Security model
Vestige security depends on strict role checks, timestamp-based state, bounded token claims, correct deployed addresses, and careful user configuration.
Contract boundaries
The contract enforces onchain rules only. It cannot verify real-world death, legal heirship, or user intent beyond signed transactions.
- Owner controls active vaults.
- Heir controls claims only after the timestamp condition matures.
- Admin pause does not grant user asset access.
- Cleanup requires empty native and active token balances.
Timing risks
Timing values are security parameters. Too short a window can transfer assets unexpectedly; too long a window can make inheritance impractical.
Token risks
Native USDC is the primary tested path. ERC20 token support is generic and should be treated carefully for non-standard tokens.
- Fee-on-transfer behavior may credit less than requested.
- Rebasing balances may not match ordinary user expectations.
- Malicious tokens can create strange transfer behavior.
- Token claims are separated to avoid gas-DoS from arbitrary lists.
Frontend risks
The frontend is a safety boundary for humans even when the contract is the source of truth.
- Show deployed contract address and network clearly.
- Map custom errors to readable explanations.
- Never hide wallet warnings about non-contract addresses.
- Avoid showing owner controls after a vault is claimed.
- Warn users before dangerous cleanup or receiver changes.
Legal note
Vestige is a technical protocol, not legal advice. Users with meaningful assets should combine technical inheritance tools with qualified real-world estate planning.