AlphaYieldsDocs
Docs menu
Security

Security Overview

Security is not a feature of AlphaYields — it is the product. Capital follows trust. Trust is built through audits, transparency, monitoring, and a clear, published response framework.

Security architecture

The execution layer

MORE Vaults provides an invariant, audited core handling all share price calculations and fee transfers. Strategy logic lives in isolated facets that cannot access the core accounting path — a compromised facet cannot corrupt the NAV or drain the vault.

The upgrade layer

Every privileged action is timelocked. Depositors have a guaranteed exit window before any change executes. The timelock duration is set at vault creation and can only be shortened through a process that is itself timelocked.

The operational layer

Continuous onchain monitoring with defined alert thresholds. A Security Council can trigger a network-wide pause on a critical vulnerability. Paused vaults accept no new deposits; withdrawal requests remain open so assets can exit.

Audit status

ScopeStatus
MORE Vaults coreReports at alphayields.ai/security
ayFLOW strategy facetsReports at alphayields.ai/security
ayUSD vault and facetsReports at alphayields.ai/security

Audit reports are published in full at alphayields.ai/security. AlphaYields commits to commissioning a new audit for any material change to the core or active strategy facets before it is deployed to production.

Admin key & upgrade policy

The principle: no single key can upgrade contracts, pause withdrawals, or redirect depositor funds. Every privileged operation requires either a multisig threshold or a governance vote, followed by a timelock delay.

Monitoring & incident response

The engine monitors active positions continuously for health factor breaches, per-vault drawdown breaches, oracle staleness, unusual withdrawal queue depth, and onchain anomalies. The response protocol:

01

Strategy team reviews within a defined SLA

02

If confirmed, the position is exited or the facet paused

03

A public incident update within 24 hours

04

A full post-mortem within 7 days

As of publication, across ayFLOW's live operating history, no loss of depositor funds has occurred.

Bug bounty

AlphaYields maintains a public bug bounty covering the vault smart contracts, strategy facets, and cross-chain bridge integration. Rewards are commensurate with severity. Full programme details are published at alphayields.ai/security.

Next — Risk Taxonomy