# Security Models The protocol defines explicit trust boundaries across system components and external dependencies: **Trusted** * zkSync state finalized through validity-proof verification. **Conditionally Trusted** * Cross-domain messaging ordering and delivery guarantees. * Base-layer finality assumptions anchoring zkSync settlement. **Untrusted** * All external execution environment state prior to validation. * All strategy-reported values prior to oracle validation. * All remote balance claims and position assertions. * All cross-domain event callbacks and relayed messages. No untrusted domain may directly mutate canonical share supply, accounting state, or net asset value (NAV). #### Threat Model This section enumerates the adversarial capabilities the protocol is designed to withstand. **Adversary Capabilities Considered** * Malicious or faulty strategy logic. * Stale, manipulated, or delayed oracle inputs. * Execution environment reorganization, rollback, or inconsistency. * Temporary execution environment halts or degraded availability. * Incorrect or adversarial profit-and-loss reporting. * Cross-domain messaging congestion or delivery delays. * Partial execution or incomplete unwind attempts. * Adversarial timing behavior and race-condition exploitation. * MEV exposure and transaction reordering within execution environments. * Manipulation of auxiliary or reward assets. * Flash-loan-driven valuation manipulation attempts. * Information asymmetry across execution environments. **Capabilities Explicitly Out of Scope** The protocol explicitly excludes the following catastrophic failures from its threat model: * Cryptographic failure of zkSync validity proofs. * Base-layer consensus failure underlying zkSync settlement. * Root-level compromise of cross-domain messaging infrastructure. * Sustained chain-level censorship exceeding defined recovery thresholds. These dependencies represent systemic risks outside the protocol’s control and are treated as external trust assumptions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://multistake-1.gitbook.io/multistake-docs/documentation/security-model/security-models.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.