Skip to main content
Security at SURCHI is not a feature — it is the foundation everything else is built on. An AI-powered execution protocol that cannot be trusted with user funds is not a protocol worth using. Every architectural decision, from the zero team allocation to the multisig treasury to the on-chain audit trail, reflects a deliberate choice to prioritize security over speed, and trust over convenience. This page is an honest and complete account of how SURCHI is secured, where the risks lie, and what measures are in place to address them.

Security Architecture

SURCHI’s security model operates across four distinct layers, each addressing a different class of risk.
1

Smart Contract Security

Audited contracts with formal verification targets.All SURCHI smart contracts undergo independent third-party security audits before deployment. Audit reports are published publicly in full — no redacted findings. For the highest-value contracts (treasury, execution authorization), SURCHI targets formal verification: mathematical proof that the contract behaves exactly as specified under all possible conditions.
  • Pre-deployment audits by independent security firms
  • Public audit reports with all findings disclosed
  • Formal verification targets for critical contract logic
  • Bug bounty program for community-reported vulnerabilities
2

Execution Safeguards

User-defined limits, circuit breakers, and kill switches.The Execution Sentinel can only act within boundaries you explicitly define. Maximum trade sizes, daily caps, asset whitelists, and slippage limits are all user-controlled. If the Sentinel detects activity outside normal parameters, automatic circuit breakers halt execution until manual review. Users retain a one-click emergency stop at all times.See Execution Safeguards for complete details.
3

Treasury Security

Multisig with distributed, DAO-elected keyholders.All protocol funds are held in a multi-signature wallet requiring multiple independent keyholders to authorize any transaction. Keyholders are elected by token holder governance and can be replaced by community vote. No individual — including any founding team member — can unilaterally move treasury funds.See Treasury for complete details.
4

Operational Security

Secure hardware enclaves for AI inference and signing.SURCHI’s Sentinel AI models run in Trusted Execution Environments (TEEs) — secure hardware enclaves where computation is isolated from the host operating system and provably tamper-resistant. Signing keys used for on-chain execution are generated and stored inside TEEs, meaning they are never exposed in plaintext to any software layer, server administrator, or network attacker.

Liquidity Security

Protocol and user liquidity receives specific protections beyond general smart contract security.

Liquidity Locked at Launch

Initial DEX liquidity is locked at launch. The founding team cannot remove or rug protocol liquidity. Lock details and proof are published on-chain and linked from the official website.

Liquidity Sentinel Monitoring

The Liquidity Sentinel continuously monitors on-chain liquidity pools for abnormal drain patterns, large coordinated withdrawals, and indicators of sandwich or drain attacks. Anomalies trigger alerts and, where applicable, automated protective responses.

Emergency Withdrawal Mechanisms

In a genuine emergency, users retain the ability to withdraw funds directly via on-chain transaction to the smart contract — without using the SURCHI interface. This ensures that even if the frontend is compromised or unavailable, user funds remain accessible.

Threat Model

Security design is only meaningful if it honestly addresses the actual threats. Here is what SURCHI is built to defend against:
ThreatSURCHI Defense
Smart Contract ExploitsIndependent audits, formal verification targets, public bug bounty, immutable core logic
Oracle ManipulationMulti-source data aggregation — no single oracle feed can move protocol state unilaterally
Front-Running & MEVPrivate transaction routing options via Jito bundles and MEV-protected RPC endpoints
Social Engineering & ScamsOfficial channel verification, anti-phishing guidance, community education
Insider RiskZero team token allocation, multisig treasury, on-chain transparency — no insider has unilateral financial control
Governance AttackQuorum requirements, time-locks on execution, supermajority thresholds for critical changes
AI Model ManipulationTEE-isolated inference, multi-source signal validation, human-interpretable audit trail

Execution Safeguards

How user-defined limits and circuit breakers protect automated execution.

Wallet Safety

Essential practices for protecting your SURCHI and Solana assets.

Official Channels

Verify you’re communicating with the real SURCHI. Scam prevention starts here.

Bug Bounty

Report vulnerabilities responsibly and earn rewards.
No protocol is 100% secure. DeFi carries inherent risks including smart contract vulnerabilities, market volatility, and ecosystem-level events beyond any single protocol’s control. Never invest more than you can afford to lose. SURCHI security documentation describes the measures in place to reduce risk — it does not constitute financial advice or a guarantee of fund safety.