Security

Overview

Superstate's highest priority is the protection of investor assets; USTB has been designed holistically with security in mind. We work with world-class service providers, and have robust internal security policies designed to minimize operational risks.

The assets that back USTB are stored offchain with a qualified custodian, and Superstate has overlapping, redundant records of ownership of our fund, including at our fund calculation agent, internally, and on-chain. In the unusual event in which an investor's Allowlist address is compromised, there are procedures in place capable of restoring your investment. Each core component of our platform has been audited, and safeguards have been put in place to protect all investor funds.

Fund Custodians

Fund securities and cash are custodied by UMB Bank, N.A.

For investors that purchase and redeem using USDC, cash and USDC are temporarily custodied at Circle.

Private Key Management

Facilitated by Fireblocks.

Third-party Audits

AuditAuditorLinks

Smart contracts

ChainSecurity

System-wide threat modeling and cloud infrastructure analysis

Trail of Bits

[Private]

Bug Bounty Program

Superstate encourages the community to audit our contracts and security; we also encourage the responsible disclosure of any issues. This program is intended to recognize the value of working with the community of independent security researchers.

Rewards

Superstate offers substantial rewards for discoveries that can prevent the loss of assets, the freezing of assets, or material harm to a user, commensurate with the severity and exploitability of the vulnerability. We will pay a reward of $1,000 to $100,000 for unique discoveries that are reported responsibly.

Disclosure

Submit all bug bounty disclosures to security@superstate.co. The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format. We will follow up promptly with acknowledgement of the disclosure.

Last updated