Skip to content

RISK NOTICE: Crypto assets are volatile. You can lose all contributed value. No guarantees. Read full disclosure

HODLFUELDISCIPLINE
EMERGEN COIN$EMRGN

Security First

Security Center

Secure SDLC, threat modeling, contract testing, bug bounty, and incident response. Production deploys only after audit and approval.

Solana Devnet

Status: NOT YET DEPLOYED

The Solana presale program and token will be deployed to devnet for testing before mainnet.

Ethereum Sepolia

Status: NOT YET DEPLOYED

The Ethereum contribution contract will be deployed to Sepolia testnet for testing before mainnet.

Secure SDLC

Testing & Validation

Threat Model

Documented and maintained threat model covering contract, frontend, backend, and infrastructure attack surfaces.

Architecture Diagram

Published system architecture showing all components, data flows, and trust boundaries.

Contract Tests

Unit, integration, and property-based tests for all smart contract functions.

Access-Control Tests

Verification that only authorized roles can perform privileged operations.

Reentrancy Tests

EVM components tested for reentrancy vulnerabilities using standard attack patterns.

Integer/Overflow

Integer and overflow validation for all arithmetic operations.

Duplicate-Claim Tests

Claim registry tested to prevent double-claiming of allocations.

Oracle Analysis

Oracle manipulation analysis where external data sources are used.

Frontend Security

  • Content Security Policy (CSP) headers
  • Frontend injection protections (input sanitization)
  • Rate limiting on API endpoints
  • Anti-bot controls (transaction ordering, CAPTCHA)
  • No authoritative calculations in frontend JavaScript
  • Wallet transaction signing verified server-side where applicable

CI/CD Security Gates

  • Dependency scanning in CI/CD pipeline
  • Secret scanning to prevent credential leaks
  • CI/CD security gates blocking vulnerable builds
  • Infrastructure-as-code with version control
  • Monitoring and alerting (Sentry or equivalent)
  • Automated test suite on every pull request

Deployment Gates

Each gate must be passed before production deployment:

1

Legal review by qualified counsel

Required
2

Security audit by independent third-party firm

Required
3

Testnet acceptance testing (Solana devnet, Ethereum Sepolia)

Required
4

Treasury multisig configuration verified

Required
5

Final tokenomics approval by project owner

Required

Contract Pause Process

The presale contract includes a pause function for emergencies (e.g., discovered vulnerability). Pause requires multisig approval. If paused:

  • New contributions are blocked immediately
  • Existing contributions remain recorded on-chain
  • Incident is disclosed in the transparency center
  • Resume requires multisig approval after remediation

Incident Response Runbook

1

Detect: Monitoring alerts or community reports identify a potential incident.

2

Assess: Security engineer evaluates severity and impact.

3

Contain: If needed, pause presale contract via multisig. Isolate affected systems.

4

Eradicate: Remove the root cause — patch, redeploy, or revoke compromised access.

5

Recover: Restore service from known-good state. Verify integrity.

6

Notify: Publish incident report in transparency center. Notify affected users.

7

Post-mortem: Document lessons learned and preventive measures.

Bug Bounty Program

A bug bounty program will be launched to incentivize responsible disclosure of vulnerabilities. Details (scope, rewards, rules) will be published after contract deployment.

Scope

Contracts + Frontend

Rewards

Tiered by severity

Status

PENDING LAUNCH

Audit Reports

Audit providers will be selected via RFP. No audit reports exist yet. Reports will be published in the Transparency Center after completion.

Solana Program Audit: PENDINGEthereum Contract Audit: PENDINGFrontend Audit: PENDING