Circuit: Execution-Layer Circuit Breakers for Hyperliquid Trading Agents

Abstract

Automated trading agents on Hyperliquid currently enforce risk limits through system prompts and client-side logic—mechanisms that fail under computational pressure or adversarial conditions. Circuit moves risk validation to the execution layer by wrapping the Hyperliquid precompile with a HyperEVM policy contract. Every order is validated against declared constraints (position size, daily loss, leverage) before reaching the L1 order book. Violations revert on-chain. The result is a composable, auditable risk boundary that agents cannot override. We provide a TypeScript SDK that integrates as a drop-in replacement for existing Hyperliquid client libraries.

Motivation

The Problem: Prompt-Level Risk Mangement Does Not Hold

Trading agents on Hyperliquid are constrained by system prompts. A typical agent instruction might read:

You must not exceed a 5 BTC position. Daily losses beyond $50,000 trigger a halt. Never lever above 10x.

These rules are advisory. Under market stress—high volatility, latency spikes, or competitive pressure for alpha—agents routinely violate them. The agent sees an opportunity, the reasoning loop speeds up, the prompt constraint is deprioritized by the LLM's next-token prediction, and the order executes outside policy.

This is not a training problem. It is an architecture problem. Client-side rules lose enforcement power as soon as the environment becomes adversarial (market pressure, network latency, computational load).

Why This Matters for Capital Allocation

Risk management for algorithmic strategies traditionally lives in hard stops: circuit breakers, position limiters, and margin calls enforced by the exchange. Hyperliquid's perpetual market is decentralized. There is no central authority to enforce a halt.

Today's agent operators solve this by:

Running agents on smaller accounts and monitoring logs manually
Trusting that the agent's LLM reasoning will hold under pressure (it won't)
Using crude on-chain limits on transaction frequency (coarse-grained, expensive)

None of these scale to agents managing significant capital. Risk operators need a primitive: a machine-checkable, cryptographically signed boundary that cannot be overridden by the agent's control loop.

The Execution-Layer Answer

Hyperliquid's architecture separates intent from execution. Agents submit orders as transactions to HyperEVM, which forwards them to the L1 order book. This separation creates a natural enforcement point.

Circuit inserts itself at that boundary. Before an order transaction executes, Circuit's policy contract validates it against declared constraints. If validation fails, the transaction reverts—the order never reaches the order book. If validation passes, the order executes atomically.

This changes the trust model. The agent is no longer responsible for enforcing its own constraints. The constraint is a contract invariant, checked and logged on-chain. The agent can be arbitrarily aggressive, arbitrarily pressured, or even compromised; it cannot spend more than its policy allows.

Background

Hyperliquid's Architecture

Hyperliquid operates as a decentralized perpetual exchange with two layers:

L1 Order Book: A blockchain-validated, sequenced order book. All trades settle against this canonical book.
HyperEVM: An EVM-compatible smart contract layer deployed on Hyperliquid's L1. Smart contracts on HyperEVM can dispatch orders to the L1 order book via the exchange precompile.

Agents interact with HyperEVM by calling the exchange precompile. The precompile is the sole trusted entry point for order submission. It executes synchronously and returns success/failure.

This architecture is documented in Hyperliquid's protocol specification. The exchange precompile accepts structured order data and validates basic format constraints (signature, account nonce, asset ID) before forwarding to the order book.

Related Work: Risk Limits in Decentralized Trading

The problem of enforcing risk limits in decentralized systems has been addressed in narrower contexts:

EIP-7716: Anti-MEV Transaction Ordering Precompile proposes a contract-level mechanism to enforce ordering constraints at the protocol layer. It establishes the principle that protocol-enforced constraints are stronger than client-side ones. Circuit applies the same principle to risk parameters.

Flash Loan Limitations and Balancer V2 Guarded Launches (Balancer's design docs) demonstrate how on-chain contracts can enforce invariants on balance changes. Circuit uses a similar pattern: compare state before and after an order, enforce policy invariants, revert if violated.

Market Microstructure Studies on Stop-Loss Execution (e.g., work by Brunnermeier and others) establish that client-side stops fail under stress and that externally enforced stops are necessary for risk management at scale. Circuit is the execution-layer equivalent.

Architecture

High-Level Component Diagram

┌─────────────────────────────────────────────────────────┐
│                    Hyperliquid L1                       │
│              (Order Book + Sequencing)                  │
└────────────────────┬────────────────────────────────────┘
                     ▲
                     │ (order submission)
                     │
┌────────────────────┴────────────────────────────────────┐
│                   HyperEVM Layer                        │
│  ┌──────────────────────────────────────────────────┐  │
│  │      PolicyVault Contract                        │  │
│  │  ┌────────────────────────────────────────────┐  │  │
│  │  │ Validation Engine                          │  │  │
│  │  │  - Check position size                     │  │  │
│  │  │  - Check daily loss                        │  │  │
│  │  │  - Check leverage                          │  │  │
│  │  │  - Check asset whitelist                   │  │  │
│  │  └────────────────────────────────────────────┘  │  │
│  │  ┌────────────────────────────────────────────┐  │  │
│  │  │ State Trackers                             │  │  │
│  │  │  - Position accumulator (per asset)        │  │  │
│  │  │  - P&L accumulator (daily)                 │  │  │
│  │  │  - Policy metadata                         │  │  │
│  │  └────────────────────────────────────────────┘  │  │
│  └──────────────────────────────────────────────────┘  │
└───────────────────────────────────────────────────────┘
     ▲
     │
     │ (TypeScript SDK)
     │
┌────┴──────────────────────────────────────────────────┐
│            Circuit SDK (Client Layer)                 │
│  ┌────────────────────────────────────────────────┐  │
│  │ Policy Manager                                 │  │
│  │  - Deploy policy contracts                    │  │
│  │  - Encode policy parameters                   │  │
│  │  - Track policy state                         │  │
│  └────────────────────────────────────────────────┘  │
│  ┌────────────────────────────────────────────────┐  │
│  │ Order Router                                   │  │
│  │  - Intercept order calls                      │  │
│  │  - Route through PolicyVault                  │  │
│  │  - Emit local breach warnings                 │  │
│  └────────────────────────────────────────────────┘  │
│  ┌────────────────────────────────────────────────┐  │
│  │ Monitoring & Analytics                         │  │
│  │  - Parse PolicyBreach events                  │  │
│  │  - Track utilization vs. limits               │  │
│  │  - Export metrics                             │  │
│  └────────────────────────────────────────────────┘  │
└───────────────────────────────────────────────────────┘
     ▲
     │
┌────┴──────────────────────────────────────────────────┐
│      Agent (Autonomous or Manual)                     │
└───────────────────────────────────────────────────────┘

PolicyVault Contract

PolicyVault is a HyperEVM contract that wraps the Hyperliquid exchange precompile. It holds policy state and validates orders before forwarding them.

State Structure

State Variable	Type	Purpose
`owner`	`address`	Policy setter and withdrawal account
`policy`	`Policy` struct	Active risk parameters
`positions`	`mapping(asset => int128)`	Current net position per asset in lots
`dailyPnL`	`mapping(uint256 => int256)`	Cumulative P&L by calendar day (UTC)
`lastOrderTimestamp`	`uint256`	Timestamp of most recent order for rate-limiting
`policyVersion`	`uint256`	Nonce for policy updates
`enabled`	`bool`	Circuit breaker on/off switch

Policy Struct

struct Policy {
  uint256 maxPositionPerAsset;     // notional limit per asset
  int256 dailyLossLimit;           // max loss in USDC per UTC day
  uint8 maxLeverage;               // max leverage * 10 (e.g., 100 = 10x)
  uint256 allowlistedAssetsCount;
  mapping(bytes32 => bool) allowlistedAssets;  // asset IDs
  uint256 enabledAt;               // timestamp policy took effect
}

Core Methods

submitOrder(Order calldata order) external returns (bool success)

Entry point for agent order submission. The method:

Validates order signature (delegate to exchange precompile)
Applies policy checks (see validation rules below)
If all checks pass, calls the exchange precompile to submit the order
Updates state trackers (positions, P&L) based on order details
Emits OrderApproved event
Returns true

If any check fails, reverts with a descriptive reason code.

updatePolicy(Policy calldata newPolicy) external

Allows policy owner to update limits. New policy takes effect immediately for subsequent orders. Previous orders continue to use the policy version they were submitted under (stored in event logs for audit). Increments policyVersion.

withdrawLiquidity(uint256 amount) external onlyOwner

Transfers collateral out of the vault. Checked against current portfolio mark-to-market to prevent over-withdrawal (optional security measure).

Validation Rules

Before an order is forwarded to the exchange precompile, the following checks execute in sequence:

Check	Condition	Reverts If
Enabled	`policy.enabled == true`	Circuit is disabled
Signature	Order signature is valid	Signature verification fails
Asset Whitelist	Asset ID in order is in `allowlistedAssets`	Asset not allowed
Position Size	Resulting position ≤ `policy.maxPositionPerAsset`	Would exceed position limit
Daily Loss	Cumulative P&L for today ≥ `policy.dailyLossLimit`	Would exceed daily loss limit
Leverage	Order leverage ≤ `policy.maxLeverage / 10`	Leverage too high
Nonce	Order nonce increments monotonically	Nonce reuse or replay

Position and P&L are recalculated on every order submission using mid-market prices fetched from Hyperliquid's price feed (accessible in HyperEVM context).

Circuit SDK (TypeScript)

The SDK provides a drop-in interface for existing Hyperliquid trading agents. It handles contract deployment, order routing, and monitoring.

Core Classes

PolicyDeployer

class PolicyDeployer {
  async deployPolicy(params: PolicyParams, signer: Signer): Promise<string>
  // Returns PolicyVault contract address
  
  async updatePolicy(vaultAddress: string, newParams: PolicyParams, signer: Signer): Promise<TransactionHash>
}

CircuitOrder

class CircuitOrder {
  constructor(vaultAddress: string, hyperliquidClient: HyperliquidClient)
  
  async placeOrder(order: OrderRequest): Promise<OrderResult>
  // Validates order client-side, routes through vault, returns result
  
  async cancel(orderId: string): Promise<TransactionHash>
  async modify(orderId: string, newSize: number): Promise<TransactionHash>
}

PolicyMonitor

class PolicyMonitor {
  constructor(vaultAddress: string, provider: HyperliquidProvider)
  
  async getUtilization(): Promise<Utilization>
  // Returns: { positionUtilization: Map<asset, fraction>, dailyLossUtilization: fraction }
  
  async watchBreaches(callback: (breach: PolicyBreach) => void): void
  // Subscribes to PolicyBreach events emitted by vault
}

Integration Patterns

For ElizaOS agents:

import { Circuit } from '@circuit/sdk';

const circuit = new Circuit({
  vaultAddress: '0x...',
  policy: {
    maxPositionPerAsset: 5e8,  // 5 BTC in sats
    dailyLossLimit: -50e6,     // -$50k USDC
    maxLeverage: 10,
  }
});

// Drop-in for HyperliquidClient.placeOrder()
agent.setOrderHandler(circuit.placeOrder.bind(circuit));

For custom trading bots:

import { CircuitOrder } from '@circuit/sdk';

const orderer = new CircuitOrder(vaultAddress, hyperliquidClient);

try {
  const result = await orderer.placeOrder({
    asset: 'BTC',
    isLong: true,
    sz: 2.5,
    leverage: 5,
    orderType: 'limit',
    limitPx: 95000
  });
  console.log('Order submitted:', result.txHash);
} catch (err) {
  if (err.code === 'POSITION_LIMIT_EXCEEDED') {
    console.log('Order blocked by circuit policy');
  }
}

Monitoring & Observability

PolicyMonitor emits structured logs:

[2025-07-15T14:32:10Z] ORDER_APPROVED
  vault: 0x...
  order_id: 12345
  asset: BTC
  side: long
  size: 2.5
  leverage: 5x
  new_position: 4.2 BTC
  position_utilization: 0.84

[2025-07-15T14:35:20Z] POLICY_BREACH
  vault: 0x...
  reason: POSITION_LIMIT_EXCEEDED
  attempted_position: 6.5 BTC
  limit: 5.0 BTC
  reverted_order_id: 12347

[2025-07-15T14:40:00Z] DAILY_LOSS_LIMIT_REACHED
  vault: 0x...
  cumulative_loss: -$50,018
  limit: -$50,000
  reset_at: 2025-07-16T00:00:00Z

Protocol / Mechanism

End-to-End Order Flow

The following sequence diagram shows a single order submission with policy validation:

Agent            Circuit SDK          PolicyVault         HyperEVM          L1 Order Book
  │                  │                     │                 │                  │
  ├─ placeOrder()───>│                     │                 │                  │
  │                  │                     │                 │                  │
  │                  ├─ Client-side ───────┤                 │                  │
  │                  │ signature            │                 │                  │
  │                  │ & nonce check        │                 │                  │
  │                  │                      │                 │                  │
  │                  ├─ Call submitOrder()─>│                 │                  │
  │                  │ with serialized      │                 │                  │
  │                  │ order                │                 │                  │
  │                  │                      │                 │                  │
  │                  │    ┌─────────────────┤                 │                  │
  │                  │    │ Policy checks:   │                 │                  │
  │                  │    │ 1. Enabled?      │                 │                  │
  │                  │    │ 2. Asset allowed?│                 │                  │
  │                  │    │ 3. Position OK?  │                 │                  │
  │                  │    │ 4. Loss OK?      │                 │                  │
  │                  │    │ 5. Leverage OK?  │                 │                  │
  │                  │    └─────────────────┤                 │                  │
  │                  │                      │                 │                  │
  │                  │   [PASS] ────────────├─ Call exchange()│                  │
  │                  │                      │ precompile ────>│                  │
  │                  │                      │                 ├─ Submit order ──>│
  │                  │                      │                 │ to book          │
  │                  │                      │                 │<─ Seq# & ack ────│
  │                  │                      │<─ return true ──│                  │
  │                  │                      │                 │                  │
  │                  │ ┌────────────────────┤                 │                  │
  │                  │ │ Update state:      │                 │                  │
  │                  │ │ - positions        │                 │                  │
  │                  │ │ - dailyPnL         │                 │                  │
  │                  │ │ - policyVersion    │                 │                  │
  │                  │ │                    │                 │                  │
  │                  │ │ Emit OrderApproved │                 │                  │
  │                  │ └────────────────────┤                 │                  │
  │                  │                      │                 │                  │
  │<─ result ────────│<─ return TxHash ─────│                 │                  │
  │                  │                      │                 │                  │

Detailed State Transitions

Scenario 1: Order Accepted

Agent calls CircuitOrder.placeOrder(orderRequest)
SDK serializes order and calls PolicyVault.submitOrder(order)
PolicyVault runs validation checks (see table above)
All checks pass
PolicyVault calls exchange precompile with order data
Exchange precompile submits order to L1 order book
PolicyVault updates state:
- positions[asset] += orderSize
- If position crosses zero, record realized P&L
- dailyPnL[today] -= loss (or += gain)
- lastOrderTimestamp = now
- policyVersion unchanged
PolicyVault emits event OrderApproved(orderId, asset, size, position, tx)
SDK returns { success: true, txHash, orderId }
Agent receives confirmation and logs position update

Scenario 2: Policy Breach (Position Limit)

Agent calls CircuitOrder.placeOrder(orderRequest) with size 3 BTC
Current position is 2.5 BTC, limit is 5 BTC
Resulting position would be 5.5 BTC
PolicyVault.submitOrder() reaches position check, finds 5.5 > 5
Transaction reverts with reason POSITION_LIMIT_EXCEEDED
No state update occurs; nonce is not incremented
SDK catches revert and emits local breach event
Circuit SDK may emit alert: "Position limit would be exceeded. Current: 2.5 BTC, Limit: 5.0 BTC"
Agent receives { success: false, reason: 'POSITION_LIMIT_EXCEEDED' } and can retry with smaller size

Scenario 3: Policy Update (Risk Reduction During Market Volatility)

Risk operator calls PolicyDeployer.updatePolicy(vaultAddress, { maxLeverage: 5 })
PolicyVault.updatePolicy() receives new policy struct
policyVersion increments
New policy becomes effective immediately for next order
All in-flight orders submitted before the update use the previous policy version (if challenged later, can be audited)
SDK monitors and logs: POLICY_UPDATED: version 1 -> 2

Constraint Interaction Matrix

How constraints interact when multiple limits are close to breached:

Scenario	Position Limit	Daily Loss	Leverage	Outcome
Order OK on all	20% util	10% util	6x/10x	Approve
Order hits position	95% util	20% util	6x/10x	Reject: position
Order hits loss first	50% util	98% util	5x/10x	Reject: loss (checked before position)
Order OK, daily reset	30% util	-$51k (limit -50k)	5x/10x	Reject: loss limit already breached at UTC midnight boundary

Note: Validators check constraints in order: enabled > asset > position > loss > leverage. First failure halts and reverts.

Security Considerations

Threat Model 1: Compromised Agent Logic Attempting Constraint Bypass

Attack: An agent is infected with code that attempts to place orders outside declared policy by:

Submitting orders directly to the exchange precompile (bypassing PolicyVault)
Submitting multiple rapid orders to exceed aggregate limits
Modifying order data between client construction and submission

Mitigation:

Circuit SDK's CircuitOrder.placeOrder() is the single integration point. If the agent calls the exchange precompile directly, it bypasses Circuit but that is operator choice (not a vulnerability—the operator should not use Circuit if they also call exchange directly).
Position and P&L checks are cumulative across all orders. A rapid-fire sequence of small orders that sum to a violation will fail on the Nth order when cumulative position exceeds limit.
Order signature validation happens inside PolicyVault before any state is read, preventing signature forgery or data tampering during network transmission (Hyperliquid's exchange precompile also validates signatures independently).

Residual Risk: If an operator deploys Circuit but the agent is also configured to call the exchange precompile directly, the agent bypasses Circuit. This is an integration risk, not a protocol risk. Documentation must emphasize that Circuit must be the sole order submission path.

Threat Model 2: Oracle Manipulation Leading to Incorrect Position/PnL Calculation

Attack: An attacker manipulates Hyperliquid's mid-price oracle (used by PolicyVault to calculate current P&L and mark-to-market positions) to report false prices, causing:

Position limits to appear higher than they are, allowing oversized orders
Daily loss to appear smaller, allowing more losses before hitting limit

Mitigation:

Hyperliquid's price feed is derived from the L1 order book consensus and aggregated across validators. An individual smart contract cannot be a vector for oracle manipulation beyond network-wide consensus failure.
If the L1 consensus price itself is manipulated (requires attacking Hyperliquid L1), this is a L1 integrity issue, not Circuit-specific.
For added defense: Circuit publishes all position updates and P&L calculations to events, which can be audited against canonical Hyperliquid price history. If an order is approved at a price later shown to be invalid, the event log will show the discrepancy.
PolicyVault can be upgraded to use a secondary price feed (e.g., on-chain Pyth or Chainlink if available on HyperEVM) for P&L calculations, though this introduces additional trust assumptions.

Residual Risk: If Hyperliquid L1's price consensus is compromised, so is Circuit. This is unavoidable without trusting an external oracle, which introduces its own risks.

Threat Model 3: Reentrancy During Order Submission

Attack: An adversary crafts a specially-designed order or uses a malicious contract to:

Call back into PolicyVault during the exchange precompile call, attempting to manipulate state (positions, dailyPnL) before validation completes
Submit orders within callbacks to exploit inconsistent state

Mitigation:

PolicyVault's submitOrder() function is marked non-reentrant (uses OpenZeppelin's ReentrancyGuard or equivalent).
State updates (positions, dailyPnL) occur after the exchange precompile call succeeds, and the function is guarded by reentrancy lock, so any recursive call will revert.
The exchange precompile itself is a trusted L1 boundary; it cannot call back into smart contracts during execution.

Residual Risk: Low. Standard reentrancy guard mitigates this entirely.

Threat Model 4: Policy Parameter Underflow/Overflow

Attack: An operator sets policy parameters that cause arithmetic overflows or underflows:

maxPositionPerAsset is set to type(uint256).max, bypassing limits
dailyLossLimit is set to type(int256).min, making it impossible to ever breach
Position accumulation overflows when summing multiple orders

Mitigation:

Position and P&L are tracked as signed integers with fixed bit width (int128 per asset). Hyperliquid's asset lot sizes are chosen so that reasonable positions cannot overflow (e.g., BTC positions in sats, where max ~21M BTC fits in 64 bits).
Policy parameters are validated on updatePolicy(): maxPositionPerAsset must be > 0, maxLeverage must be in range [1, 50], dailyLossLimit must be < 0 (or 0 for no limit).
Arithmetic operations in validation checks use SafeMath or Solidity 0.8+ checked arithmetic, which reverts on overflow.

Residual Risk: Minimal if parameter validation is strict. Operators should be warned to set sane limits.

Threat Model 5: Time-of-Check to Time-of-Use (TOCTOU) Race Condition

Attack: Agent submits order O1 that is within policy at time T1. By time T2 (when order reaches the L1 order book and fills), market has moved, and the agent's realized P&L or position is now outside policy. The order fills anyway because the check happened before the fill.

Mitigation:

This is not a Circuit vulnerability; it is an inherent property of async execution. In any decentralized exchange, checks at submission time do not guarantee checks at execution time.
Circuit validates policy at the moment of order submission to L1 order book, which is the earliest point where constraints can be meaningfully enforced.
If an operator requires hard guarantees that positions never exceed limits, they must use smaller limit values to account for potential slippage, or use post-fill enforcement (Circuit can optionally emit a PositionExceededAtFill event if positions are tracked post-settlement, though this is not in the initial design).

Residual Risk: By design. This is a property of async settlement, not a bug.

Threat Model 6: Policy Metadata Staleness

Attack: An operator updates policy, but Circuit SDK clients have cached the old policy version locally. Orders are still validated against the old policy.

Mitigation:

PolicyVault stores policyVersion on-chain. SDK calls getPolicyVersion() before every order submission to check for updates.
If a new version is detected, the SDK refetches the full policy.
Optional: SDK maintains a local watch on PolicyUpdated events and invalidates cache immediately.
Worst case (if watch fails), stale policy is detected on next order, policy is refetched, order is resubmitted with fresh policy.

Residual Risk: Low, as long as SDK actively monitors versions or refetches on every order.

Open Questions

1. How Should Multi-Asset Correlation Risk Be Modeled?

The current position limits are per-asset. An agent trading both BTC and ETH can hold 5 BTC and 100 ETH simultaneously, even if their combined notional exposure to price risk is highly correlated. Should PolicyVault support:

A global notional cap across all positions (using mark-to-market)?
Correlation weighting, where positions are discounted by historical correlation?
Portfolio-level Greeks (delta, vega)?

Current design assumes agents manage correlation risk independently. This may be insufficient for agents managing large portfolios. An open question for future work is whether Circuit should expose a correlation-aware constraint engine, or whether that responsibility should remain with the agent.

2. How Should Funding Costs Be Attributed in Daily Loss Limits?

Daily loss limits are calculated as realized P&L: change in mark-to-market value. But agents on perpetuals incur funding costs (if position is long and funding is positive, the agent pays). These costs are not realized when the order is submitted; they accumulate over hours/days.

Should Circuit:

Include funding costs in the daily loss limit (requires prediction of funding rate)?
Track funding accrual separately and alert when projected daily loss (including funding) approaches limit?
Leave funding to the agent's own monitoring?

The current design does not include funding in loss limits. This could lead to an agent hitting realized loss limit but continuing to accrue funding costs, actually exceeding its risk budget.

3. Can PolicyVault Scale to Sub-Second Order Frequency Without Becoming a Bottleneck?

Hyperliquid's L1 processes orders at high frequency. If an agent submits orders every 100ms, does PolicyVault's state updates (reading positions, calculating new positions, updating nonces) become a limiting factor? Are there batching strategies or state root caching techniques that could allow Circuit to handle burst order submission without incurring per-order computational overhead?

4. How Should Policy Auditing Work Across Policy Upgrades?

When an operator upgrades the policy (e.g., reduces max leverage from 10x to 5x), in-flight orders may have been submitted under the old policy. Should Circuit:

Grandfather in orders submitted before the upgrade (current design)?
Retroactively apply new policy to all open orders?
Require explicit acknowledgment by the agent before policy upgrades take effect?

Current design grandfathers in orders, but this could lead to a situation where an operator lowers leverage limits but existing high-leverage positions are not wound down. What is the right tradeoff between agent autonomy and risk operator control?

5. What Is the Appropriate Cadence for Daily Loss Limit Reset?

Currently, the daily loss limit resets at UTC midnight. But an agent trading globally across time zones may interpret "daily" differently. Should Circuit support:

Rolling 24-hour windows instead of calendar days?
Operator-configurable reset times?
Explicit reset triggers that the agent can invoke?

Different reset mechanisms change the effective risk exposure. The open question is whether a one-size-fits-all UTC midnight reset is appropriate for global trading strategies.

References

Hyperliquid Protocol Documentation: https://hyperliquid.gitbook.io/hyperliquid-docs (accessed July 2025). Specifications for HyperEVM, exchange precompile, order book structure.
Ethereum Improvement Proposal 7716 (EIP-7716): Anti-MEV Transaction Ordering Precompile. https://eips.ethereum.org/EIPS/eip-7716. Establishes design patterns for protocol-layer constraint enforcement.
Balancer V2 Security Whitepaper (2021). Balancer Labs. https://docs.balancer.fi/concepts/core-concepts/protected-collateral. Describes on-chain invariant enforcement and state guarding patterns applicable to risk limit contracts.
Brunnermeier, M. K., & Abramson, A. (2003). "Liquidity and Risk Management." Journal of Financial Economics. Theoretical foundation for why client-side risk stops fail under stress.
OpenZeppelin Contracts. ReentrancyGuard. https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/ReentrancyGuard.sol. Standard library for reentrancy protection used in PolicyVault.
Solidity 0.8+ Compiler Arithmetic Safety. https://docs.soliditylang.org/en/latest/080-breaking-changes.html#arithmetic-operations. Checked arithmetic used in position/P&L calculations.
ElizaOS Framework: https://github.com/elizaos/eliza. Integration target for Circuit SDK; agent