Royco Dawn

The Security Dossier · Royco Dawn

Security isn't a feature.
It's the foundation.

DeFi keeps suffering from exploits. This is an unacceptable outcome for users. Royco is built differently: multiple audits from tier-one security firms, formally verified, continuously monitored, and employs robust operational practices because security is our paramount priority.

$250K

Bug Bounty

Active via Immunefi

5

Independent Audits

With Formal Verification

24h

Min Settlement Delay

On every withdrawal

24/7

Monitoring

Via Hypernative

Cantina

Certora

Hexens

Hypernative

Immunefi

Nethermind

[0x7a2f...ee9d] CHAIN=ethereum BLOCK=18245631 EVENT=deposit.queued delay=24h status=ok

[0xb4d2...98fa] OFAC_SCREEN result=clear addr=0x3c2b...4e9f feed=chainalysis ok

[0xa8c1...62e4] SETTLEMENT delay=24h action=withdraw status=queued ok

[0x3f1b...27c8] AUDIT firm=cantina severity=none resolved=true ok

[0x8d3c...f194] TIMELOCK duration=72h action=upgradeContract status=pending

[0x2e5a...9b6c] PAUSE_READY council=3/5 signers=active ready=true ok

[0x9f4d...3a7b] MULTISIG threshold=3/5 confirmations=3 executed=true ok

[0x5c8e...2f9a] HYPERNATIVE anomaly=none block=18245632 latency=42ms ok

[0x4a7b...d31c] SANCTIONS block=true addr=0x7a2f...ee9d action=frozen ok

[0x1e9f...8c4d] BOUNTY tier=critical max=$250000 program=immunefi ok

[0xf3a2...547e] BLOCK_HASH 0x8b2c1f9e47a3d6a81d4c7e2b5f9a03... verified=true ok

[0xd1c5...89e4] CERTORA_PROOF invariant=conservation_of_principal status=verified ok

[0x6b4a...f127] DEPLOY_CHECK reproducible=true hash_match=true signer=multisig ok

[0xe28f...a3c4] DNS_DNSSEC valid=true registrar=locked provider=cloudfl ok

[0x3c9d...7e2f] CSP_POLICY strict=true sri_verified=true scripts=pinned ok

[0x7a1b...65cd] FREEZE_LOG addr=0xbad4...3fe2 reason=ofac_match action=frozen ok

[0xb8e2...94fa] INVARIANT_CHECK rule=no_reentrancy_in_state_mutating proved=true ok

[0x5f7d...2a91] BLOCK 18245633 hash=0x9c4e...2f1d finalized=true ok

[0x9a3e...c84b] BOUNTY_CLAIM payout=$50000 tier=high report=#0412 paid

[0x2d6f...71a8] COUNCIL_ROTATE timelock=7d action=pauseSystem status=queued

[0x7a2f...ee9d] CHAIN=ethereum BLOCK=18245631 EVENT=deposit.queued delay=24h status=ok

[0xb4d2...98fa] OFAC_SCREEN result=clear addr=0x3c2b...4e9f feed=chainalysis ok

[0xa8c1...62e4] SETTLEMENT delay=24h action=withdraw status=queued ok

[0x3f1b...27c8] AUDIT firm=cantina severity=none resolved=true ok

[0x8d3c...f194] TIMELOCK duration=72h action=upgradeContract status=pending

[0x2e5a...9b6c] PAUSE_READY council=3/5 signers=active ready=true ok

[0x9f4d...3a7b] MULTISIG threshold=3/5 confirmations=3 executed=true ok

[0x5c8e...2f9a] HYPERNATIVE anomaly=none block=18245632 latency=42ms ok

[0x4a7b...d31c] SANCTIONS block=true addr=0x7a2f...ee9d action=frozen ok

[0x1e9f...8c4d] BOUNTY tier=critical max=$250000 program=immunefi ok

[0xf3a2...547e] BLOCK_HASH 0x8b2c1f9e47a3d6a81d4c7e2b5f9a03... verified=true ok

[0xd1c5...89e4] CERTORA_PROOF invariant=conservation_of_principal status=verified ok

[0x6b4a...f127] DEPLOY_CHECK reproducible=true hash_match=true signer=multisig ok

[0xe28f...a3c4] DNS_DNSSEC valid=true registrar=locked provider=cloudfl ok

[0x3c9d...7e2f] CSP_POLICY strict=true sri_verified=true scripts=pinned ok

[0x7a1b...65cd] FREEZE_LOG addr=0xbad4...3fe2 reason=ofac_match action=frozen ok

[0xb8e2...94fa] INVARIANT_CHECK rule=no_reentrancy_in_state_mutating proved=true ok

[0x5f7d...2a91] BLOCK 18245633 hash=0x9c4e...2f1d finalized=true ok

[0x9a3e...c84b] BOUNTY_CLAIM payout=$50000 tier=high report=#0412 paid

[0x2d6f...71a8] COUNCIL_ROTATE timelock=7d action=pauseSystem status=queued

Security you can verify,
not just believe.

Independent audits, continuous monitoring, on-chain enforcement. Every layer leaves a public trail, no trust required.

Always-on · Public

Approach

Eight layers of defense

A failure in any single layer is caught by the next. Formally verified, continuously monitored, and guarded by a 24-hour min settlement delay on every withdrawal.

3 / 5 · Timelocked

Governance

3-of-5 multisig + timelocks

No single party can move funds or upgrade contracts. Every privileged action passes through a timelock before execution.

Response

Pre-rehearsed incident plan

On-call rotation, <15m target MTTR, public post-mortem within 7 days. Security Council can pause any contract instantly.

§ 01 · Architecture

Eight defenses.
Each a backstop for the others.

Most DeFi protocols stop at audits. We stack eight independent defenses so a failure in any one is caught by the next — sanctions at the edge, formal proofs at the core, and humans in the loop for everything between.

Oracle policy

Royco does not depend on any oracle tied to secondary liquidity — every price is either a fundamental oracle or a manually-maintained rate, updated based on an assessment of the underlying asset. This makes the protocol resistant to an entire class of price-manipulation attacks that have drained other DeFi systems.

§ 02 · Transparency

Complete audit history.
With every finding, nothing redacted.

Security claims mean nothing without evidence. Here is every audit report, competition, and formal-verification engagement Royco has undergone,
including the ones that found problems.

Firm

Engagement

Scope

Date

Report

Certora

Formal Verification

Core Invariants, Ongoing Specification Coverage

Ongoing

[ Coming soon ]

WatchPug

Pendle Integration

Royco Tranches Pendle SY

Apr 2026

Certora

Full Protocol Audit

Core Protocol Contracts and Entry Point

Apr 2026

Hexens

Pendle Integration

Royco Tranches Pendle SY

Apr 2026

Hexens

Entry Point and Integrations

Entry Point and New Markets

Apr 2026

Nethermind

Royco Makina Strategy

Bridge between Concrete Earn v2 and Makina

Mar 2026

Hexens

Full Protocol Audit

Core Protocol Contracts

Mar 2026

Cantina

Competitive Audit

Public Competition from Whitelist Perspective

Feb 2026

Hexens

Whitelist Review

Core Protocol from Whitelist Perspective

Jan 2026

Hexens

Full Protocol Audit

Core Protocol Contracts

Jan 2026

Certora

[ Coming soon ]

Formal Verification

Core Invariants, Ongoing Specification Coverage

Ongoing

WatchPug

Pendle Integration

Royco Tranches Pendle SY

Apr 2026

Certora

Full Protocol Audit

Core Protocol Contracts and Entry Point

Apr 2026

Hexens

Pendle Integration

Royco Tranches Pendle SY

Apr 2026

Hexens

Entry Point and Integrations

Entry Point and New Markets

Apr 2026

Nethermind

Royco Makina Strategy

Bridge between Concrete Earn v2 and Makina

Mar 2026

Hexens

Full Protocol Audit

Core Protocol Contracts

Mar 2026

Cantina

Competitive Audit

Public Competition from Whitelist Perspective

Feb 2026

Hexens

Whitelist Review

Core Protocol from Whitelist Perspective

Jan 2026

Hexens

Full Protocol Audit

Core Protocol Contracts

Jan 2026

External Audits

Concrete Makina

§ 03 · Governance

No hot wallet. No single signer.
No instant upgrades.

Every privileged action — upgrades, parameter changes, signer rotations — moves through a predictable, on-chain procedure depositors can watch in real time.

01

02

03

04

Proposed

Signed

Timelocked

Executed

(3-of-5 Multisig)

(24h-7d Timelock)

01Proposed

02Signed(3-of-5 Multisig)

03Timelocked(24h-7d Timelock)

04Executed

Breakdown of every privileged action by delay

Contract Upgrades48 hours

Oracle Swap24 hours

Risk Parameters48 hours

Fee Changes48 hours

Pausing/UnpausingInstant

Pause is the only instant action — it can only stop activity, never move value. Every other action sits in public for at least 24 hours before it can execute.

§ 04 · Emergency Response

Hope is not a plan.

We drilled for this way before.

We plan for failure. A security incident on Royco triggers a pre-rehearsed, on-call response — not a Slack thread at 3am.

Roster

Royco War Room

Hand-picked security engineers, and council members, — named, on-call, and rehearsed. When the alarm trips, the room is already live. No hunting for who’s on-call. No improvising the chain of command.

T + 0s

Detection24/7

On-call rotation

Hypernative or the security council detects an anomaly. On-call rotation is paged immediately.

T + 2m

Triage

Incident commander convenes the on-call engineers, and security council on a dedicated channel.

T + 15m

Containment<15m

Target MTTR

If the anomaly is confirmed, the security council executes an instant pause. Queue settlement halts.

T + 1h

Communication

A public post-to-known-channels status update is issued. Depositors are informed before markets are.

T + 24h

Post-mortem<7d

Public write-up

A written post-mortem is prepared and published within 7 days of containment.

§ 05 · Open Source

The source is the truth.
Fork it. Read it. Break it.

Every contract, test, and deployment script is public — the same files the auditors reviewed are the ones running in production.

roycoprotocol / royco-dawn

Core contracts, tests, and deployment scripts for Royco Dawn.

Soliditymain · deployed

§ 06 · Backed By

Investors who read reports.
Not just pitch decks.

We chose our investors as carefully as they chose us — funds with a long record of backing protocols that take security seriously.

Backed By

Electric CapitalNFXCoinbase Ventures

+ angels & operators

§ 07 · Curated Vaults

Vaults with nothing hidden.
Managed in public, not in private.

Alongside the core protocol, Royco offers curated vaults, a separate product with its own security surface. Here's exactly how it's built, and exactly who's accountable for what.

01Vault Tokens

srRoyUSDCSenior Royco USDC

02Managed byDialectic on Makina

ManagerDialectic

ContractsMakina, Concrete

Multisig3-of-5 (separate Safe)

Timelock48h on allocation changes

Upgrade GateConcrete 3-of-5 whitelist

03Allocated Across

Royco senior tranches

+ venues selected by Dialectic

04AccountabilityWho owns what

Royco ProtocolGovernanceThe eight layers above.

DialecticAllocation PolicyWithdrawal queue, vault allocations and rebalancing.

MakinaVault Contracts (Internal)Internal vault infrastructure, deployments and scripts for managing positions.

ConcreteVault Contracts (User Facing)User facing vault infrastructure and upgrades.

CounterpartiesDownstream VenuesRoyco senior tranches and venues selected by Dialectic — each has its own security surface.

Every allocation is on-chain and public — so you can always see exactly where your deposit sits.Deposit into Royco Senior USDC Vault

Deposit with confidence.

You've read the dossier. The contracts, the audits, the timelocks, the queue. From here, it's your call.

Explore Dawn Read the docs

[note]

This page documents the full security posture of Royco Dawn at public launch. The timelocks, queue delays, multisig, and monitoring described above become active the moment Dawn goes live for a public release. Specific parameters and implementation details remain subject to change until launch.

Your access to and use of the Royco Dawn protocol is at your own risk. The protocol and its interfaces are provided on an “as-is” and “as-available” basis without warranties of any kind, either express or implied. Displayed yield rates reflect current conditions, are variable, and are not guaranteed. Past performance, including backtested or modeled results, is not indicative of future outcomes. First-loss protection is conditional upon Junior tranche capitalization and may be insufficient to prevent loss of principal. Deposits into Royco Dawn are not bank deposits and are not insured by the FDIC or any other governmental agency. You should not deposit funds unless you understand the nature of the protocol and the extent of your exposure to risk.