Skip to main content

Security Overview

Security is the foundation of BNHP. Every component of the protocol has been designed with a security-first mindset, combining rigorous code auditing, formal verification, economic security mechanisms, and a community-driven bug bounty program.

Security Philosophy

BNHP adopts a defense-in-depth approach to security. Rather than relying on a single security measure, the protocol layers multiple independent safeguards to ensure that no single point of failure can compromise user funds or protocol integrity.

The core principles guiding BNHP's security architecture are:

Minimize trust assumptions. All critical protocol functions operate without requiring trust in any single party. Smart contracts are the ultimate arbiter of all protocol rules, and their behavior is fully deterministic and auditable.

Transparency over obscurity. All protocol code is open source and publicly auditable. Security through obscurity is explicitly rejected — BNHP's security derives from the correctness of its cryptographic and economic design, not from hidden implementation details.

Gradual decentralization. During the early stages of the protocol, a security council with multi-sig authority can pause the protocol in the event of a critical vulnerability. This authority will be progressively transferred to the DAO as the protocol matures.

Security Measures

The BNHP protocol employs the following security measures:

Smart Contract Audits. All protocol contracts are audited by multiple independent security firms before deployment. Audit reports are published in full and linked in the Audits section.

Formal Verification. Core financial logic — including the DEX pricing algorithm, oracle aggregation, and token vesting contracts — has been formally verified using the Certora Prover, providing mathematical guarantees of correctness.

Multi-Sig Governance. Protocol upgrades require approval from a 5-of-9 multi-sig council, with a mandatory 48-hour time-lock before execution. This prevents any single actor from unilaterally modifying the protocol.

Economic Security. Oracle node operators and validators must stake $NPH as collateral. Malicious behavior triggers automatic slashing, creating strong economic disincentives for attacks.