# Security We've built Harpie's security with a great amount of care. Three core principles have guided our design: 1. Avoid custodianship of assets 2. Immutability > mutability 3. Avoid single points of failure ### Avoiding custodianship Harpie avoids custodianship by never allowing ourselves to withdraw users' stored tokens from our Vault. Users must explicitly designate a wallet address that's able to withdraw their stored assets. This layer of security makes sure that the most vulnerable side of smart contracts--token transfers--are airtight. [Read more](https://harpie.gitbook.io/welcome-to-the-harpie-docs/tech-and-security/contracts/noncustodial-vault). ### Immutability A large issue in smart contract security is the usage of mutable (changeable) variables. Harpie's contracts have immutable code and immutable address parameters (with the exception being the `feeController`). This ensures that users know exactly where their assets are being sent at all times. ### Avoiding single points of failure Because Harpie is not a decentralized protocol, we utilize admin addresses to handle essential functions, like calling frontrunning functions and reducing user fees. We've designed the system to have multiple admin roles, with each of these admin roles designed to be controlled by different parties and check-and-balance one another. Emergency roles exist to further augment this set of checks-and-balances. By doing so, we reduce the possibility and nullify the damages of any admin address hijacking. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://harpie.gitbook.io/welcome-to-the-harpie-docs/tech-and-security/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.