Security & Trust

NUVA prioritizes security through institutional-grade practices, comprehensive audits, and transparent on-chain verification. Our smart contracts undergo rigorous testing by leading security firms and utilize battle-tested frameworks trusted by billions in DeFi assets.

Security Audits

NUVA has completed comprehensive security audits with Sherlock (completed January 2026) covering all Ethereum contracts and Provenance vault modules. Halborn is conducting additional security validation to ensure institutional-level protection. Both firms are recognized leaders in blockchain security with extensive experience auditing major DeFi protocols.

View complete audit reports and security details - Technical Deep Dive

Development Standards

Our smart contracts build upon proven industry foundations: OpenZeppelin's battle-tested ERC-20 implementations for Ethereum compatibility and Cosmos SDK architecture for the innovative vault module on Provenance. This combination ensures security through established patterns while enabling NUVA's unique continuous compounding capabilities.

On-Chain Proof of Reserves

NUVA provides complete transparency through on-chain Proof of Reserves, enabling independent verification of all vault holdings, token supplies, and mint/burn activities. Users can directly verify backing assets through blockchain explorers without relying on trust or third-party attestations.

Learn how to verify reserves and view contract addresses - Technical Deep Dive

What On-Chain Proof Means for Your Security

  • Immutable ledger of assets: All vault holdings are recorded on the blockchain in an immutable ledger. Once assets are deposited into the vault, the transaction is permanently recorded and cannot be altered.

  • Real-time verification: You can verify vault holdings at any time by checking the blockchain directly. There are no delays or intermediaries between you and the proof of reserves.

  • Trustless verification: You don't need to trust NUVA, or any third-party. You can independently verify that the assets claimed by the vault are actually held in the smart contracts. This is trustless verification—proof without requiring trust in a middleman.

Custody

All NUVA vaults are non-custodial, which means that you at all times have full control over your funds and nvAsset tokens.

  • With self-custody of nvAsset tokens, your wallet functions as your personal bank. You have complete ownership but also complete responsibility for securing your private keys and wallet access.

  • When you deposit into a NUVA vault, you receive nvAsset tokens that are sent directly to your wallet. You hold these tokens yourself—NUVA does not hold them for you and cannot access them at any time.

  • The vault smart contracts that manage deposits, yield distribution, and withdrawals cannot be changed or updated by NUVA or anyone else. Once deployed, the code is permanent and tamper-proof.

NUVA supports users’ custodians by integrating wallet-connection protocols that allow institution-grade qualified custodians — such as Fireblocks, Copper, Anchorage, or BitGo — to sign transactions on behalf of their clients while the platform remains fully non-custodial.

Safely Store Your nvAsset Tokens

The security of your nvAsset tokens depends entirely on the security of your wallet. If your wallet is compromised, your tokens can be lost or stolen. Best practices for securing your wallet include:

  • Never share your private keys or seed phrases with anyone

  • Consider using a hardware or multi-signature wallet for large amounts or long-term holdings

  • Do not store private keys or seed phrases in digital files or email and keep backups of your seed phrase in a secure location

  • Enable all available security features on your wallet

On-Chain AML Screening

NUVA employs real-time monitoring and sanction list controls to block high-risk activity while protecting user privacy, powered by Anchain.AI.

No Personal Information Required: Users can access NUVA vaults without providing KYC documentation.

Automated Screening: Wallet addresses are screened in real-time during transactions. High-risk addresses may be restricted from interacting with the platform. Permissionless Access & Regulatory Constraints

All NUVA vaults are permissionless, allowing users to participate without KYC verification. As regulations evolve, NUVA may introduce additional verification requirements for certain vaults or jurisdictions while maintaining its core non-custodial principles. NUVA is designed to be flexible and adaptable to changing regulatory requirements. The protocol and interface can be updated to comply with local regulations while maintaining the core non-custodial, permissionless nature of the blockchain infrastructure.

Geographic Restrictions

Different countries and regions have varying regulatory approaches to cryptocurrency, tokenized assets, and DeFi platforms. NUVA operates in compliance with OFAC regulations and adheres to applicable crypto sanctions.