Security posture.

• Internal manual review — smart-contracts/Audits/AUDIT_INTERNAL_SLITHER.md.
• Automated Slither scan — smart-contracts/Audits/SLITHER_AUTOMATED_2026-04-16.md. All 6 findings accepted as compensating-control patterns.
• Slither + Mythril in CI on every push and PR touching smart-contracts/.
• Foundry test suite — 92 unit tests + 9 stateful invariants + Echidna properties + reentrancy fuzz on EVM; 53 TronBox tests + property-fuzz port on TRON; 42 Anchor tests + property-fuzz port on Solana.
• Third-party audit (GAP-01) — not completed. Tracked as the last pre-mainnet gate in docs/SoftwareGaps.md and SPD §5.14. A paid engagement (PeckShield, Certik, Hacken, Trail of Bits, ConsenSys Diligence, or equivalent) is the next milestone.

• EVM (Ethereum, Polygon, Base) — source label V3.2; deployed bytecode under V3.2 not yet published. Mainnet deploys pending; testnet validation continues.
• TRON — source label V3.2; deployed bytecode under V3.2 not yet published. Shasta validation gates the gas-griefing defence per SPD §5.16.
• Solana — V3.0.1 deployed label; the V3.0.1 → V3.1 / V3.2 source-label promotion is intentionally deferred until the on-chain whitelist (Segment 3, GAP-18) lands.
• Mainnet deployment register — smart-contracts/DEPLOYMENTS.md will publish each mainnet contract address once it exists. No mainnet deploys are advertised on this site until that file is in place.

Email security@web3settle.com (PGP available on request). Critical issues acknowledged within 24 hours; full SLA matrix in SECURITY.md at the workspace root.

← Legal