Composition seams¶
ELI5: Where two protocols plug together — the risky edges. The flywheel has four pillars; some repos are intentionally outside the loop.
In-scope flywheel seams¶
| Seam | From → To | Mechanism |
|---|---|---|
| Fee ingress | Coil → CoilFeeRouter | USDC harvest |
| Keep funding | CoilFeeRouter → CoilMaker / vault | keep_bps deposit path |
| Surplus | CoilFeeRouter → TareEngine | Swap + donate |
| Surplus split | Engine → SurplusSplitter → sTARE + Keep | Skim |
| Governance | GaugeController → GaugeWeightRouter → Keep | set_allocations |
| Bribes | CoilFeeRouter → BribeDistributor | gauge_bps USDC |
| Market making | CoilMakerStrategy → Coil | EIP-1271 intents |
flowchart TD
subgraph inScope [In-scope four pillars]
TARE[TARE]
Keep[Keep]
Coil[Coil]
veForge[veForge]
end
Coil -->|fees| TARE
Coil -->|keep_bps| Keep
Coil -->|gauge_bps| veForge
TARE -->|surplus split| Keep
veForge -->|allocations| Keep
Keep -->|CoilMaker| CoilOut of scope (by design)¶
| Repo | Reason |
|---|---|
tribute/ |
Standalone payments — no Sepolia binding |
SnekSentry/ |
Monitoring tooling — not value path |
AGENTS_FLYWHEEL/ |
Read-only security agents |
Known composition fixes¶
| ID | Fix |
|---|---|
| COMP-2 | ALLOCATOR_ROLE on vault — router cannot full manager |
| COMP-4 | Document out-of-scope repos explicitly |
| FMR-002 | CoilFeeRouter redeploy — correct keep deposit path |
Verification tooling¶
- Composition auditor —
AGENTS_FLYWHEEL/agents/security/composition_auditor/ - deploy_verifier — address drift vs manifests
- stresssim — adversarial economic scenarios
What can go wrong¶
Seam risks
- Bare USDC transfer to vault without
deposit— does not credittotal_idle(FLYWHEEL 2.0 addressed in router) - Stale address in marketing HTML vs on-chain manifest
- Gauge epoch lag — votes apply weekly, not instantly
See internal review: reviews/composition-review-2026-06/