Trust & Safety
Security & Audits
Every line of code will be audited before mainnet. Every safety mechanism is enforced on-chain — not by policy, by math.
Audit Reports
Audits scheduled — pre-mainnet
Independent third-party audits will be commissioned and completed before any production deployment on Arbitrum One. Scope covers all 19 implementation contracts: IndexVault, MintEngine, RedeemEngine, NAVOracle, VeGAME, FeeCollector, GNDXGovernor, Timelock, GuardianMultisig, RebalanceController, PresaleVesting, OnboardingExecutor, core tokens, and adapters.
Audit firms, reports, and remediation summaries will be published on this page as engagements are confirmed.
On-Chain Safety Mechanisms
UUPS Upgradeable Proxies
12 of the 19 implementation contracts use the UUPS upgrade pattern. The remaining 7 (such as vesting, multisig, and adapters) are intentionally immutable to minimize trust assumptions. Upgrades require a 7-day timelock and can only be executed after a 66% supermajority governance vote.
5-of-8 Guardian Multisig
Emergency pause requires 5 of 8 independent guardian signatures. No single point of failure. Guardians cannot move user funds.
72-Hour Auto-Expiry Pause
Emergency pauses automatically expire after 72 hours — no manual extension, no indefinite freeze. Users always retain redemption rights.
10% Weight Cap — Hardcoded
No single token can be assigned a target weight above 10% of the basket by governance. This constraint is enforced at the contract level. No governance vote can override it. Not now. Not ever.
Responsible Disclosure
Report vulnerabilities privately to the security team:
security@gndx.financePlease allow 48 hours for initial response. We do not prosecute good-faith security researchers.