Security Audits

Trust in a sovereign protocol must be earned through transparency and rigorous testing.

Threat Architecture

Our architecture is designed to survive extreme threat scenarios:

• Insolvency: The protocol continues to run without the organization. Storage is paid for entirely upfront, and smart contracts are immutable.
• Compulsion: We cannot be legally forced to reveal your data because we do not have the keys. Decryption happens entirely client-side.
• DB Breach: A leak of our database would only reveal encrypted blobs and metadata. Your files remain protected by AES-256-GCM encryption, impossible to access without the split guardian keys.
• Rogue Employees / Server Destruction: Even complete destruction of our servers does not impact the Base network or the Arweave permaweb.

Live Contract Verification

We believe "security through obscurity" is a vulnerability. Our smart contracts are fully verified and readable on the blockchain.

• InheribaseAnchor Verified Source: You can review the exact, compiled logic of our core contract at 0xf43e5cC7a7fCF115B573CfF92273B762Bb12C3c7 directly on BaseScan.

Cryptographic Supply Chain Disclosure

"We do not invent cryptography." The protocol strictly relies on federal-standard primitives to ensure mathematical certainty:

• AES-256-GCM: Used via the native Web Crypto API for secure, authenticated symmetric encryption.
• SHA-256: Used via the Web Crypto API for immutable data integrity checks (hashing).
• Shamir's Secret Sharing (SSS): Battle-tested polynomial interpolation logic to distribute keys across guardians securely.

Vulnerability Disclosure Program

We actively engage with the security community. If you are a security researcher and have discovered a potential vulnerability in our protocol, please submit your findings to our dedicated security contact. We enforce strict SLAs for responding to, verifying, and patching any disclosed bugs.