Smart Contract Security
Overview of 7N7D's smart contract security measures and audit status.
Contracts Live on Mainnet
All smart contracts are deployed on Ethereum Mainnet (canonical) and Arbitrum One (bridged). Source code is open-source at github.com/7N7D/contracts.
Contract Architecture
The 7N7D protocol consists of four core smart contracts:
┌─────────────────────────────────────────────────────────────┐
│ 7N7D Smart Contracts │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────┐ ┌──────────────────────────────┐ │
│ │ 7N7DToken │ │ ProfitDistributor │ │
│ │ (ERC-20) │───►│ (Staking & Rewards) │ │
│ └──────────────────┘ └──────────────────────────────┘ │
│ │
│ ┌──────────────────┐ ┌──────────────────────────────┐ │
│ │ TradingVault │ │ GovernanceDAO │ │
│ │ (ERC-4626) │ │ (On-chain Voting) │ │
│ └──────────────────┘ └──────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ TimelockController (48h delay) │ │
│ └──────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
Contract Details
7N7DToken
| Property | Value |
|---|---|
| Standard | ERC-20 with ERC-20Votes |
| Total Supply | 1,000,000,000 |
| Mintable | No (fixed supply) |
| Burnable | Yes (by holder) |
| Pausable | Emergency only |
Security Features:
- OpenZeppelin ERC-20 base
- Voting capability for governance
- Permit function (gasless approvals)
- No admin mint function
TradingVault
| Property | Value |
|---|---|
| Standard | ERC-4626 |
| Asset | USDC |
| Upgradeable | No |
| Admin Functions | Limited |
Security Features:
- Battle-tested ERC-4626 standard
- Reentrancy protection
- Share price manipulation protection
- Emergency pause capability
ProfitDistributor
| Property | Value |
|---|---|
| Function | Staking rewards |
| Reward Token | USDC |
| Distribution | On-chain |
Security Features:
- Pull-based reward claims
- Overflow protection
- Precise reward calculations
- No stuck funds
GovernanceDAO
| Property | Value |
|---|---|
| Type | OpenZeppelin Governor |
| Voting Period | 7 days |
| Quorum | 4% |
| Timelock | 48 hours |
Security Features:
- Timelock for all actions
- Proposal threshold (1% tokens)
- Vote delegation
- On-chain execution
Security Measures
1. Battle-Tested Standards
All contracts use OpenZeppelin libraries:
- ERC-20 (token)
- ERC-4626 (vault)
- Governor (governance)
- TimelockController
- ReentrancyGuard
- Pausable
2. Access Control
Admin Functions:
├── Emergency pause ───► Multisig only
├── Parameter changes ──► Governance + Timelock
├── Upgrades ───────────► Not possible (immutable)
└── Fund access ────────► Never (no admin withdrawal)
3. Timelock Protection
All governance actions have a 48-hour delay:
- Users can exit before changes take effect
- Provides time to review and respond
- Prevents flash governance attacks
4. Reentrancy Protection
All external calls use:
- ReentrancyGuard modifiers
- Checks-Effects-Interactions pattern
- Pull over push for rewards
5. Economic Security
- No flash loan attack vectors
- Share price manipulation protection
- Bounded fee calculations
- Overflow/underflow protection (Solidity 0.8+)
Audit Status
Current Status
Contracts Deployed
Smart contracts have been deployed to mainnet and are operational. Contracts are open-source for community review at github.com/7N7D/contracts.
Security Reviews
| Review Type | Scope | Status |
|---|---|---|
| Internal Review | All contracts | ✅ Complete |
| Community Audit | Open source | Ongoing |
| Formal Audit | All contracts | Planned |
Internal Review
- Code review by multiple developers
- Extensive test coverage (75+ tests)
- Open-source for community verification
Test Coverage
Contract Test Results:
─────────────────────────────────────
7N7DToken.test.ts ✅ 15/15 passing
TradingVault.test.ts ✅ 20/20 passing
ProfitDistributor.test.ts ✅ 18/18 passing
GovernanceDAO.test.ts ✅ 22/22 passing
─────────────────────────────────────
Total ✅ 75/75 passing
Test Types
- Unit tests for all functions
- Integration tests for workflows
- Edge case testing
- Gas optimization tests
Contract Verification
All contracts are verified on Etherscan/Arbiscan:
Ethereum Mainnet (L1 - Canonical)
| Contract | Address | Verified |
|---|---|---|
| 7N7DToken | 0x... (update with address) | ✅ |
| TradingVault | 0x... (update with address) | ✅ |
| ProfitDistributor | 0x... (update with address) | ✅ |
| GovernanceDAO | 0x... (update with address) | ✅ |
| TimelockController | 0x... (update with address) | ✅ |
Arbitrum One (Bridged)
| Contract | Address | Verified |
|---|---|---|
| 7N7DToken | 0x... (update with address) | ✅ |
Source Code: github.com/7N7D/contracts
Immutability
Non-Upgradeable
Contracts are not upgradeable:
- No proxy pattern
- No admin upgrade function
- Code is permanent
Why?
- Eliminates upgrade risks
- No rug pull via upgrade
- Fully trustless
Limitations
Trade-off: Bugs cannot be fixed without migration.
Mitigation:
- Extensive testing
- Audit before deployment
- Emergency pause for critical issues
- Governance can redirect to new contracts
Bug Bounty
Active Bug Bounty
Found a vulnerability? Report it to security@7n7d.com for potential rewards.
Planned Structure
| Severity | Reward |
|---|---|
| Critical | Up to $50,000 |
| High | Up to $25,000 |
| Medium | Up to $10,000 |
| Low | Up to $2,500 |
Known Limitations
1. Oracle Dependence
- Share price depends on vault accounting
- No external price oracle used
- Reduces attack surface but limits features
2. Gas Costs
- Arbitrum reduces costs significantly
- Still requires ETH for transactions
- Batch operations not implemented
3. Liquidity
- Large withdrawals may impact price
- No instant liquidity guarantee
- Reserve buffer maintained
Security Contact
Found a vulnerability?
Email: security@7n7d.com
Do:
- Email details privately
- Provide reproduction steps
- Allow time for fix before disclosure
Don't:
- Exploit on mainnet
- Disclose publicly before fix
- Test on others' funds
Next: Read the Risk Disclosure.