# Security Security is a top priority for Rip Strategies. This page outlines the security measures, smart contract architecture, and best practices we employ to protect user funds. ## Smart Contract Security ### Audits All Rip Strategies smart contracts undergo thorough security audits by reputable third-party auditors before deployment to production. #### rHYPURR Vault — Three Sigma The rHYPURR (Hypurr Vault) smart contract was audited by [Three Sigma](https://threesigma.xyz/), a leading blockchain security firm. [**View the full audit report (PDF)**](https://rip.xyz/audits/hypurrvault/rHYPURR.pdf) ### Battle-Tested Standards Rip Strategies vaults are built on ERC-4626, a well-established and audited standard for tokenized vaults, reducing the attack surface. ## MPC Wallet Security ### Multi-Party Computation Vault assets are held in MPC (Multi-Party Computation) wallets, which distribute cryptographic key shares across multiple parties. ### No Single Point of Failure No single entity has full control over vault assets. Transactions require consensus from multiple key holders. ### Enterprise-Grade Infrastructure Our MPC provider offers institutional-grade security infrastructure used by major DeFi protocols and traditional financial institutions. ## Access Control ### Role-Based Permissions Rip Strategies vaults use a role-based access control system that separates concerns: * **Admin:** Protocol parameters and emergency functions * **Keeper:** NAV updates and queue processing * **Vault Manager:** NFT trading and liquidity management * **Treasury:** Fee collection ### Emergency Pause In case of security threats, the admin can pause deposits and redemptions while keeping existing positions secure. ## Oracle Security ### Signed NAV Reports All NAV reports must be cryptographically signed by authorized keeper addresses. The vault verifies signatures before accepting updates. ### Drift Bounds The vault enforces maximum NAV drift limits to prevent manipulation or errors from causing dramatic price changes. ### Staleness Protection NAV reports include expiration timestamps. Stale reports are rejected, and vault operations pause if updates aren't received timely. ### Audit Trail Each NAV report includes an inputsCommit hash for retrospective verification of calculation accuracy. ## User Security Best Practices ### Wallet Security * Use hardware wallets for large positions * Never share private keys or seed phrases * Keep wallet software updated * Use strong passwords and 2FA ### Verification * Always verify you're on the correct website URL * Double-check contract addresses before transactions * Be cautious of phishing attempts * Review transaction details carefully ### Risk Management * Only invest what you can afford to lose * Start with small test deposits * Understand vault strategies and risks * Monitor your positions regularly ## Bug Bounty Program {% hint style="info" %} We're working on establishing a bug bounty program. Details will be announced soon. {% endhint %} ## Contact Security Team If you discover a security vulnerability, please report it responsibly: * Email: * Do not disclose vulnerabilities publicly until they are addressed * Allow reasonable time for investigation and remediation ## Disclaimer While we implement multiple layers of security, no system is completely risk-free. Users should understand the risks inherent in DeFi and smart contracts before participating. {% hint style="danger" %} DeFi protocols carry inherent risks including smart contract vulnerabilities, market volatility, and operational failures. Only invest funds you can afford to lose. {% endhint %}