Audits & assurance

YLDX treats assurance as a continuous discipline spanning smart contracts, the agent toolchain and production operations.

Smart-contract review

Before any contract reaches testnet or mainnet, it is reviewed against a DeFi/AMM security checklist covering:

• Reentrancy and correct checks-effects-interactions (CEI) ordering
• Donation / inflation attacks on share-based vaults
• Oracle manipulation and price-feed integrity
• Slippage and MEV exposure on swaps
• Admin controls — least privilege, time-locked upgrades, no unguarded owner powers
• Integer math — overflow/underflow and rounding direction

Toolchain security

The platform integrates third-party skills, each of which is security-reviewed before use:

• dependency and supply-chain scanning;
• manual review of capabilities;
• execution/wallet-capable skills are kept outside the treasury contour — they may prepare unsigned calldata, but never sign or broadcast on the treasury's behalf.

Production readiness

Operational assurance is part of the platform's capability set:

• Production audits — pre-launch readiness reviews before fund demos and go-live.
• Canary / post-deploy checks — health verification of dashboard.yldx.ai after every deploy (endpoints, assets, console errors, performance regressions).
• SLOs and incident playbooks — reliability targets and response procedures for the dashboard, keepers and data pipelines.
• Long-lived agent ops — observability and security boundaries for the operator agent.

On-chain verifiability as assurance

Beyond code review, YLDX's architecture makes the treasury auditable by construction:

• round/cap-table figures reconstruct from the crowdsale contract and reconcile to totalSold();
• AUM and flows read from the L1→L4 wallets;
• custody is visible in the multisig vaults.

This means assurance is not solely a point-in-time report — anyone can independently verify the state of funds at any time.