Treasury checks before funds move
Set treasury roles, limits, and delayed withdrawals before your team deposits material funds.
Permission Model
Who can do what
Teams should treat owner, spender, and guardian as separate operational roles. A small smoke test can reuse one wallet, but a production vault should not.
| Role | Can do | Cannot do | Recommended holder |
|---|---|---|---|
| Owner | Set policy, manage spenders and guardians, configure limits, fees, pause state, and recovery actions. | Bypass timelock for sensitive policy expansion. | Safe or multisig. |
| Spender | Withdraw to whitelisted destinations within the available daily limit, or queue a large withdrawal. | Change policy, add destinations, pause the vault, or withdraw to non-whitelisted addresses. | Operations wallet or limited hot wallet. |
| Guardian | Pause risky activity and cancel queued actions. | Move funds or expand policy. | Security or incident-response wallet. |
Setup
Create a vault
- Connect wallet and switch HyperEVM. The page asks Rabby, MetaMask, or another injected wallet to sign. Damocles does not receive your private key.
- Use the current official release. The app selects it automatically. The one-time creation fee is shown before signing.
- Set the owner. Use a Safe or multisig for production. A single EOA is acceptable only for smoke tests.
- Add spenders, guardians, and whitelist destinations. Whitelist entries should be actual treasury, exchange, payroll, or vendor destinations.
- Set the daily limit and timelock preset. This decides what can move immediately and what must wait.
- Review the summary, then sign. After the transaction confirms, paste or select the created vault address in the dashboard.
Daily Operations
Deposit and regular withdrawal
- Deposit HYPE or ERC20 from HyperEVM. HyperCore/perps balance is not vault balance. Move funds to HyperEVM first, then deposit from your wallet.
- Check available today. The dashboard shows balance, daily limit, spent today, available today, paused state, and active roles.
- Withdraw within limit. A spender can withdraw to a whitelisted destination if the amount is within the remaining daily limit.
- Read the preview before signing. The app explains whether the action uses daily limit, queues a timelock action, or changes policy.
Timelock
Large withdrawal flow
- Queue Large Withdrawal. Use this when the amount exceeds the available daily limit or when the team wants an explicit delay.
- Wait until executable time. v2 vaults use the timelock preset selected at creation. The queue center shows when execution is available.
- Cancel if needed. Owner or guardian can cancel queued actions before execution.
- Execute after the delay. Once ready, execute transfers funds to the whitelisted destination and marks the queued action as executed.
Controls
Admin and recovery actions
- Daily limit changes. Decreases can apply directly. Increases are queued because they expand spending power.
- Whitelist changes. Adding a destination is queued. Removing a destination is direct because it reduces risk.
- Guardian removal. Removal is queued so a compromised owner cannot instantly remove emergency oversight.
- Pause and unpause. Guardians can pause during an incident. Owner can unpause after review.
- Emergency withdrawal. Use only for recovery. It is policy-gated and should be documented in the team's runbook.
Trust
Checks before production funds
- Review the Trust Record. Compare official release records, registry, and vault addresses with the Trust page and HyperEVMScan.
- Confirm the domain. Wallet popups should show the deployed Damocles app domain and the expected HyperEVM contract address.
- Review asset addresses. Native HYPE uses the zero address. ERC20 tokens must match the real HyperEVM token contract.
- Start with a smoke amount. Test create, deposit, within-limit withdraw, queue, cancel or execute, pause, and unpause before larger deposits.
- Keep records. Save vault address, owner Safe, spenders, guardians, whitelist, limits, and timelock preset in your internal treasury runbook.