# Architecture

The system operates on a trust-minimized architecture separating **Decision Making** from **Execution**:

1. **Ditto Keeper (Off-chain)**: Monitors yield opportunities 24/7.
2. **APR Oracle (On-chain)**: Snapshots realized APRs from underlying protocols to prevent manipulation.
3. **Rebalancer (On-chain)**: A stateless contract that calculates the optimal split of funds to maximize APY.
4. **Vault (ERC-4626)**: Atomically executes deposits/withdrawals across strategies.

#### Security Measures

* **Non-Custodial**: User funds are held in the smart contract, never by Ditto or the integrator.
* **Atomic Execution**: Rebalances happen in a single transaction.
* **Slippage Protection**: The vault snapshots Total Value Locked (TVL) before and after every rebalance.
* **Reward Debt Model**: Protocol fees are minted exclusively from yield. The principal deposit is never touched.

<figure><img src="https://258555021-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0oqis4JDhDSIVRhBEmPf%2Fuploads%2FwAnEN3PYJuZOOTmglAj9%2FScreenshot%202025-12-05%20at%2011.43.36.png?alt=media&#x26;token=1d0810ec-eb70-4aed-831f-9834e9536d15" alt=""><figcaption></figcaption></figure>