Security

Trust, but verify.

Every contract, key, and parameter is published, timelocked, and externally reviewed before it ever holds value.

Independent audits

Multiple reputable firms before mainnet. Reports published in full.

Public bug bounty

Tiered rewards via Immunefi, live from testnet through mainnet.

48-hour timelock

No admin action executes without a public review window.

No hidden mint key

Minting is governed by the activity oracle and DAO — not a private key.

Audit roster

Who reviews the code

Final firms confirmed pre-Phase 2. Reports published with the testnet release.

Firm

Scope

Status

Trail of Bits

Core token + emission oracle

Planned (Phase 2)

Spearbit / Cantina

Competitive review

Planned (Phase 2)

OpenZeppelin

Governance & timelock

Under consideration

Immunefi

Ongoing public bug bounty

Live at testnet

Contract addresses

On-chain, verifiable

Published here at TGE. Bookmark this page — never trust addresses from DMs.

NEN token

TBD — published at TGE

Stewardship treasury

TBD

OZ Governor

TBD

Timelock controller

TBD

Emission oracle

TBD

Responsible disclosure

Found a vulnerability?

We pay out fairly and we move fast. Please do not disclose publicly until a fix has shipped.

security@naturalenergy.io

PGP key published at /.well-known/security.txt at TGE. Bounty tiers: Critical $100k, High $25k, Medium $5k, Low $500 (testnet rates; mainnet rates set with launch).