SSS DeFi β2.0
Open App
Trust boundary

Trust & Risk Boundary

SSS is in public beta. This page explains what users can verify today, which funding and trading paths are live, how reserves and receipts should be checked, and which controls still remain operational.

At a glance

Current boundary, at a glance

Read these three points first, then decide whether you want the fuller boundary.

Receipts and route evidence

Funding, trading, and withdrawal flows should be checked through receipts, activity records, route status, and finalized on-chain outcomes.

Clear operating controls

Users keep the choice to fund, trade, provide liquidity, or withdraw; route safety, reconciliation, and recovery controls remain part of the public beta operating boundary.

Agent and Intent boundaries

Agent Kit and Intent Kit are integration surfaces. They should use dedicated principals, preview-first flows, idempotent client_tx_id discipline, and no withdrawal authority by default.

Verification

What users can verify today

SSS is designed so that a trade does not end at a front-end status. A user action should remain readable through receipts, activity, and finalized outcomes.

Readable receipts

A user action should not stop at a front-end status. Receipts should explain token, amount, path, reference, block, and final status when available.

Traceable activity

Activity records should preserve a readable path from funding, swap, limit order, or withdrawal action to result.

Finalized on-chain outcomes

Final outcomes should be anchored by ledger blocks, route records, receipts, or other on-chain evidence rather than left as a platform-only message.

Checkable system state

Reserve evidence, route state, and public pool data should remain inspectable so the product boundary is not a black box.

Control boundary

Who controls what

Trust becomes clearer when control is described directly. The current structure is a controlled product flow, not the final trust-minimized end state.

User controls

These choices remain with the user.

  • Whether to fund
  • Whether to trade
  • Whether to provide liquidity
  • Whether to withdraw
  • Whether to continue using SSS

System-managed flow today

These states are managed inside the active product flow today.

  • Unified SSS balances across supported ICP and Ethereum funding routes
  • Swap, limit order, reservation, and execution states
  • Receipt, route, settlement, and account activity states
  • Client transaction idempotency and consistency guards inside managed flows

Owner / admin controls today

These controls remain part of the current operating boundary today.

  • Pausing or degrading higher-risk funding and withdrawal paths
  • Switching risk modes
  • Reserve reconciliation, evidence refresh, and recovery operations
  • Operational safety controls while public beta hardening continues
Active balance protection

How active balances are protected today

The current boundary is not only about where assets sit. It is also about how the system reacts when something no longer looks right.

Reconciliation

Asset, liability, route, and user-balance differences should be surfaced and resolved rather than ignored.

Invariant checks

Core accounting, pool liabilities, referral / fee liabilities, and route reserves should be checked rather than merely assumed.

Withdrawal guards

Withdrawal previews, route availability, fees, and final transaction states should be checked before assets leave the active flow.

Risk modes

When infrastructure, route, or reserve evidence becomes uncertain, SSS should reduce new risk before expanding activity further.

Failure & exits

If something goes wrong

Trust is tested when conditions stop being normal. A clearer interruption is better than a misleading success state.

  • Abnormal conditions should be surfaced instead of being hidden behind a generic success flow
  • Safer operating modes may be applied before normal operation resumes
  • Exit paths and restrictions should be stated clearly
  • Delayed, paused, or limited states should be shown as they are
Not promised yet

What is not promised yet

A clear trust page should also state what has not yet been claimed as complete.

  • Not the final DAO / SNS governance state
  • Not the final privacy-preserving execution state
  • Not every future asset, route, agent policy, or vault model is live today
  • Not the final trust-minimized end state

Read the boundary, then decide how far to go

SSS is a live public beta system, not a finished trust-minimized endpoint. Start small, verify routes and receipts, and increase size only after you understand the boundary.