Core Principle
No single party can unilaterally move funds, mint/burn tokens, or execute material operations.
Multi-Party Authorization
All critical operations require authorization from multiple independent parties:| Operation | Issuer Alone? |
|---|---|
| Token minting/burning | No |
| Buffer movements | No (requires custodian) |
| SSBAF subscription/redemption | No (requires fund manager) |
| Contract upgrades | No (requires notice period) |
| Fee changes | No (requires notice period) |
| Emergency pause | No (requires external party) |
External Oversight
Key signers include regulated external parties across multiple jurisdictions, ensuring independent oversight of critical operations.Authorization Matrix
| Operation | Authorization |
|---|---|
| Administrative functions (parameters, upgrades via timelock) | Multi-party admin multisig |
| Emergency pause (critical security events) | Dedicated emergency authorization path |
Emergency Response
In emergencies (smart contract exploit, oracle manipulation, funds at risk), contracts can be paused with multi-party authorization.Under normal operations, BTCY transfers are permissionless. The BTCY contract includes an emergency pause reserved for critical security events (for example smart contract exploit or oracle manipulation), authorized via multi-party governance including a dedicated emergency authorization path. The design intent is to keep transfers permissionless except in those critical security events so DeFi liquidations can execute under normal conditions.
Notice Periods
| Change type | Advance notice |
|---|---|
| Material changes (fee increases, buffer range adjustments, new yield sources, custodian changes) | 30 days |
| Minor operational adjustments | 7 days |
| Contract upgrades | 15 business days plus 48-hour on-chain timelock |
Smart Contract Controls
| Control | Description |
|---|---|
| Audit | Cyfrin audit completed pre-deployment |
| Pause | Emergency pause capability |
| Whitelist | Only KYC’d wallets can hold iBTCY |
| Rate limits | Per-wallet and aggregate limits on-chain |
Upgradeability
Smart contracts may be upgradeable via admin multisig with timelock. Investors receive advance notice of any upgrades.Key Management
Keys are managed through institutional-grade MPC infrastructure with:- Multiple independent signers
- Hardware security modules
- Comprehensive audit trails
Audits
Smart contract security
Available only to eligible professional/qualified investors on an invite-only basis, subject to onboarding and compliance approval. For informational purposes only and not investment advice. Not an offer to the public or a solicitation where unlawful. No retail distribution. Not available to US Persons.Disclaimers · Platform and issuer