Security
Foundation prioritizes security at every layer of the protocol. This section outlines our security practices, audits, and ongoing commitments to protecting user funds.
Audit
Foundation's smart contracts have been audited by Three Sigma, a leading blockchain security firm.
Foundation Core Contracts
Three Sigma
Completed
The audit covered:
Foundation Vault (accounting engine)
USD' base layer contracts
Rebalance Router
ERC4626 strategy implementations
Security Architecture
Multi-Signature Governance
All administrative functions require multi-sig approval:
Contract Upgrades
Multi-sig + Timelock
Strategy Whitelisting
Multi-sig approval
Parameter Changes
Multi-sig + Timelock
Emergency Pause
Multi-sig (expedited)
Asset Isolation
Vault-Held Collateral
All collateral backing USD' is held in the Foundation Vault
Strategy Sandboxing
Strategy contracts cannot access collateral from other strategies
Access Controls
Only whitelisted contracts can interact with the Vault
Timelocks
Parameter changes and contract upgrades are subject to timelocks, giving users time to react before changes take effect.
Ongoing Security Practices
Bug Bounty Program
Rewards for responsibly disclosed vulnerabilities
Continuous Monitoring
Real-time monitoring of protocol health and anomalies
Incident Response
Documented procedures for security incidents
Formal Verification
Critical contract paths undergo formal verification
Security Contacts
For security concerns or vulnerability reports, please contact the Foundation security team through responsible disclosure channels.
Security is an ongoing commitment. We continuously work to improve the security posture of the Foundation protocol.
Last updated