# Security Model Overview ### Access Control All protocol operations are gated by the [InventoryPoolDefaultAccessManager01.sol](https://github.com/nomial-io/nomial-contracts-v1/blob/main/src/owners/InventoryPoolDefaultAccessManager01.sol) contract, which implements OpenZeppelin’s AccessControl and adds custom roles (`VALIDATOR_ROLE`, `BORROWER_ROLE`) on top of `DEFAULT_ADMIN_ROLE`. ### Validator Sign-Off Mechanism Off-chain validators run clients that monitor system state across all deployed chains. Every protected operation requires a **strict majority** of the active validator set to sign off—e.g., with four validators, at least three must approve. The access manager verifies replay-protected signatures against the `VALIDATOR_ROLE`, ensuring only a majority consensus executes critical functions. ### Collateral Lock & Withdrawal Process Collateral in Nomial V1 is managed by the [`CollateralPool01`](https://github.com/nomial-io/nomial-contracts-v1/blob/67549ad721ace334fbd727dda49e91d283291008/src/CollateralPool01.sol) contract, which enforces a two-phase, time-locked withdrawal mechanism. Collateral can be liquidated to cover a borrower's debt if they fail to repay their loan. Validators enforce collateral requirements at their discretion. A majority of validator signatures is required to trigger collateral liquidation. ### Loan Process Borrowers must obtain majority validator sign-off for all borrows. Additionally, borrowers must be granted the `BORROWER_ROLE` in order to borrow funds from an inventory pool. Collateral requirements, enforced by validators, ensure that borrowers have an incentive to repay their debt. ### Administrative Operations Administrative changes (interest‐rate parameter changes, validator and borrower set updates, pool state overrides) can only be performed by the default admin address **with the validator majority.** ### Permissionless Actions Two core user operations remain permissionless * **LP Deposits & Withdrawals** in [`InventoryPool01.sol`](https://github.com/nomial-io/nomial-contracts-v1/blob/main/src/InventoryPool01.sol) * **Loan Repayments** in [`InventoryPool01.sol`](https://github.com/nomial-io/nomial-contracts-v1/blob/main/src/InventoryPool01.sol) ### Threat Model An attacker must compromise a strict majority of validator private keys **and** the default admin key to execute any privileged action or steal funds from inventory pools. If an attacker compromises a borrower key, the collateral provided by the borrower can be liquidated to recover the value of stolen funds. By combining role-based access control with an off-chain validator set and a strict-majority threshold, Nomial V1 minimizes trust in any single party. An adversary would have to control both a majority of validators and a privileged access account key (admin or borrower) in order to exploit the system. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nomial.io/security/security-model-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.