Smart Contract Security

Audit Program

All smart contracts undergo rigorous security review:

Phase

Description

Internal Review

Team code review and testing

Third-Party Audit

Independent security firm audit

Formal Verification

Mathematical proof for critical functions

Audit Status

Contract

Auditor

Status

Report

TPT Token

CertiK

[Pending]

[Link]

Audit reports will be linked here upon completion.

Contract Architecture

Core Contracts

Contract

Function

Escrow

Holds funds and assets during transactions

Settlement

Processes payments and distributions

Registry

Tracks all assets and their status

Access Control

Contract

Function

Staking

Manages TPT staking and tiers

KYC/KYB

Verifies participant identity status

Asset Contracts

Contract

Function

Invoice NFT

Tokenized invoice representation

PO NFT

Tokenized purchase order representation

Upgrade Mechanism

Contracts use a transparent proxy pattern:

Feature

Description

Multi-sig Approval

Upgrades require 3-of-5 signatures

Time-lock Delay

48-hour delay on all upgrades

Emergency Pause

Immediate halt for critical issues

Transparency

All upgrades announced in advance

Upgrade Process

Proposal submitted by team

The team submits an upgrade proposal to the governance/upgrade process.

Multi-sig approval (3-of-5)

The proposal requires approval from at least 3 of the 5 designated multi-sig signers.

48-hour time-lock begins

Once approved, a 48-hour time-lock starts before execution is allowed.

Community notified

The community is notified about the pending upgrade during the time-lock period.

Upgrade executed after time-lock

After the time-lock elapses (and assuming no intervention), the upgrade is executed.

Bug Bounty Program

We reward security researchers who identify vulnerabilities:

Severity

Reward Range

Critical

$10,000 - $50,000

High

$5,000 - $10,000

Medium

$1,000 - $5,000

Low

$100 - $1,000

Scope

All deployed smart contracts
Core protocol logic
Access control mechanisms

Out of Scope

Frontend/UI issues
Third-party integrations
Social engineering

Bug bounty program details will be published separately.

PreviousTrade Finance NextLegal Structure

Last updated 21 days ago

Good afternoon

hashtagAudit Program

hashtagAudit Status

hashtagContract Architecture

hashtagCore Contracts

hashtagAccess Control

hashtagAsset Contracts

hashtagUpgrade Mechanism

hashtagUpgrade Process

hashtagProposal submitted by team

hashtagMulti-sig approval (3-of-5)

hashtag48-hour time-lock begins

hashtagCommunity notified

hashtagUpgrade executed after time-lock

hashtagBug Bounty Program

hashtagScope

hashtagOut of Scope

Audit Program

Audit Status

Contract Architecture

Core Contracts

Access Control

Asset Contracts

Upgrade Mechanism

Upgrade Process

Proposal submitted by team

Multi-sig approval (3-of-5)

48-hour time-lock begins

Community notified

Upgrade executed after time-lock

Bug Bounty Program

Scope

Out of Scope