Trust and safety
Security and controls
Lucida’s required controls for transactions, accounting, and protocol administration.
Wallet security
- Non-custodial authorization. Users sign with wallet-standard compatible wallets; Lucida must never request seed phrases or private key files.
- Pre-sign review. The interface should identify the asset, amount, vault, destination, program ID, fee payer, cluster, and expected result.
- Simulation first. Production transactions should be simulated and decoded before signature approval.
Server-side verification
Client-submitted asset, amount, vault, and signature fields are untrusted. A deposit recorder must verify the signer, program semantics, mint, token program, destination vault, transfer amount, commitment level, and duplicate-signature status from the confirmed transaction.
Administrative controls
Lucida’s configured Squads 3-of-5 governance authority can approve strategy changes, protocol-fee withdrawals and transfers of Vault assets. A governance transfer can reduce Vault NAV and user redeemable value. Production upgrade authority, treasury operations, strategy allocation, emergency actions, and parameter changes require reviewed multisig governance.
Audits and disclosure
No audit claim
This repository does not establish that Lucida is production-audited. Publish audit reports, deployed program IDs, upgrade authorities, known findings, and remediation status before a mainnet release.
