Security
Security is a core priority for the 0XOF protocol. Here's how the system is protected.
On-chain security
Smart contract design
- UUPS Proxy — The token contract is upgradeable, allowing critical fixes without redeploying. Upgrades require the
UPGRADER_ROLEand multisig approval. - Pausable — Transfers can be paused immediately in case of an emergency.
- Blocklist — Compromised or malicious addresses can be blocklisted, preventing further transfers.
- Role-based access — All privileged operations require specific roles, managed through OpenZeppelin's AccessControl.
Off-chain security
Nǔ calculation
Nǔ accrual is computed off-chain via a dedicated indexer service. While Nǔ calculation is off-chain, the final distribution is on-chain — every monthly payout is a verifiable 0XOF transfer on Base.
Mobile money gateway
The gateway that processes mobile money deposits operates as a separate service with its own security controls, rate limits, and monitoring.
On-chain vs off-chain breakdown
| Component | Location | Trust model |
|---|---|---|
| 0XOF token | On-chain | Trustless (smart contract) |
| Nǔ distribution | On-chain | Verifiable (on-chain transfers) |
| Aerodrome LP | On-chain | Trustless (DEX protocol) |
| Nǔ calculation | Off-chain | Protocol-operated |
| Bond deployment | Off-chain | Protocol-operated |
| Mobile money gateway | Off-chain | Protocol-operated |
Audit status
The 0XOF smart contracts are based on battle-tested OpenZeppelin libraries. A formal audit is planned as the protocol scales beyond the genesis pilot.