Security is the product. eUSD's confidentiality, reserve integrity, and regulator-accessible disclosure all rest on well-studied cryptographic primitives, audited program logic, and a multisig governance design with no single point of failure.
Twisted ElGamal, bulletproofs, and Pedersen commitments on the Ristretto255 group. Standard hardness assumptions. No bespoke cryptography.
2-of-3 Squads v4 multisig protects the mint, the IWR, the Auditor Key, the Silent Freeze, and the reserve. No single signer is sufficient.
Protocol upgrades affecting the mint, the IWR, the Auditor Key, or the SLV are held in a time-lock for at least 24 hours before execution — visible to anyone.
Every privileged operation — Auditor Key, Silent Freeze, Escrow disposition, IWR modification — is logged on-chain and surfaces after 24 hours.
First audit in Phase 2. Comprehensive multi-firm audits in Phase 3 with non-overlapping methodologies. Bug bounty post-mainnet.
The protocol consumes the audited Token-2022 program as a standard library — no modified or forked token program.
Send security-relevant findings to security@softseco.com. We acknowledge within 72 hours.
A bug bounty program will be operated through Immunefi or equivalent, with rewards scaled to severity. Details will be published ahead of mainnet beta launch.
We don't pretend they don't exist.
Currently disabled on Solana mainnet pending audit completion. The Shielded Liquidity Vault depends on its reactivation; the eUSD token itself does not. Contingency paths documented in whitepaper Section 9.2.
The confidentiality properties rest on the discrete logarithm assumption on Ristretto255. Not protected against a sufficiently capable future quantum adversary. Migration path will be reviewed as post-quantum constructions mature.
Material concentration in Phase 1 mint flow and 20% liquidity tranche. Mitigated by direct fiat on-ramps post-EMI authorization in Phase 5.
Until Phase 2 hires, technical and operational concentration is in the founder. Mitigation: senior engineer hire as the first Phase 2 priority, with the multisig structure preventing any unilateral action.