Security

Aegis is designed to minimize the trust surface required by the user.

Smart Addresses: User funds are held in individual Smart Contract Accounts (Coinbase Base Account). They are not pooled in a central Aegis vault.
Impact: If one user's address were theoretically compromised or if a specific strategy failed for one user, it does not structurally endanger the assets of others.

Agent Limitations: The AutoFi Agents (via the Agent Address) hold restricted permissions over the Smart Address. They can execute function calls related to integrated protocols (e.g., "supply to Aave") but cannot execute arbitrary calls (e.g., "send ETH to random address").
No Direct Key Access: The backend agents do not hold the private keys to the User Address. They only control the Agent Address, which acts as a delegate.

Base Infrastructure: The underlying smart wallet infrastructure relies on Coinbase's audited Base Account contracts.
Integrated Protocols: Aegis only integrates with battle-tested protocols (Morpho, Aave) that have undergone extensive audits and have significant time-in-market.

Beyond code security, Aegis actively manages financial risk through the AutoFi Agents.

The system continuously monitors the Total Value Locked (TVL) of every active Instrument.

Trigger: A sudden, statistically significant drop in TVL within a short timeframe.
Action: Immediate liquidation of positions in that instrument. This protects users from "slow rug" scenarios or protocol-level exploits that result in liquidity draining.

For lending markets, the ability to withdraw is paramount.

Trigger: Utilization rates approaching 100% (meaning all supplied funds are borrowed out).
Action: The Agent exits the position before the pool reaches saturation, ensuring user funds remain liquid and withdrawable.

Aegis monitors its own footprint.

Logic: The protocol prevents the collective user base from owning too large a percentage of a single liquidity pool.
Benefit: This prevents "slippage traps" where Aegis users would be unable to exit a position without incurring significant losses due to their own market impact.

The system integrates an off-chain risk module monitoring social media (e.g., X/Twitter).

Logic: Often, hacks or exploits are reported on social channels before they fully manifest in on-chain price data.
Action: If a high-confidence threat intelligence signal is detected regarding an integrated protocol, the Agents can proactively pause deposits or trigger exits before the market reacts.