Technical Deep Dive
Smart Contract Security
NUVA leverages industry-leading security standards through rigorous audits by top-tier security firms and battle-tested contract implementations.
Vault Contract Mechanics
Deposit flow
When users deposit USDC into a vault:
User approves the vault contract to spend their USDC
User initiates deposit transaction specifying amount and target vault
Vault contract receives USDC and verifies the transaction
Contract calculates nvAsset tokens to mint based on current token price
nvAsset tokens are minted and transferred to user's wallet
Asset Management
All deposited USDC is held directly in the vault contract address on Ethereum Mainnet.
Internal ledger tracks:
Total USDC deposited and allocated to underlying assets
Complete nvAsset token supply and individual user balances
Real-time yield accrual and distribution
Administrative Controls
Multisig wallets control administrative functions to prevent single points of failure
Functions include rebalancing allocations, processing yield distributions, and managing vault parameters
nvAsset Token Mechanics (ERC-20 Standard)
Token Minting Process
Formula: nvAsset tokens Minted = USDC Deposited ÷ Current nvAsset Token Price
Token price calculation: Total Underlying Assets ÷ Total Outstanding nvAsset tokens
Initial nvAsset tokens are priced at $1.00 (1:1 USDC ratio for early depositors)
Yield Reflection Through Price Appreciation
As underlying assets generate yield, nvAsset token prices increase automatically. Example of token price appreciation:
Deposit: $10,000 USDC → Receive 10,000 nvYLDS tokens
After 1 year at 4% yield: Vault contains $10,400 total value
New token price: $1.04 (10,400 ÷ 10,000 tokens)
User position value: $10,400 (earned $400 yield with no new tokens received)
Continuous Yield Compounding
On-Chain Accrual Mechanism
Yield accrues continuously as underlying assets generate returns
nvAsset token prices update in real-time reflecting total asset growth
Compounding occurs automatically without user intervention
Withdrawal Process
Settlement Timelines
nvYLDS: Typically minutes, possibly up to 2 U.S. business days
nvPRIME: Coming soon
Withdrawal Execution
User specifies nvAsset tokens to withdraw
Contract calculates USDC owed:
nvAsset tokens × Current Token PriceUpon settlement confirmation: nvAsset tokens are burned (removed from supply), USDC transferred to user wallet and Transaction recorded on-chain
Contract Addresses (Ethereum Mainnet)
Address | Git Reference |
|---|---|
|
|
|
|
|
|
Security Audits
Completed Audits
NUVA works with leading security firms including Sherlock and Halborn to ensure smart contracts meet institutional security standards.
Sherlock Audit (Completed December 2025)
Scope: Ethereum vault contracts, Provenance vault module, token mechanics, access controls
Status: All critical and high-severity findings resolved
Report: Click here
Findings summary:
Severity Level | Issues found | Status |
|---|---|---|
High | 1 | ✅ Resolved |
Medium | 12 | ✅ All Addressed |
Low | 23 | ✅ All Addressed |
Zero unresolved security issues across all severity levels, indicating NUVA's smart contracts meet institutional security standards and are ready for production deployment. This demonstrates NUVA's commitment to comprehensive security practices and thorough remediation of all audit findings before launch.
Halborn Audit (Completed January 2026)
Timeline: December 2025 - January 2026
Scope: Additional contract validation and security assessment
Status: No critical, high and medium-severity issues found. All low-severity issues resolved
Report: Click Here
Findings summary:
Severity Level | Issues found | Status |
|---|---|---|
Critical | 0 | ✅ Nothing to be addressed |
High | 0 | ✅ Nothing to be addressed |
Medium | 0 | ✅ Nothing to be addressed |
Low | 9 | ✅ All Addressed |
Informational | 5 | ✅ Nothing to be addressed |
Zero unresolved security issues across all severity levels, indicating NUVA's smart contracts meet institutional security standards and are ready for production deployment. This demonstrates NUVA's commitment to comprehensive security practices and thorough remediation of all audit findings before launch.
Security Infrastructure
OpenZeppelin Contract Base
nvAsset tokens use OpenZeppelin's battle-tested ERC-20 implementation
5+ years protecting billions in DeFi assets
Regular security updates and community auditing
Cosmos SDK Standards (Provenance)
Vault module follows Cosmos SDK best practices
Standard module architecture with secure state management
Regular security monitoring and automated scanning
Ongoing security practices
Regular security monitoring
NUVA maintains ongoing security practices, including:
Continuous code review and testing
Automated security scanning
Community bug bounty program
Update and patch procedures
Security patches are:
Developed and tested thoroughly
Audited before deployment
Announced to users in advance
Deployed with multisig approval
Emergency procedures
In case of critical security issues:
Emergency pause mechanisms can halt vault operations
Governance can authorize emergency upgrades
User funds remain secure throughout
Proof of Reserves
On-Chain Verification
Proof of Reserves (PoR) enables independent verification of vault backing through blockchain transparency, replacing trust with verifiable on-chain data.
Verifiable Elements:
Total token supply issued
Complete backing reserve holdings
All mint/burn transaction history
Verification of Proof of Reserves
To review a vault’s holdings, visit app.nuva.finance and select the vault you’d like to verify. Navigate to the vault’s dedicated page and click on the “Transparency” tab.
In this section, you can view the Proof of Reserves, including the vault’s balance and percentage of collateral, which are updated approximately once per day. You’ll also find the vault’s address, enabling you to verify data directly on etherscan.io.
Real-Time Transparency Dashboards
nvYLDS: Proof of Reserves
nvPRIME: Coming soon
Provenance Blockchain
Provenance Blockchain, one of the world's largest Layer 1 as measured by RWAs, with more than $20 billion in total value locked (TVL) as of January 2026, is uniquely positioned to serve compliant, scalable, and efficient decentralized finance. With its modular Cosmos-based architecture and native compliance tooling, Provenance offers a proven, secure, purpose-built foundation for the next wave of real-world asset tokenization.
In 2025, NUVA expanded Provenance Blockchain’s capabilities by contributing an innovative Vault Module that brought unique capabilities to the ecosystem including the ability to distribute automatic continuous compounding interest without cumbersome manual periodic staking or claiming.
As the NUVA Marketplace grows, Provenance’s ecosystem will benefit from increased total value locked (TVL), transaction volume, and $HASH fees.
Role in NUVA: Layer I blockchain network for certain underlying assets
Provenance Blockchain (Whitepaper) distinguishes itself from other chains through three foundational pillars:
1. Next-generation financial protocols & digitally native on-chain assets
Innovative financial services: Provenance powers Figure and Figure Markets; groundbreaking on-chain protocols that provide lending, asset management, and a marketplace for the modern user. This includes DeFi-powered management of real-world assets, automated lending infrastructures, and a revolutionary cross-chain collateral protocol—allowing users to efficiently collateralize diverse assets (from real estate to crypto) for maximum capital efficiency.
Robust ecosystem integration: Beyond the figure ecosystem, Provenance is validated by participation from diverse sell-side banks (e.g., Goldman Sachs, Jefferies), multiple bank fiat rail partners (e.g., UMB, Lead), and a wide range of buy-side firms (e.g., Apollo, Bayview, Marathon), with over 140 third parties leveraging Figure’s mortgage technology.
2. Enterprise-ready architecture
Scalable, high-performance infrastructure: Built on a secure, proof-of-stake framework, Provenance delivers the high throughput and low fees critical for real-world financial operations. This infrastructure is engineered to support the rapid on-chain tokenization of real-world assets as the market scales.
Interoperability & data control: Acting as a data validation chain rather than a golden dataset, Provenance empowers users with control over their information. It also supports interoperability—bridging to other Layer 1 blockchains via Axelar—and integrates enterprise features such as roles, entitlements, and decentralized MPC custody. Additionally, innovations like DART ensure instant UCC security perfection on-chain.
3. Best-in-class security & operational integrity
Advanced custody & compliance: Provenance employs state-of-the-art security measures including decentralized multi-party computation (MPC) custody leveraging the Cosmos SDK, ensuring that assets are safeguarded at all times
Regularity & institutional confidence: With established Figure Markets transfer agents, lending and servicing licenses, and alignment with local and global security standards, Provenance meets the rigorous demands of institutional clients. This robust security framework fosters trust and positions the network as the premier chain in the RWA space.