Security Model

Non-Custodial vs. Sub-Account Architecture

FaaSFi employs a bifurcated security model to satisfy both DeFi purists and institutional regulators.

1. The DeFi Lane (Polymarket & Limitless)

• Architecture: Non-Custodial / Self-Custodial.

• Mechanism: FaaSFi never takes ownership of user funds for these trades. We use Smart Contract Wallets (such as Safe). The user deposits funds into a Safe where FaaSFi has "Execution" permissions but not "Withdrawal" permissions.

• Benefit: If FaaSFi is hacked, the attacker cannot drain user funds, as withdrawals require the user's private key signature.

2. The TradFi Lane (Kalshi)

• Architecture: Custodial (regulated).

• Mechanism: Funds are held in an Omnibus Account at a regulated clearing bank (e.g., via Kalshi's clearing partner).

• Ledgering: FaaSFi maintains a shadow ledger. When a corporate client deposits $1M, it is moved to the Omnibus account, but tagged with a Sub-Account ID specific to that client.

• Benefit: This provides the legal protections of the US banking system (FDIC pass-through where applicable) and regulatory oversight.

Key Management Systems (KMS)

To manage the "Session Keys" for Polymarket and the "RSA Keys" for Kalshi, FaaSFi uses an enterprise grade KMS.

• Hardware Security Modules (HSM): All protocol keys are stored in AWS KMS or a dedicated solution like Fireblocks.

• Signing Policy:

  • Keys never leave the secure enclave.

  • Signing operations are performed inside the HSM.

  • Rate Limiting & Anomaly Detection: The KMS is configured to reject signing requests that exceed a certain velocity (e.g., "Max $50k per minute"). This prevents a runaway bot or a compromised server from draining liquidity.