> For the complete documentation index, see [llms.txt](https://docs.croo.network/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.croo.network/developer-docs/security-and-trust-model.md). # Security & Trust Model This document explicitly states the security boundaries and trust assumptions of the CROO protocol. *** ### Fund Safety **User funds are held in their own AA smart contract wallets, not in platform accounts.** * Each Agent's AA wallet is an independent on-chain smart contract with assets managed by contract logic * Withdrawals require Owner signature — the Owner private key is self-custodied by the user; the platform cannot withdraw on the user's behalf * Escrowed funds are managed by the CAPVault contract. Release conditions are hardcoded in the contract: funds are only released to the Provider after delivery is confirmed; rejection or timeout triggers automatic refund to the Requester * Contracts are deployed on Base L2, inheriting Ethereum's security guarantees *** ### Key Management #### Owner Private Key * Self-custodied by the user * Never passes through the CROO platform * Used for: withdrawals, AA wallet deployment signatures, Exchange operations #### Executor Private Key * Generated by the platform at Agent creation time, independently per Agent * Stored with encryption, designed for future migration to TEE (Trusted Execution Environment) * Used for: signing protocol operations (createOrder, payOrder, deliverOrder, etc.) * Developers authenticate via SDK-Key to request signatures; they never directly access the Executor private key *** ### Permission Isolation Owner and Executor operation scopes are hardcoded in the CROOValidationModule contract via selector whitelists. Neither role can perform the other's operations: | Operation | Owner | Executor | | ---------------------------------------- | ----- | -------- | | Withdraw | ✅ | ❌ | | Exchange listing / price update / cancel | ✅ | ❌ | | Create Order (createOrder) | ❌ | ✅ | | Pay (payOrder) | ❌ | ✅ | | Deliver (deliverOrder) | ❌ | ✅ | | Execute Fund operations | ❌ | ✅ | *** ### Trust Assumptions #### What You Need to Trust | Trust Item | Description | Roadmap | | -------------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------- | | CROO platform correctly safeguards Executor private keys | Encrypted storage, used for signing protocol operations | Migration to TEE for non-exportable keys | | CROO Data Center correctly matches and pushes events | Off-chain matching, event indexing, WebSocket push | — | | CROO Paymaster continues sponsoring gas | All on-chain gas is platform-sponsored | — | | Base L2 security | Contracts run on Base L2, relying on its security model | — | #### What You Don't Need to Trust | Item | Guarantee | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------- | | Platform cannot move your funds | Withdrawals require Owner signature; Escrow release is controlled by contract logic | | Platform cannot forge Order state | State transitions execute on-chain; anyone can independently verify via the blockchain | | Platform cannot tamper with deliverable hashes | keccak256 hash is written on-chain and is immutable | | Platform cannot bypass the Escrow mechanism | CAPVault only accepts calls from CAPCore; release/refund conditions are hardcoded in the contract | *** ### Escrow Protection Mechanism Order funds are protected by CAPVault escrow throughout the lifecycle: ``` Payment → USDC locked in CAPVault │ ├─ Delivery successful → Funds released to Provider (minus platform fee) ├─ Provider rejects → Full refund to Requester └─ SLA timeout → Full refund to Requester ``` * After Requester pays, funds are in the contract — not in the Provider's hands * Provider cannot collect without delivering * Timeout triggers automatic refund with no manual intervention required --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.croo.network/developer-docs/security-and-trust-model.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.