# 7.2 - Security Model

nest is **non-custodial**: it doesn’t hold your wallet funds, and **transactions are final** (no reversals). That means your operational hygiene matters.

### Team security&#x20;

Operationally, the team uses:

* a **3-of-5 multisig** for core protocol functions
* a **separate treasury multisig** for holdings
* dedicated signing keys + hardware authentication for multisig operations

This reduces single-key failure risk and separates operational controls from treasury custody.

### What nest is designed to protect

* **Conservative core design:** keep the most sensitive logic (pricing + liquidity accounting) more immutable, with extensibility pushed to the edges (plugins/hooks).&#x20;
* **Constrained governance:** veNEST coordination is designed to direct incentives/value routing — not to arbitrarily drain funds or override core protections.
* **Operational security practices:** multisig + key separation are referenced as core mitigations where admin controls exist.&#x20;

### What nest cannot protect you from

* **Market outcomes:** volatility, IL, slippage/price impact, adverse selection.&#x20;
* **Profitability:** no guaranteed APR/returns.&#x20;
* **User error & phishing:** wrong address, malicious approvals, fake sites, compromised devices.

### User safety rules (non-negotiable)

* Team will **never DM you first**.
* Never share seed phrases/private keys.
* Bookmark official links, avoid lookalike domains.
* Be careful with approvals; revoke what you don’t need.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.usenest.xyz/protocol-and-security/7.2-security-model.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.