Overview
The Security Council is a multisig composed of multiple independent parties across different timezones. It serves as the protocol’s emergency response and governance mechanism, with the authority to pause, unpause, and replace the Allocator.Tiered Thresholds
The Security Council uses tiered thresholds to balance rapid response with governance safety:| Action | Threshold | Purpose |
|---|---|---|
| Pause | 1-of-N | Any member can immediately halt all withdrawals |
| Unpause | Majority | Resume operations after investigation |
| Replace Allocator | Supermajority | Upgrade or fix the Allocator contract |
| Change Membership | Supermajority | Add or remove council members |
Global Pause
Because all withdrawals across all 80+ chains flow through a single Allocator, the entire protocol can be paused with a single transaction. This is a significant advantage over protocols where each chain’s escrow contract must be individually paused — a process that takes time and could miss chains during an active exploit.Scope
The Security Council governs the Allocator only. It cannot:- Modify the Hub ledger or create balances
- Withdraw user funds from the Depository
- Alter Oracle attestations
- Access funds held in any contract