Skip to main content

Audit Reports

usmewe undergoes rigorous third-party security audits before any mainnet deployment.

Audit Status

usmewe is currently in testnet phase. Mainnet audits are scheduled before launch.
ContractAuditorStatusReport
TrustVaultTBDScheduled-
P2PLoanTBDScheduled-
SocialVaultTBDScheduled-
InsurancePoolTBDScheduled-
GovernanceTBDScheduled-

Planned Auditors

We’re engaging top-tier security firms:

Trail of Bits

Smart contract & protocol security

OpenZeppelin

Solidity best practices

Consensys Diligence

Full protocol review

Audit Scope

Phase 1: Smart Contracts

  • TrustVault.sol: Staking, yield distribution, exchange rate
  • P2PLoan.sol: Loan lifecycle, interest calculations
  • SocialVault.sol: Timelock, multi-sig, duress mechanism
  • InsurancePool.sol: Fee collection, claim processing
  • Governance.sol: Voting, proposal execution

Phase 2: Integration

  • Contract interactions
  • Access control matrix
  • Upgrade mechanisms
  • Emergency procedures

Phase 3: Economic

  • Interest rate model
  • Insurance pool adequacy
  • Attack vector analysis
  • Game theory review

Previous Findings

No audits completed yet. This section will be updated with findings.

Finding Categories

SeverityDescriptionResolution Timeline
CriticalDirect fund loss possibleImmediate
HighSignificant riskBefore launch
MediumModerate riskBefore launch
LowMinor issuesBest effort
InformationalSuggestionsAs appropriate

Audit Timeline

┌─────────────────────────────────────────────────────────────────┐
│  Q1 2025: Testnet deployment, internal review                   │
│  Q2 2025: Phase 1 audit (smart contracts)                       │
│  Q3 2025: Phase 2 audit (integration)                           │
│  Q3 2025: Phase 3 audit (economic)                              │
│  Q4 2025: Mainnet launch (post-audit)                           │
└─────────────────────────────────────────────────────────────────┘

How to Access Reports

Once completed, audit reports will be:
  1. Published on this page
  2. Available on GitHub repository
  3. Linked from smart contract addresses

Continuous Security

Beyond audits, we maintain security through:
Ongoing rewards for vulnerability discoveries. See Bug Bounty.
Regular penetration tests of web and mobile applications.
24/7 on-chain monitoring for suspicious activity.
Documented procedures for security incidents.

Responsible Disclosure

If you discover a vulnerability:
  1. Do NOT disclose publicly
  2. Email [email protected]
  3. Include detailed reproduction steps
  4. Allow 90 days for resolution

Bug Bounty

Report vulnerabilities and earn rewards