search

Security

Security is a top priority for RIP Protocol. This page outlines the security measures, smart contract architecture, and best practices we employ to protect user funds.

hashtag
Smart Contract Security

hashtag
Audits

All RIP Protocol smart contracts undergo thorough security audits by reputable third-party auditors before deployment to production.

circle-info

Audit reports will be published here as they become available.

hashtag
Open Source

All smart contracts are open source and available for public review on GitHub. Community scrutiny helps identify potential issues.

hashtag
Battle-Tested Standards

RIP vaults are built on ERC-4626, a well-established and audited standard for tokenized vaults, reducing the attack surface.

hashtag
MPC Wallet Security

hashtag
Multi-Party Computation

Vault assets are held in MPC (Multi-Party Computation) wallets managed by Fordefi, which distribute cryptographic key shares across multiple parties.

hashtag
No Single Point of Failure

No single entity has full control over vault assets. Transactions require consensus from multiple key holders.

hashtag
Enterprise-Grade Infrastructure

Fordefi provides institutional-grade security infrastructure used by major DeFi protocols and traditional financial institutions.

hashtag
Access Control

hashtag
Role-Based Permissions

RIP vaults use a role-based access control system that separates concerns:

  • Admin: Protocol parameters and emergency functions

  • Keeper: NAV updates and queue processing

  • Vault Manager: NFT trading and liquidity management

  • Treasury: Fee collection

hashtag
Time Locks

Critical protocol upgrades are subject to time locks, giving users advance notice of changes.

hashtag
Emergency Pause

In case of security threats, the admin can pause deposits and redemptions while keeping existing positions secure.

hashtag
Oracle Security

hashtag
Signed NAV Reports

All NAV reports must be cryptographically signed by authorized keeper addresses. The vault verifies signatures before accepting updates.

hashtag
Drift Bounds

The vault enforces maximum NAV drift limits to prevent manipulation or errors from causing dramatic price changes.

hashtag
Staleness Protection

NAV reports include expiration timestamps. Stale reports are rejected, and vault operations pause if updates aren't received timely.

hashtag
Audit Trail

Each NAV report includes an inputsCommit hash for retrospective verification of calculation accuracy.

hashtag
User Security Best Practices

hashtag
Wallet Security

  • Use hardware wallets for large positions

  • Never share private keys or seed phrases

  • Keep wallet software updated

  • Use strong passwords and 2FA

hashtag
Verification

  • Always verify you're on the correct website URL

  • Double-check contract addresses before transactions

  • Be cautious of phishing attempts

  • Review transaction details carefully

hashtag
Risk Management

  • Only invest what you can afford to lose

  • Start with small test deposits

  • Understand vault strategies and risks

  • Monitor your positions regularly

hashtag
Bug Bounty Program

circle-info

We're working on establishing a bug bounty program. Details will be announced soon.

hashtag
Contact Security Team

If you discover a security vulnerability, please report it responsibly:

  • Email: [email protected]

  • Do not disclose vulnerabilities publicly until they are addressed

  • Allow reasonable time for investigation and remediation

hashtag
Disclaimer

While we implement multiple layers of security, no system is completely risk-free. Users should understand the risks inherent in DeFi and smart contracts before participating.

triangle-exclamation

DeFi protocols carry inherent risks including smart contract vulnerabilities, market volatility, and operational failures. Only invest funds you can afford to lose.

PreviousDeposits & RedemptionsNextFAQ

Last updated