Core Security Principles

• Surge’s security posture is structured around architectural constraints rather than procedural controls.

  Non-Custodial by Design Surge does not assume custody of user assets or private keys. Asset control remains external to the protocol’s execution boundary.

  Layered Containment Security boundaries are enforced at multiple architectural layers. A compromise in one component does not automatically grant authority over ordering, execution, or settlement.

  Zero Implicit Trust Access and authority are conditionally granted based on measurable state and defined validation rules. No participant or component is granted unilateral execution or settlement authority by default.