Docs menu
Security Overview
Security is not a feature of AlphaYields — it is the product. Capital follows trust. Trust is built through audits, transparency, monitoring, and a clear, published response framework.
Security architecture
MORE Vaults provides an invariant, audited core handling all share price calculations and fee transfers. Strategy logic lives in isolated facets that cannot access the core accounting path — a compromised facet cannot corrupt the NAV or drain the vault.
Every privileged action is timelocked. Depositors have a guaranteed exit window before any change executes. The timelock duration is set at vault creation and can only be shortened through a process that is itself timelocked.
Continuous onchain monitoring with defined alert thresholds. A Security Council can trigger a network-wide pause on a critical vulnerability. Paused vaults accept no new deposits; withdrawal requests remain open so assets can exit.
Audit status
Audit reports are published in full at alphayields.ai/security. AlphaYields commits to commissioning a new audit for any material change to the core or active strategy facets before it is deployed to production.
Admin key & upgrade policy
The principle: no single key can upgrade contracts, pause withdrawals, or redirect depositor funds. Every privileged operation requires either a multisig threshold or a governance vote, followed by a timelock delay.
Monitoring & incident response
The engine monitors active positions continuously for health factor breaches, per-vault drawdown breaches, oracle staleness, unusual withdrawal queue depth, and onchain anomalies. The response protocol:
Strategy team reviews within a defined SLA
If confirmed, the position is exited or the facet paused
A public incident update within 24 hours
A full post-mortem within 7 days
As of publication, across ayFLOW's live operating history, no loss of depositor funds has occurred.
Bug bounty
AlphaYields maintains a public bug bounty covering the vault smart contracts, strategy facets, and cross-chain bridge integration. Rewards are commensurate with severity. Full programme details are published at alphayields.ai/security.
Next — Risk Taxonomy →