# Security

Foundation prioritizes security at every layer of the protocol. This section outlines our security practices, audits, and ongoing commitments to protecting user funds.

***

## Audit

Foundation's smart contracts have been audited by **Three Sigma**, a leading blockchain security firm.

| Audit                     | Auditor     | Status    |
| ------------------------- | ----------- | --------- |
| Foundation Core Contracts | Three Sigma | Completed |

The audit covered:

* Foundation Vault (accounting engine)
* USD' base layer contracts
* Rebalance Router
* ERC4626 strategy implementations

***

## Security Architecture

### Multi-Signature Governance

All administrative functions require multi-sig approval:

| Function              | Requirement           |
| --------------------- | --------------------- |
| Contract Upgrades     | Multi-sig + Timelock  |
| Strategy Whitelisting | Multi-sig approval    |
| Parameter Changes     | Multi-sig + Timelock  |
| Emergency Pause       | Multi-sig (expedited) |

### Asset Isolation

| Principle                 | Implementation                                                    |
| ------------------------- | ----------------------------------------------------------------- |
| **Vault-Held Collateral** | All collateral backing USD' is held in the Foundation Vault       |
| **Strategy Sandboxing**   | Strategy contracts cannot access collateral from other strategies |
| **Access Controls**       | Only whitelisted contracts can interact with the Vault            |

### Timelocks

Parameter changes and contract upgrades are subject to timelocks, giving users time to react before changes take effect.

***

## Ongoing Security Practices

| Practice                  | Description                                           |
| ------------------------- | ----------------------------------------------------- |
| **Bug Bounty Program**    | Rewards for responsibly disclosed vulnerabilities     |
| **Continuous Monitoring** | Real-time monitoring of protocol health and anomalies |
| **Incident Response**     | Documented procedures for security incidents          |
| **Formal Verification**   | Critical contract paths undergo formal verification   |

***

## Security Contacts

For security concerns or vulnerability reports, please contact the Foundation security team through responsible disclosure channels.

***

*Security is an ongoing commitment. We continuously work to improve the security posture of the Foundation protocol.*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.synnax.fi/technical-reference/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.