These security measures have been designed to protect both the integrity of the protocol and the interests of the community, ensuring a reliable and transparent operation of the token. By transitioning to a multi-sig governance model, the project is positioning itself at the forefront of digital asset management security.
1. World-Class OpenZeppelin Libraries
The token contract is built on highly recognized and audited OpenZeppelin libraries, such as:
- AccessControlUpgradeable: Provides granular permission management through roles (ADMIN_ROLE, UPGRADER_ROLE, MULTISIG_ROLE).
- PausableUpgradeable: Enables emergency pause mechanisms if required.
- UUPSUpgradeable: Ensures secure contract upgrades, limited to authorized accounts.
- SafeMathUpgradeable: Prevents arithmetic overflows and errors, ensuring the integrity of all mathematical operations.
2. Access Control and Multi-Sig Governance
- Specific Roles: Every critical function is protected by roles. Only accounts with the appropriate role (e.g., UPGRADER_ROLE for upgrades or MULTISIG_ROLE for strategic functions) can execute these functions.
- Admin Renunciation: With the admin having renounced control, authority is now delegated to multi-sig wallets. This eliminates a single point of failure and promotes collective decision-making.
- Voting Approval: Critical actions require multi-signature approval with a 66% threshold (2/3 majority), ensuring that no changes occur without broad consensus.
3. Secure Upgradeability with UUPS
The contract employs the UUPS upgrade pattern, with the internal _authorizeUpgrade function ensuring that only accounts with the UPGRADER_ROLE can trigger upgrades. This prevents unauthorized modifications and maintains the code’s integrity.
4. Controlled Transfer Mechanisms
- Temporal and Volume Restrictions:
- Regular users are limited to transferring up to 25% of their balance and only once every 6 hours, effective after the restriction date (31/05/2025 UTC+14).
- Admin transfers (prior to renunciation) were capped at 5% of their balance every 24 hours, mitigating the risk of massive token movements.
- Strategic Exemptions: Certain key wallets (such as those for staking rewards, community, liquidity, reserves, etc.) are exempt from these restrictions to ensure essential operations proceed unhindered.
5. Burning and Vesting Mechanisms
- Scheduled Burning: The burning function allows for a controlled reduction of the total supply from the designated “burn wallet,” contributing to a deflationary token economy.
- Team Vesting: A vesting mechanism is implemented to gradually release team tokens after a defined cliff period and through scheduled partial releases, aligning the team’s interests with the long-term success of the project.
6. Transparency and Event Logging
Every significant action (transfers, staking, parameter updates, token burns, token releases, etc.) emits events on the blockchain. This facilitates real-time tracking, auditing, and ensures complete transparency for the community.
7. Modular and Securely Toggleable Features
The contract includes various additional functionalities (NFT integration, lottery, gamification, referral rewards, etc.) that can be activated in a controlled manner. This ensures that each feature is enabled only when necessary and only after thorough security evaluation.
8. Granular Role and Permission Management
Using AccessControl, roles can be assigned and revoked with precision. By delegating control to multi-sig wallets, the system ensures that no single actor wields excessive power, thus promoting decentralization and robust security.