> ## Documentation Index
> Fetch the complete documentation index at: https://docs.saffron.finance/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust Model

> Users control their funds trustlessly; only privileged roles can configure or deploy vaults.

### Factory Owner

The factory owner controls protocol-level settings but cannot access user funds or modify deployed vaults.

**Can:**

* Add or revoke vault and adapter contract types
* Set fee parameters and the fee receiver
* Set default deposit tolerance for adapters
* Deploy adapters and create vaults
* Initialize vault parameters (capacity, duration, asset type)

**Cannot:**

* Modify or upgrade deployed vaults
* Access or withdraw user funds
* Renounce ownership (`renounceOwnership()` is disabled to prevent unowned factory risk)

Ownership transfers use `Ownable2Step` for added safety.

### Users

Users interact with vaults trustlessly — no administrator can access or gate their funds.

* Funds are fully withdrawable prior to vault start
* Once active, funds are locked only by the vault's configured duration (not by any admin control)

### External Dependencies: Uniswap V3

Vaults rely on Uniswap V3 for liquidity provisioning, fee accounting, and NFT position management.

* AMM performance, tick behavior, and fee generation are external to the protocol
* Adapter validation ensures only authentic Uniswap V3 pools are used