# 5.2 Periodic Audit & Operational Risk Framework If smart contracts are code-level security, periodic audits and operational risk management constitute the security of the "living protocol." DOR overlays the following framework on top of the on-chain accounting structure (Section 2.5). #### 5.2.1 On-chain Accounting and Data Integrity DOR adopts a structure of real-time execution + daily on-chain commit (commit once per day) instead of writing every transaction on-chain in real-time (see Section 2.5). * Off-chain Indexing Layer * Records swaps, staking, liquidity movements, and transfers between Treasury/IRP/SOP/MOP in real-time. * Summary Data Aggregated Daily (UTC) * Organized into a JSON structure (pool balance changes, inflow/outflow, fees/burn/DAO share, etc.). * Stored on IPFS/Arweave with a SHA-256 or Keccak hash. * On-chain * Only the date, hash, storage link, and DAO signature are recorded. * This secures complete reproducibility while minimizing gas costs. This structure allows external auditors to confirm exactly what happened within the DOR protocol on any given date and verify it via on-chain hash, IPFS original, and Merkle Proof. #### 5.2.2 Asset Custody & Operation Risk Management All DOR asset pools (HLP, Treasury, IRP, external operation assets) follow the principle of fragmented custody. * Multi-Wallet Segmentation * MSP, RP, Operation Asset Pools, Treasury, and SAFU (Insurance Fund) are managed in separate independent wallets. * This fundamentally prevents a structure where a single wallet hack or key leak leads to total asset loss. * External Staking Risk Dispersion * No more than a certain percentage (e.g., 20%) of total operating assets is deposited in the same external protocol/platform. * Deposits are distributed across at least 3 independent protocols to prevent specific protocol risks from amplifying into systemic risk. * Insurance & SAFU Fund * The DAO operates a separate Secure Asset Fund for Users (SAFU) to provide minimum coverage for smart contract hacks, external attacks, or system errors. * The SAFU aims to maintain a size above a certain ratio (e.g., 0.5% or more) relative to circulating DOR, adjustable via DAO voting. #### 5.2.3 Auto-Freeze and Emergency Response Protocol DOR adopts a structure that puts the brakes on immediately rather than responding post-factum when system-level anomalies are detected. * Auto-Freeze Mechanism * If abnormal addresses (blacklist, MEV patterns, repeated failures) or abnormal transaction patterns (liquidity draining, repeated swaps in same block, attempts to maximize oracle discrepancy) are detected, the relevant segment wallet or swaps on a specific Route are automatically frozen. * Release is decided after verification by the DAO or an elevated Emergency Council. * Emergency Protocol * Upon detecting severe anomalies (oracle feed stop, sharp drop in pool balance, abnormally large transfers), new withdrawal requests, large swaps, and external bridge movements switch to a Pause state temporarily. * The DAO Emergency Council resolves a response plan within a predefined time (e.g., 12 hours). Decision logs and actions are recorded on-chain and on the dashboard for post-audit. #### 5.2.4 Periodic Audit & Transparency In addition to technical audits, DOR parallels periodic verification in governance, accounting, and regulation. * External Accounting/Regulatory Audit * If necessary (e.g., semi-annually or annually), asset custody details, SAFU accumulation ratios, external staking positions, and DAO Treasury operation details can be verified by external accounting firms or security agencies. * Summaries are recorded on-chain, full texts in distributed storage. * DAO Dashboard & Real-time Monitoring * Holdings of all pools, liquidity ratios, staking balances, and key indicators (CRR, LR, σ\_sup, etc.) are disclosed in real-time or near real-time on the DAO dashboard. * Utilizing chain indexing (The Graph, etc.) guarantees transaction log integrity. * Open Source Smart Contracts * Core operation contracts are maintained in public repositories and Block Explorer Verified states, allowing anyone to review code and verify against on-chain states. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://tripleplus-1.gitbook.io/dor/dor-whitepaper-english/5.-security-and-risk-management/5.2-periodic-audit-and-operational-risk-framework.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.