Audit Legal

Overview

RAX Layer is built for institutional-grade assurance: audited code, verifiable data flows, governed change management, and a compliance posture that enables responsible market participation across jurisdictions.

Security Audits (Code & Infrastructure)

Scope: Core modules (asset registry, series vaults, lending vault, settlement router, fee/reserve manager, governance/timelock, compliance controls), gateways/bridges, and validator/node ops.
Methodology: Static analysis, manual review, property-based tests, economic/game-theory checks, differential testing.
Release policy: No mainnet activation of new modules without audit sign-off and timelocked deployment; high-risk changes require multiple firms or round-trip audits.
Public artifacts: Final reports, remediation notes, test coverage summaries, and commit hashes will be published.

On-Chain Safety Controls

Timelocks: Mandatory delay between governance approval and contract execution.
Guardians & Circuit Breakers: Multisig-gated pause/kill switches for narrowly defined emergencies (cannot seize user funds).
Parameter Caps: DAO-set ceilings on fees, LTV/line size, allocation weights, cooldown windows, and oracle tolerances.
Reserve Buffers: Programmatic reserves at vault level to absorb short-term shocks.
Upgradeable with Constraints: Upgrades possible only via governance process, audit prerequisite, and timelock.

Oracle & Metering Assurance

Authenticated Feeds: Signed metering from provider gateways and/or verified observers; signatures aggregated on RAX Layer.
Aggregation & Sanity Checks: Medianization/thresholding, deviation and freshness checks, dispute windows with challenge rights.
Attestation Trail: Every data batch is committed (e.g., merkle root) and linked to distribution events for full auditability.

Bug Bounty & Incident Response

Bounty Program: Ongoing, tiered rewards for validated vulnerabilities.
Response Playbooks: Severity classification, triage SLAs, hotfix protocols, post-mortem publication with remediation steps.
Communication Channels: Public status page, incident RSS/Twitter updates, and dedicated security mailbox.

Legal & Compliance Framework

Non-custodial by design: User assets are controlled by user wallets and RAX Layer smart contracts under transparent rules.
KYC/KYB/AML: Eligibility and screening where required; ongoing monitoring.
Jurisdictional Gating: Certain products/series may be restricted based on local law.
Disclosures: Clear risk, conflict, and fee disclosures at series/vault level.
No offer or solicitation: Protocol communications are informational only.

Participant Eligibility & Controls

Providers: KYB (entity/ownership), operational checks (sites, power, uptime), metering endpoint attestation, insurance/coverage attestations where applicable.
Users/Lenders: KYC and suitability checks where required; wallet screening and ongoing AML monitoring.
Lists & Limits: Governance-managed allowlists/denylists; per-series caps, per-address limits, and grace/cooldown rules enforced on-chain.

Contractual & Off-Chain Agreements (Providers)

Series Terms: Off-chain legal agreements reference the on-chain series ID and define service levels, fee splits, default remedies, and data duties.
Representations & Warranties: Hardware ownership/rights, lawful operations, insurance status, and maintenance obligations.
Covenants & Events of Default: Reporting cadence, uptime expectations, permitted liens, cure periods, and termination triggers aligning with on-chain settlement.

Fees & Treasury Transparency

Fee Surfaces: Origination/line fees, protocol fees on interest/revenue share, exit/expedite fees (if any), and reserve buffer rules.
Routing & Reporting: Automatic routing to vaults/treasury per policy; public dashboards show fee accruals, distributions, and treasury movements.

Data Protection & Privacy

Minimization: Collect only what is necessary; segregate PII/KYB data with access controls.
Standards: Alignment with relevant data-protection laws (e.g., GDPR/PDPA equivalents as applicable).
User Rights: Processes for data access, correction, and deletion requests where legally permitted.

Governance & Change Management

Temp-check

Initial discussion stage to solicit community feedback and surface concerns before formalizing a proposal.

Formal proposal

Drafted proposal detailing the change, rationale, implementation plan, and audit considerations.

On-chain vote

Community/DAO voting according to quorum and threshold parameters.

Timelocked execution

Approved changes are executed after a mandatory timelock, allowing for final review and intervention if necessary.

Quorum & Thresholds: Parameterized, with higher bars for security-sensitive changes.
Public Records: Proposals, vote tallies, execution txids, and parameter diffs recorded and browsable.

PreviousRoadmap NextTerms of Use

Last updated 2 months ago

hashtagOverview

hashtagSecurity Audits (Code & Infrastructure)

hashtagOn-Chain Safety Controls

hashtagOracle & Metering Assurance

hashtagBug Bounty & Incident Response

hashtagLegal & Compliance Framework

hashtagParticipant Eligibility & Controls

hashtagContractual & Off-Chain Agreements (Providers)

hashtagFees & Treasury Transparency

hashtagData Protection & Privacy

hashtagGovernance & Change Management

hashtagTemp-check

hashtagFormal proposal

hashtagOn-chain vote

hashtagTimelocked execution