Loop Protocol v1.0 • March 2026

Security Architecture

Autonomous agent operation without sacrificing user custody.

System Architecture

USER DEVICE                    LOOP INFRASTRUCTURE              SOLANA
─────────────                  ───────────────────              ──────
┌──────────────┐               ┌──────────────────┐             
│ Passkey      │               │ Nitro Enclave    │             ┌─────────┐
│ (Secure      │◄─────────────►│                  │◄───────────►│ Vault   │
│  Element)    │  MPC signing  │ Agent runtime    │  Txs        │ Program │
└──────────────┘               │ + key share      │             └─────────┘
                               └──────────────────┘                  │
       │                              │                              │
       │                              │                              ▼
       │                       ┌──────────────────┐             ┌─────────┐
       │                       │ Squads Policy    │◄───────────►│ Policy  │
       └──────────────────────►│ Engine           │             │ Account │
              User approvals   └──────────────────┘             └─────────┘

Core Primitives

Key Management

MPC Threshold Signing

Keys split 2-of-3 via GG18/FROST protocol. Full private key never reconstructed.

Share	Location	Purpose
USER	Device SE	Authorization
AGENT	Nitro Enclave	Autonomous ops
BACKUP	Guardian/HSM	Recovery

Trusted Execution

AWS Nitro Enclaves

Isolated VMs with no admin access, no persistent storage, cryptographic attestation.

[01]Enclave image hashed (reproducible)

[02]Hash published to chain + audits

[03]KMS releases keys only if attestation matches

On-Chain Policy

Squads v4 Programmable Custody

Operation Thresholds

capture_rewardsAGENT

stack_lt_1000AGENT

stack_gt_1000AGENT+USER

external_transferAGENT+USER

fiat_extractionAGENT+USER+24H

Default Limits

daily_transfer_limit1,000 Cred

single_tx_limit500 Cred

auto_approve_stack1,000 Cred

settings_delay48h

Recovery

Social Recovery

Guardians3-of-5 + 7d timelock

Inheritance90d inactivity trigger

Device LossPasskey sync via iCloud/Google

Threat Model

In Scope

Loop infrastructure compromise

Malicious or buggy agent behavior

User device loss or theft

User incapacitation or death

Fraudulent value capture claims

Phishing and social engineering

Trust Assumptions

Hardware secure elements (Apple SE, Google Titan)

AWS Nitro attestation primitives

Solana validator consensus

Standard cryptographic primitives

We do not assume Loop's servers are trustworthy.

Capabilities Matrix

What Loop Cannot Do

Access user funds

Zero key shares held

Move user Cred

Requires passkey/guardians

Forge captures

ZK proofs verified on-chain

Block withdrawals

No veto authority

Access enclave memory

TEE isolation

Silent agent updates

Hash changes visible

What Users Can Always Do

View balance

Public chain data

Pause agent

1 sig, immediate

Revoke agent

1 sig, immediate

Withdraw all

1 sig + 24h

Change heir

1 sig + 48h

Guardian recovery

3/5 sig + 7d

Audit Schedule

Q2 2026

Solana Programs

OtterSec

Q2 2026

MPC Integration

Trail of Bits

Q2 2026

Enclave Code

NCC Group

Q3 2026

ZK Circuits

Veridise

Security Teamsecurity@looplocal.io