Fungi Studio Docs
  • Welcome
  • Get Started
    • Quickstart
  • Basics
    • Projects
    • Graphs
    • Tools
    • Personas
    • Schemas/Databases
    • UI Components
    • Pages/Apps
  • hi, i'm mushy
    • what i do
    • how i work
    • my yield sources
    • how to get started
    • security
    • fees
    • $fungi incentive campaign
    • protocol rewards & incentives
    • glossary
    • faqs
    • support & contact
    • legal
      • Privacy Policy
      • Terms & Conditions
Powered by GitBook
On this page
  1. hi, i'm mushy

security

Mushy is built with a non-custodial smart account architecture where all transactions are executed onchain using limited-scope session keys giving users full ownership and control of their funds.

🧠 smart account security

your funds are held in a smart contract account that only you control. mushy operates within this account using pre-approved permissions, allowing it to move funds only between selected, audited defi protocols (e.g., aave, morpho, fluid, and moonwell). session keys are scoped to specific actions like deposit, withdraw, or claim — they cannot perform arbitrary transactions or access your broader wallet.

although mushy doesn’t use custom contracts to custody or manage funds directly, all underlying protocols integrated into the strategy are widely audited and battle-tested. users can revoke session keys or disconnect their wallet at any time, regaining full control over their assets without third-party intervention.

🚪 access controls

authentication is wallet-based. whether users onboard via an eoa or social login, access rights are embedded directly in their smart contract account. session keys are configured to:

  • interact only with whitelisted contracts (e.g., specific defi pool or vaults)

  • operate within defined timeframes

  • execute specific functions (e.g., deposit(), withdraw())

  • obey maximum transaction limits

this setup avoids broad or catch-all permissions. all permissions are granular, auditable, and revocable to minimize attack surface and ensure trustlessness.

⚠️ risk management

mushy’s strategy prioritizes stable, onchain yield sources and avoids experimental or high-volatility positions. protocols are selected based on:

  • historical security track record

  • liquidity depth and utilization metrics

  • presence of insurance or safety modules

  • ongoing monitoring for risk events and exploits

every user action and agent-triggered transaction is recorded onchain and visible through the dashboard, allowing full transparency and traceability. users can always withdraw back to $usdc, and all operations are designed with capital preservation as a core principle.

Previoushow to get startedNextfees

Last updated 28 days ago