DeFi & Blockchain Protocol Security
Protocol risk is system risk. DeFi failures are often cross-component:
contract logic, oracle assumptions, bridge trust, and governance timing.
This workflow keeps agent actions narrow and auditable while humans own
final protocol decisions.
What this workflow covers
- Upgrade diff review for proxy and immutable deployments.
- Oracle and pricing guardrails for manipulation-resistant execution.
- Bridge and multisig emergency runbooks for containment.
Eligibility profile
A finding is eligible when:
- The impacted contracts/configs are known and versioned.
- A fork-test or simulation harness can validate behavior.
- Emergency actions are pre-approved in runbook policy.
- Agent changes are reviewable as code/config, not ad-hoc operator chat.
Recipe catalog
- Smart-contract upgrade diff risk review
- DeFi oracle manipulation guardrails
- Bridge & multisig emergency response
Guardrails
- Chain-specific simulation required before merge.
- Invariant tests for solvency, collateralization, and pause logic.
- Timelock and signer-threshold constraints cannot be weakened by agent.
- Any unverifiable assumption triggers
TRIAGE.mdand stop.
Not in scope
- Autonomous governance voting with production keys.
- New protocol feature design.
- Economic parameter tuning without risk committee sign-off.