Trust & Transparency

All 23 smart contracts built on battle-tested OpenZeppelin security standards (AccessControl, Pausable, ReentrancyGuard, SafeERC20)

Granular permissions with ADMIN_ROLE, MINTER_ROLE, PAUSER_ROLE, COMPLIANCE_ROLE, ORACLE_ROLE, and more across all contracts

All 23 contracts have emergency pause capability via onlyRole(ADMIN_ROLE) to halt operations if threats detected

nonReentrant modifier on all state-changing functions (payments, withdrawals, staking, swaps)

Gnosis Safe treasurySafe/adminSafe in 6+ contracts. All fund movements require multi-signature approval.

All token transfers use SafeERC20 library preventing failed transfer exploits and ensuring proper return value handling

emergencyWithdrawETH() and emergencyWithdrawAXM() functions allow admin recovery of stuck funds to treasury

AxiomV2 token has maxTxEnabled with configurable maxTxAmount limits to prevent market manipulation

DePINNodeSales has price bounds (min/max AXM per ETH), minimum liquidity checks, and admin verification for DEX pricing

IoTOracleNetwork (1 min cooldown), CitizenReputationOracle (1 day cooldown) prevent spam and manipulation attacks

IoTOracleNetwork requires MIN_ORACLE_CONSENSUS (3+) confirmations before data is considered valid

Hard caps on arrays: MAX_QUESTS_PER_USER (50), MAX_ENROLLMENTS (100), MAX_ACHIEVEMENTS (500) prevent gas griefing

CapitalPoolsAndFunds enforces configurable lock-up periods before withdrawals to ensure fund stability

CitizenReputationOracle enforces MIN_CREDIT_SCORE (300) to MAX_CREDIT_SCORE (850) with MAX_CREDIT_LIMIT cap

Oracle data auto-expires after configurable validity periods, preventing use of stale price/sensor data

RealtorModule listings auto-expire after duration, preventing stale or abandoned property listings

MAX_DESCRIPTION_LENGTH checks, address(0) validation, and require statements throughout all contracts

AxiomExchangeHub enforces MAX_SWAP_FEE (1%) preventing excessive fee extraction

Sign-In with Ethereum (EIP-4361) for cryptographic wallet verification - no password storage

24/7 monitoring, DDoS protection, API rate limiting, and encrypted data storage/transmission

Dedicated incident response program with clear escalation procedures to protect user assets

SMTChecker enabled with mathematical proofs for mint, transfer, and fee calculations. Slither static analysis passed with no critical vulnerabilities.

LP tokens to be locked for 2 years post-TGE using trusted locker contract

Professional security audit by reputable firm scheduled before mainnet launch

Immunefi or similar program rewarding security researchers who find vulnerabilities