> For the complete documentation index, see [llms.txt](https://triple-plus-global.gitbook.io/tpt-whitepaper/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://triple-plus-global.gitbook.io/tpt-whitepaper/trust-and-security/smart-contract-security.md).

# Smart Contract Security

## Audit Program

All smart contracts undergo rigorous security review:

| Phase                   | Description                               |
| ----------------------- | ----------------------------------------- |
| **Internal Review**     | Team code review and testing              |
| **Third-Party Audit**   | Independent security firm audit           |
| **Formal Verification** | Mathematical proof for critical functions |

***

## Audit Status

| Contract  | Auditor | Status   | Report                                                              |
| --------- | ------- | -------- | ------------------------------------------------------------------- |
| TPT Token | CertiK  | Finished | [\[Link\]](https://skynet.certik.com/projects/tpt-global#pulseFeed) |

{% hint style="warning" %}
Audit reports will be linked here upon completion.
{% endhint %}

***

## Contract Architecture

{% @mermaid/diagram content="flowchart TB
subgraph Core\["Core Contracts"]
ESC\["Escrow"]
SET\["Settlement"]
REG\["Registry"]
end

```
subgraph Access["Access Control"]
    STAKE["Staking"]
    KYC["KYC/KYB"]
end

subgraph Assets["Asset Contracts"]
    INV["Invoice NFT"]
    PO["PO NFT"]
end

Access --> Core
Assets --> Core" %}
```

### Core Contracts

| Contract       | Function                                   |
| -------------- | ------------------------------------------ |
| **Escrow**     | Holds funds and assets during transactions |
| **Settlement** | Processes payments and distributions       |
| **Registry**   | Tracks all assets and their status         |

### Access Control

| Contract    | Function                             |
| ----------- | ------------------------------------ |
| **Staking** | Manages TPT staking and tiers        |
| **KYC/KYB** | Verifies participant identity status |

### Asset Contracts

| Contract        | Function                                |
| --------------- | --------------------------------------- |
| **Invoice NFT** | Tokenized invoice representation        |
| **PO NFT**      | Tokenized purchase order representation |

***

## Upgrade Mechanism

Contracts use a transparent proxy pattern:

| Feature                | Description                        |
| ---------------------- | ---------------------------------- |
| **Multi-sig Approval** | Upgrades require 3-of-5 signatures |
| **Time-lock Delay**    | 48-hour delay on all upgrades      |
| **Emergency Pause**    | Immediate halt for critical issues |
| **Transparency**       | All upgrades announced in advance  |

### Upgrade Process

{% stepper %}
{% step %}

### Proposal submitted by team

The team submits an upgrade proposal to the governance/upgrade process.
{% endstep %}

{% step %}

### Multi-sig approval (3-of-5)

The proposal requires approval from at least 3 of the 5 designated multi-sig signers.
{% endstep %}

{% step %}

### 48-hour time-lock begins

Once approved, a 48-hour time-lock starts before execution is allowed.
{% endstep %}

{% step %}

### Community notified

The community is notified about the pending upgrade during the time-lock period.
{% endstep %}

{% step %}

### Upgrade executed after time-lock

After the time-lock elapses (and assuming no intervention), the upgrade is executed.
{% endstep %}
{% endstepper %}

##


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://triple-plus-global.gitbook.io/tpt-whitepaper/trust-and-security/smart-contract-security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.