# Security Stack

Blackhole introduces a new execution stack designed for modular and **secure-by-default** DeFi infrastructure. Existing execution systems in Web3 were built for speed, not safety — leaving developers with fragile routing, unsafe signing flows, and reactive error handling.

Blackhole replaces this with a deterministic and programmable execution pipeline that starts **before the signature** and is enforced through **final on-chain execution**. The stack consists of two main components:

1. **Umbra** — the off-chain firewall that validates execution routes before signing.
2. **Blackhole Diamond** — the on-chain executor that enforces runtime guarantees and fallback recovery.

Together, they provide a complete execution safety layer:

* Pre-signature validation (off-chain)
* Runtime enforcement and recovery (on-chain)
* Modular, deterministic, and fault-tolerant by design

This is not just a safer SDK — it’s a shift in how cross-chain execution should work.

***

### Want to go deeper? Welcome.

{% content-ref url="security-stack/umbra-intelligent-firewall" %}
[umbra-intelligent-firewall](https://blackholelabs.gitbook.io/docs/technology/security-stack/umbra-intelligent-firewall)
{% endcontent-ref %}

{% content-ref url="security-stack/blackhole-diamond-onchain-executor" %}
[blackhole-diamond-onchain-executor](https://blackholelabs.gitbook.io/docs/technology/security-stack/blackhole-diamond-onchain-executor)
{% endcontent-ref %}