Security

Security is not an afterthought—it's the foundation of everything we build

Our Security Approach

Threeium handles execution and liquidity for protocols and users, making security paramount. We take a defense-in-depth approach with multiple layers of protection:

Non-Custodial Design
Users and protocols maintain full control of their assets through smart contracts. No central party has custody.
Transparent Logic
All smart contract code, parameters, and execution logic are verifiable on-chain and open source.
Risk Guardrails
Built-in risk controls including exposure limits, circuit breakers, and automated safety mechanisms.
Fail-Safe Design
System defaults to safe states. Failures result in transaction rejection, not incorrect execution.

Security Audits

Professional security audits are a critical part of our launch process. We're committed to working with reputable security firms to thoroughly review all smart contract code before mainnet deployment.

Audit Status
Pre-launch: Audits are planned and will be scheduled as we approach mainnet readiness. Audit reports will be published publicly once completed. We will not launch without thorough third-party security review.

When audit reports become available, they will be linked here. We encourage the community to review them and provide feedback.

Responsible Disclosure

We welcome security researchers to help us identify and fix vulnerabilities. If you discover a security issue, please report it responsibly.

How to Report a Vulnerability

Email: security@threeium.com

Response time: We aim to acknowledge reports within 48 hours and provide updates on remediation timelines.

What to Include

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity assessment
  • Your contact information for follow-up

Our Commitment

  • We will not pursue legal action against good-faith security researchers
  • We will work with you to understand and address the issue promptly
  • We will publicly acknowledge your contribution (unless you prefer to remain anonymous)
Report a Vulnerability

Bug Bounty Program

A formal bug bounty program with rewards for discovered vulnerabilities is planned for post-launch. Details including scope, rewards, and rules will be announced closer to mainnet deployment.

Coming Soon: Structured bug bounty program with tiered rewards based on severity. Follow @ThreeiumLabs for announcements.

Best Practices for Users

While we work to ensure system security, users should also take precautions:

  • Verify contract addresses: Only interact with addresses published on this official website and our verified X account
  • Check social media: Be aware of impersonators. Our only official account is @ThreeiumLabs
  • Start small: When first interacting with the system, test with small amounts
  • Review parameters: Understand risk parameters and constraints before integrating
  • Stay informed: Follow official channels for security updates and announcements
Read Security DocumentationContact Security Team