# Security Security is a top priority for Rip Strategies. This page outlines the security measures, smart contract architecture, and best practices we employ to protect user funds. ## Smart Contract Security ### Audits All Rip Strategies smart contracts undergo thorough security audits by reputable third-party auditors before deployment to production. #### rHYPURR Vault — Three Sigma The rHYPURR (Hypurr Vault) smart contract was audited by [Three Sigma](https://threesigma.xyz/), a leading blockchain security firm. [**View the full audit report (PDF)**](https://rip.xyz/audits/hypurrvault/rHYPURR.pdf) ### Battle-Tested Standards Rip Strategies vaults are built on ERC-4626, a well-established and audited standard for tokenized vaults, reducing the attack surface. ## MPC Wallet Security ### Multi-Party Computation Vault assets are held in MPC (Multi-Party Computation) wallets, which distribute cryptographic key shares across multiple parties. ### No Single Point of Failure No single entity has full control over vault assets. Transactions require consensus from multiple key holders. ### Enterprise-Grade Infrastructure Our MPC provider offers institutional-grade security infrastructure used by major DeFi protocols and traditional financial institutions. ## Access Control ### Role-Based Permissions Rip Strategies vaults use a role-based access control system that separates concerns: * **Admin:** Protocol parameters and emergency functions * **Keeper:** NAV updates and queue processing * **Vault Manager:** NFT trading and liquidity management * **Treasury:** Fee collection ### Emergency Pause In case of security threats, the admin can pause deposits and redemptions while keeping existing positions secure. ## Oracle Security ### Signed NAV Reports All NAV reports must be cryptographically signed by authorized keeper addresses. The vault verifies signatures before accepting updates. ### Drift Bounds The vault enforces maximum NAV drift limits to prevent manipulation or errors from causing dramatic price changes. ### Staleness Protection NAV reports include expiration timestamps. Stale reports are rejected, and vault operations pause if updates aren't received timely. ### Audit Trail Each NAV report includes an inputsCommit hash for retrospective verification of calculation accuracy. ## User Security Best Practices ### Wallet Security * Use hardware wallets for large positions * Never share private keys or seed phrases * Keep wallet software updated * Use strong passwords and 2FA ### Verification * Always verify you're on the correct website URL * Double-check contract addresses before transactions * Be cautious of phishing attempts * Review transaction details carefully ### Risk Management * Only invest what you can afford to lose * Start with small test deposits * Understand vault strategies and risks * Monitor your positions regularly ## Bug Bounty Program {% hint style="info" %} We're working on establishing a bug bounty program. Details will be announced soon. {% endhint %} ## Contact Security Team If you discover a security vulnerability, please report it responsibly: * Email: * Do not disclose vulnerabilities publicly until they are addressed * Allow reasonable time for investigation and remediation ## Disclaimer While we implement multiple layers of security, no system is completely risk-free. Users should understand the risks inherent in DeFi and smart contracts before participating. {% hint style="danger" %} DeFi protocols carry inherent risks including smart contract vulnerabilities, market volatility, and operational failures. Only invest funds you can afford to lose. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rip.xyz/resources/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.