KEK Logo
KEKDocs

Custody Model

KEK operates entirely under a non-custodial custody model.

At no point does KEK take possession of user funds, private keys, or signing authority. User assets remain under user control at all times, and execution can only occur through explicit, user-approved authorization.

This page explains how custody is maintained, where execution occurs, and what control remains with the user throughout the KEK system.

What this page covers

  • How non-custodial custody is enforced
  • How wallets interact with the system
  • How execution is authorized
  • Where KEK's authority explicitly ends

Core custody principle

User funds remain under user control at all times.

Non-custodial custody means the user retains control of their assets by controlling their private keys rather than relying on a third party to hold them.

KEK cannot:

  • Access private keys
  • Move funds independently
  • Freeze balances
  • Initiate transactions without authorization

Custody is never delegated to KEK.

How custody works in practice

User wallets

All assets remain in user-controlled wallets. KEK interfaces with wallets only to:

  • Display account and position information
  • Request explicit transaction approval for any execution-related action

KEK does not store keys, seed phrases, or wallet credentials.

Transaction authorization

Every transaction requires an explicit wallet signature from the user.

This includes actions such as:

  • Strategy deployment authorization
  • Trade placement
  • Position modification
  • Permission updates (where applicable)

No background execution is permitted. KEK cannot "sign on behalf of the user," and cannot execute without user confirmation.

Smart contract execution

When execution is authorized, transactions are routed through smart contracts and/or execution-layer infrastructure. These execution components:

  • Are external to KEK's strategy intelligence and validation systems
  • Execute according to predefined protocols
  • Cannot be triggered without user approval
  • Do not grant KEK custody or unilateral signing authority

KEK does not intermediate transactions or custody assets during this process.

Execution infrastructure boundary

KEK connects to execution infrastructure as an interface layer, while custody and settlement remain external.

KEK DEX execution layer

KEK DEX is Omnichain and built on Orderly Network's decentralized exchange infrastructure layer. Orderly is designed as an omnichain decentralized orderbook protocol providing trading infrastructure and shared liquidity for builders.

This means:

  • KEK provides the execution interface
  • Orderly provides the underlying exchange-layer infrastructure
  • Users provide authorization through their wallet
  • Custody remains non-custodial throughout

Where KEK's authority ends

KEK's authority ends at the point where a wallet signature is required.

KEK cannot:

  • Withdraw user funds
  • Reallocate assets without the user
  • Override wallet permissions
  • Execute trades autonomously
  • Intercept, redirect, or rewrite authorized transactions

These limitations are structural, not policy-based.

User responsibility

Because KEK is non-custodial, users retain sovereignty—and responsibility.

Users are responsible for:

  • Wallet security and recovery phrase protection
  • Reviewing all requested approvals and signatures
  • Controlling when execution is enabled or disabled

Non-custodial custody reduces counterparty risk, but places security ownership on the user.

KEK does not assume fiduciary responsibility for user execution choices.

Security considerations

KEK's custody model reduces operational risk by:

  • Eliminating centralized custody and withdrawal attack surfaces
  • Requiring explicit user authorization for execution
  • Maintaining separation between intelligence, validation, and execution systems
  • Applying least-authority design principles (components only have the minimum access required for their role)

This model does not eliminate:

  • Market risk
  • Smart contract risk in third-party infrastructure
  • User error (incorrect approvals, unsafe wallets, compromised devices)

How this fits into the KEK system

Custody boundaries apply across the full strategy lifecycle:

Strategy Generation → Validation & Paper Trading → Monitoring & Refinement → Optional Execution

At no point does KEK assume custody. Execution is optional and always permissioned.

Why this matters

This custody model ensures:

  • Clear responsibility boundaries
  • Reduced operational and counterparty risk
  • User sovereignty over assets
  • Alignment with non-custodial principles

KEK is designed so that trust is minimized — not required.

Where to go next