Security
Overview
Superstate's highest priority is the protection of investor assets; USTB and USCC have been designed holistically with security in mind. We work with world-class service providers, and have robust internal security policies designed to minimize operational risks.
The assets that back our funds are stored offchain with qualified custodians, and Superstate has overlapping, redundant records of ownership of our funds, including at our fund calculation agent, internally, and on-chain. In the unusual event in which an investor's Allowlist address is compromised, there are procedures in place capable of restoring your investment. Each core component of our platform has been audited, and safeguards have been put in place to protect all investor funds.
Fund Custodians
USTB
USCC
Fund digital assets and cash are held at Anchorage Digital Bank N.A., with futures positions and margin maintained at the Trading Venues.
For investors that purchase and redeem using USDC, cash and USDC are temporarily custodied at Circle.
Private Key Management
Facilitated by Turnkey. See their documentation here.
Bug Bounty Program
Superstate encourages the community to audit our contracts and security; we also encourage the responsible disclosure of any issues. This program is intended to recognize the value of working with the community of independent security researchers.
Rewards
Superstate offers substantial rewards for discoveries that can prevent the loss of assets, the freezing of assets, or material harm to a user, commensurate with the severity and exploitability of the vulnerability. We will pay a reward of $5,000 to $500,000 for unique discoveries that are reported responsibly.
Disclosure
Submit all bug bounty disclosures to [email protected]. The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format. We will follow up promptly with acknowledgement of the disclosure.
Last updated