Back to Doc Hub

Security Audits

NUVA works with leading security firms like Sherlock and Halborn to ensure its smart contracts and vaults meet the highest security standards. Sherlock has completed the an audit of NUVA’s smart contracts as of December 2025, and Halborn is currently conducting an additional audit.

  • Sherlock audit report (link, scope, findings)

    • Audit report link

      • [Link to full Sherlock audit report to be added]

    • Audit scope

      • The Sherlock audit covered:

      • Ethereum smart contracts for vault functionality

      • Provenance Blockchain vault module

      • Token minting and redemption mechanics

      • Yield accrual and distribution

      • Access control and authorization

    • Findings summary

      • [Summary of audit findings to be added - categorized by severity]

      • The audit identified [X] issues ranging from critical to low severity. All critical and high-severity findings have been resolved. Medium and low-severity findings have been addressed or documented with risk mitigation.

  • Audit findings and resolutions

    • [Detailed list of findings with resolutions to be added]

    • For each finding:

      • Description of the issue

      • Severity level (Critical, High, Medium, Low)

      • Resolution or mitigation applied

      • Evidence of fix implementation

  • OpenZeppelin contract usage and track record

    • OpenZeppelin ERC-20 implementation

      • NUVA uses OpenZeppelin's battle-tested ERC-20 contract implementation as the basis for vault tokens. OpenZeppelin contracts are:

      • Industry standard and widely used across DeFi

      • Regularly audited and maintained

      • Best practice implementations of token standards

    • Cosmos SDK module standards (Provenance)

      • The vault module on Provenance Blockchain follows Cosmos SDK best practices and standards:

      • Standard module architecture

      • Proper state management

      • Secure message handling

    • OpenZeppelin track record

      • OpenZeppelin has been trusted by the industry for over 5 years and has:

      • Protected billions of dollars in assets

      • Been audited hundreds of times

      • Continuously updated with security improvements

  • Ongoing security practices

    • Regular security monitoring

      • NUVA maintains ongoing security practices including:

      • Continuous code review and testing

      • Automated security scanning

      • Community bug bounty program

    • Update and patch procedures

      • Security patches are:

      • Developed and tested thoroughly

      • Audited before deployment

      • Announced to users in advance

      • Deployed with multisig approval

    • Emergency procedures

      • In case of critical security issues:

      • Emergency pause mechanisms can halt vault operations

      • Governance can authorize emergency upgrades

      • User funds remain secure throughout

Smart Contract Architecture

Smart Contract Architecture

Smart Contract Architecture

Proof of Reserves

Proof of Reserves

Proof of Reserves

Table of Content

Table of Content

Table of Content