Security

Last updated: October 30, 2025

Security contact: Zak@Evolve-NP.com

We design for safety, transparency, and nonprofit control. This page summarizes how the system is secured and what you can expect during normal operations and incidents.

1) Architecture at a glance

• Nonprofit custody by design: Funds settle to a Safe multisig (3-of-5) with three nonprofit signers and two EvolveNP emergency signers.
• No unilateral control: EvolveNP keys cannot move funds—they only co-sign security actions (pause/unpause, paused-only allow-listed upgrades, or emergency exits to nonprofit-approved destinations).
• Immutable core: Core economic logic (e.g., thresholds, cadence, and send/burn math) is fixed in code.
• Bounded change: Non-economic modules (e.g., integrations) are upgradeable only when paused, to allow-listed bytecode, with nonprofit approvals and on-chain events.
• Closed-intake Donation Wallet (MVP): Accepts assets only from designated sources, auto-converts via allow-listed routes with slippage/TWAP caps, and forwards to the nonprofit Safe.

2) Key management & access control

• Safe configuration: Standard 3-of-5 setup. Outbound transfers require at least three nonprofit signatures; EvolveNP signatures do not count toward moving funds.
• Emergency scope: EvolveNP keys may co-sign only documented security actions. Nonprofits can rotate/remove EvolveNP keys at any time.
• Operational hygiene: We recommend hardware wallets for all signers, device isolation, and phishing-resistant MFA.

3) Contract controls & guardrails

• Pause controls: Token, Treasury, and Donation Wallet components can be paused/unpaused independently for safety.
• Execution guardrails: Hard caps per attempt, cooldowns, slippage ≤0.8%, TWAP deviation ≤2–3%, LP-health checks, and on-chain event emissions.
• Emergency exit: Forwards assets only to the nonprofit’s designated Safe or verified replacement—never to EvolveNP.

4) Infrastructure & data security (platform layer)

• Least privilege access with segregated environments and short-lived credentials.
• TLS for all traffic and encrypted storage for secrets.
• No private keys on our servers; nonprofits hold their own keys.
• Minimal operational logs for audit and security—no advertising cookies.

5) Monitoring, testing & audits

• Automated checks (CI, static analysis, unit/property tests, and coverage thresholds).
• Third-party audits: Reports or summaries published once remediated.
• Bug bounty and coordinated vulnerability disclosure (see below).

6) Responsible disclosure

If you believe you’ve found a vulnerability or high-risk issue, email Zak@Evolve-NP.com with steps to reproduce and impact.

• Please allow up to 90 days to triage, patch, and coordinate disclosure (or sooner if a fix ships).
• Do not access non-public data or impact availability.
• Researchers following these guidelines will be credited.
• We host a security.txt file at /.well-known/security.txt.

7) Incident response

• Detect & assess: Evaluate alerts, logs, and on-chain signals.
• Contain: Nonprofit signers (3-of-5) can pause affected contracts.
• Communicate: Notify impacted orgs and post updates on the /security or status page.
• Remediate: Apply paused-only, allow-listed upgrades or migrations with nonprofit approvals.
• Post-incident: Share root cause and mitigation timeline where appropriate.

8) Availability & resilience

• Off-chain automation is a trigger only; all checks occur on-chain.
• Redundant RPC and monitoring providers to avoid single points of failure.
• Regular backups for configuration data and logs (no private keys).

9) Third-party dependencies

We rely on reputable providers (RPC, routers, analytics). Each carries independent risk. Versions are pinned, advisories monitored, and allow-lists kept tight.

10) Change management

• All contract releases are versioned; parameters (if any) are bounded and evented.
• Upgrades occur only while paused, to pre-reviewed, allow-listed bytecode, with nonprofit approvals and public announcements.

11) Nonprofit responsibilities (shared security model)

• Maintain secure signer devices (hardware wallets, firmware updates, backups).
• Keep signer rosters current and remove ex-staff immediately.
• Define internal runbooks for pause, emergency exit, and key rotations.
• Use screening/logging and retain records for compliance.

12) Contact & resources

Security: security@evolve-np.com
Legal/compliance: legal@evolve-np.com
Status updates: [link to status page]
Audit reports: [link once available]
Risk disclosure: /risk