Security Model Overview

Access Control

All protocol operations are gated by the InventoryPoolDefaultAccessManager01.sol contract, which implements OpenZeppelin’s AccessControl and adds custom roles (VALIDATOR_ROLE, BORROWER_ROLE) on top of DEFAULT_ADMIN_ROLE.

Validator Sign-Off Mechanism

Off-chain validators run clients that monitor system state across all deployed chains. Every protected operation requires a strict majority of the active validator set to sign off—e.g., with four validators, at least three must approve. The access manager verifies replay-protected signatures against the VALIDATOR_ROLE, ensuring only a majority consensus executes critical functions.

Collateral Lock & Withdrawal Process

Collateral in Nomial V1 is managed by the CollateralPool01 contract, which enforces a two-phase, time-locked withdrawal mechanism. Collateral can be liquidated to cover a borrower's debt if they fail to repay their loan. Validators enforce collateral requirements at their discretion. A majority of validator signatures is required to trigger collateral liquidation.

Loan Process

Borrowers must obtain majority validator sign-off for all borrows. Additionally, borrowers must be granted the BORROWER_ROLE in order to borrow funds from an inventory pool. Collateral requirements, enforced by validators, ensure that borrowers have an incentive to repay their debt.

Administrative Operations

Administrative changes (interest‐rate parameter changes, validator and borrower set updates, pool state overrides) can only be performed by the default admin address with the validator majority.

Permissionless Actions

Two core user operations remain permissionless

• LP Deposits & Withdrawals in InventoryPool01.sol

• Loan Repayments in InventoryPool01.sol

Threat Model

An attacker must compromise a strict majority of validator private keys and the default admin key to execute any privileged action or steal funds from inventory pools. If an attacker compromises a borrower key, the collateral provided by the borrower can be liquidated to recover the value of stolen funds.

By combining role-based access control with an off-chain validator set and a strict-majority threshold, Nomial V1 minimizes trust in any single party. An adversary would have to control both a majority of validators and a privileged access account key (admin or borrower) in order to exploit the system.