A short list of useful hardening features that make a serious difference for Graphene:

Zero-on-free with detection of write-after-free via checking that memory is still zeroed before handing it out again. https://github.com/GrapheneOS/hardened_malloc

Turn USB-C to power only (no data) when screen is locked.

Auto reboot after X hours.

Turn off WiFi/Bluetooth after X minutes after disconnect.

Hardened kernal.

Strong commitment to fast updates of drivers, kernal and OS to security patch level.

Dynamic code loading blocked.

More here: https://grapheneos.org/features