Security Architecture

Security first.
Not second.

USDAO Protocol is designed with defence-in-depth. Every layer has independent protection. No single failure can compromise the reserve backing.

Defence in Depth

Four independent security layers.

A

Smart Contract Security

  • Independent security audits pre-launch
  • All findings published
  • Formal verification for core logic
  • Oracle-triggered minting mechanisms
  • OpenZeppelin battle-tested base contracts
B

Oracle Security

  • Independent oracle network consensus required
  • Challenge window before system update
  • Multi-source oracle data cross-validation
  • Automatic system pause on oracle anomaly
  • Decentralized architecture
C

Governance Security

  • Multisig for significant protocol changes
  • Mandatory timelock on all upgrades
  • Geographically distributed keyholders
  • On-chain governance log transparency
D

Custodian Security

  • Dual-custodian architecture available
  • Reserves held at licensed institutions
  • Periodic balance reconciliation
  • Dedicated reserve accounts
Audits

Independent audits. All findings published.

We commission independent security audits before any mainnet deployment. Findings are published publicly.

Pre-launch audits
Smart contract audits will be conducted by independent security firms prior to mainnet launch. Audit reports will be published at docs.usdao.io/audits.
Review
Security Audits
Before mainnet deployment
72h
Governance Timelock
Mandatory wait on changes
3 / 5
Multisig Control
Required for protocol changes

Bug Bounty Program

We operate a public bug bounty program with substantial security bounty payouts for responsible disclosures. These are program incentives for security research only. They are not payments tied to holding USDAO or any investment activity. The protocol's security is only as strong as the community's ability to test it.

Report a Vulnerability
CriticalUp to $50,000
HighUp to $15,000
MediumUp to $5,000
LowUp to $1,000
Verified Contracts

Deployed contract addresses.

All contracts are verified on Etherscan. You can read them directly.

USDaoToken (ERC-20)0x (pending mainnet deployment)
MintingEngine0x (pending mainnet deployment)
ReserveVault0x (pending mainnet deployment)
DistributionRegistry0x (pending mainnet deployment)
KYCRegistry0x (pending mainnet deployment)
Contract addresses will be updated at mainnet deployment. Follow @usdao_io for deployment announcements.