Back to Doc Hub

Smart Contract Security

Security is a core attribute. NUVA leverages the highest standards, leveraging industry best practices and undergoing rigorous audits by leading security firms.
See technical deep dive more details

Audits

NUVA works with leading security firms like Sherlock and Halborn to ensure its smart contracts and vaults meet the highest security standards. Sherlock has completed the an audit of NUVA’s smart contracts as of December 2025, and Halborn is currently conducting an additional audit.
See technical deep dive more details

Audits by Sherlock

Sherlock is a leading blockchain security company and a marketplace for smart contract audits and coverage. They combine competitive audit contests with expert-led reviews to identify vulnerabilities in smart contracts and protect decentralized finance users from exploits.

  • Audit status: ✓ Completed

  • Audit scope: Ethereum contracts, Provenance vault module

  • Link to audit report: [from Engineering]

Development Standards

NUVA’s smart contracts are developed using proven frameworks and best practices:

  • OpenZeppelin: NUVA uses OpenZeppelin’s well-known ERC-20 implementations for Ethereum, ensuring a strong and secure foundation.

  • Cosmos SDK: The NUVA Vaults are implemented as a Cosmos SDK module which builds upon the Provenance Blockchain capabilities to create a flexible vault capability with a unique continuous compounding interest distribution.

NUVA’s architecture follows industry-standard patterns for token minting, yield distribution, and withdrawal mechanics. Once deployed, NUVA’s smart contracts cannot be altered, ensuring long-term security and trust.
See technical deep dive more details


On-Chain Proof of Reserves

Proof of Reserves (PoR) is an on-chain verification mechanism that lets anyone confirm a vault’s obligations to token holders are fully backed by reserves recorded on the blockchain. This replaces trust with verifiable truth, allowing users to independently verify:

  • Token Supply: The total number of tokens issued.

  • Backing Reserves: The underlying assets held in the vault.

  • Mint/Burn Activity: All token creation and destruction events.

See technical deep dive more details

How to Verify Underlying Assets

You can verify proof of reserves and underlying assets directly through blockchain explorers like Zonescan or Etherscan by navigating to the published vault contract addresses.

  • Transparency dashboard

    • [Link to transparency dashboard to be added when available]

  • Contract addresses: [NUVA contract addresses to be added for Ethereum Mainnet]

What On-Chain Proof Means for Your Security

  • Immutable ledger of assets: All vault holdings are recorded on the blockchain in an immutable ledger. Once assets are deposited into the vault, the transaction is permanently recorded and cannot be altered.

  • Real-time verification: You can verify vault holdings at any time by checking the blockchain directly. There are no delays or intermediaries between you and the proof of reserves.

  • Trustless verification: You don't need to trust NUVA, or any third-party. You can independently verify that the assets claimed by the vault are actually held in the smart contracts. This is trustless verification, proof without requiring trust in a middleman.

How to Exit

How to Exit

How to Exit

Custody

Custody

Custody

Table of Content

Table of Content

Table of Content