How Nereid protects your funds
Non-custodial smart contract
Funds sit in an on-chain vault you own. Move-level invariants enforce allowed targets, slippage caps, max-lock, position limits. No off-chain custody, no sequencer trust.
Capability-based authorization
AdminCap on a 2/3 multisig (24h timelock on config mutations). OperatorCap on a hot EOA with strictly bounded permissions — it can dispatch your pre-approved intents and nothing else.
Real-time observability
Every state-changing transaction emits a Move event indexed by our beacon. Prometheus alerts on abort rates, gas pool depletion, operator latency.
Continuous mainnet validation
A 44-spec Playwright harness runs the full vault surface against Sui mainnet — open/close LP, supply/withdraw lending, DCA tick, workflow tick, cross-protocol migrate, multi-user segregation, attack vectors L2 + L3.
Threat model
Nereid is designed against four adversaries: a malicious operator, a compromised oracle, a Sui RPC providing stale state, and a malicious user trying to drain funds belonging to others. The full threat model lives in our repository; coverage levels run on a weekly + monthly cadence.
No external audit yet. The Move contract has been internally reviewed and validated by a comprehensive e2e harness against Sui mainnet. We are selecting a third-party Move auditor and will publish the report when complete. Until then, treat balances on Nereid as beta — only deposit what you can afford to risk, and never deposit borrowed funds.
Responsible disclosure
Found a vulnerability? Email security@nereid.finance with a description and reproduction steps. Please give us 90 days to triage and patch before disclosing publicly. We honour every report with credit and an early-access slot.