Security Model Overview
This document describes the security architecture of Nomial V1
Last updated
This document describes the security architecture of Nomial V1
Last updated
All protocol operations are gated by the contract, which implements OpenZeppelin’s AccessControl and adds custom roles (VALIDATOR_ROLE
, BORROWER_ROLE
) on top of DEFAULT_ADMIN_ROLE
.
Off-chain validators run clients that monitor system state across all deployed chains. Every protected operation requires a strict majority of the active validator set to sign off—e.g., with four validators, at least three must approve. The access manager verifies replay-protected signatures against the VALIDATOR_ROLE
, ensuring only a majority consensus executes critical functions.
Collateral in Nomial V1 is managed by the contract, which enforces a two-phase, time-locked withdrawal mechanism. Collateral can be liquidated to cover a borrower's debt if they fail to repay their loan. Validators enforce collateral requirements at their discretion. A majority of validator signatures is required to trigger collateral liquidation.
Borrowers must obtain majority validator sign-off for all borrows. Additionally, borrowers must be granted the BORROWER_ROLE
in order to borrow funds from an inventory pool. Collateral requirements, enforced by validators, ensure that borrowers have an incentive to repay their debt.
Administrative changes (interest‐rate parameter changes, validator and borrower set updates, pool state overrides) can only be performed by the default admin address with the validator majority.
Two core user operations remain permissionless
LP Deposits & Withdrawals in
Loan Repayments in
An attacker must compromise a strict majority of validator private keys and the default admin key to execute any privileged action or steal funds from inventory pools. If an attacker compromises a borrower key, the collateral provided by the borrower can be liquidated to recover the value of stolen funds.
By combining role-based access control with an off-chain validator set and a strict-majority threshold, Nomial V1 minimizes trust in any single party. An adversary would have to control both a majority of validators and a privileged access account key (admin or borrower) in order to exploit the system.