Security and Audits

Security is the cornerstone of the Re Protocol’s design, ensuring participant trust and platform resilience. The protocol combines third-party audits, strict access controls, oracle guardrails, and daily custody/reserve attestations.

Independent Audits

The Re Protocol undergoes regular third-party audits to ensure the safety and functionality of its smart contracts and infrastructure. These audits include detailed reviews of the protocol’s codebase to identify and mitigate vulnerabilities.

• Audits:

  • Certora - Latest Audit, Sept. 26 2025: https://www.certora.com/reports/re-core

  • Previous Audit Reports: https://hacken.io/audits/re-protocol/

Access Control and Upgrade Safeguards

• Upgrade Pattern: UUPS upgradeable contracts

• Upgrade Authority: Governance MPC (3-of-5)

• Timelock: 48-hour timelock on upgrades, no documented bypass path

Critical operational roles are separated across dedicated controller wallets:

Oracle and Reserve Assurance

• reUSD/reUSDe price feeds are updated daily.

• A daily change guardrail is enforced on reUSD pricing (large moves above the configured threshold are rejected).

• Off-chain bank balances are verified daily by The Network Firm and published via Chainlink.

• The Network Firm also verifies ownership and balances of protocol custody wallets.

Emergency Mechanisms

1. Pause Functionality:

   • In the event of an emergency, the protocol includes a mechanism to immediately halt all transactions and operations. This feature ensures that funds are protected while the issue is resolved.

2. Recovery Wallets:

   • Each Insurance Capital Layer (ICL) is equipped with a designated recovery wallet to securely store funds during emergencies.

   • For the initial ICL, the recovery wallet address is: 0xDf6bF2713b5c7CA724E684657280bC407938F447.

Secure Infrastructure

1. Smart Contract Security:

   • All smart contracts are designed with redundancy and fail-safes to minimize risks and prevent unauthorized access.

   • Multi-signature (MPC) wallets are used for critical operations to prevent single-party control.

   • Daily Fireblocks sweeps move idle capital from each ICL into custody vaults.

   • Surplus Note Registry records notarized agreements and emits NoteDraw and NoteRepay events for drawdowns/repayments.

2. Blockchain Transparency:

   • The protocol’s operations are fully transparent, with all transactions recorded on-chain. This allows participants to independently verify fund movements and smart contract activities.

Compliance and Risk Mitigation

1. KYC and AML Processes:

   • We require KYC and AML checks because a portion of protocol capital is deployed with a partner reinsurance company that is licensed in the Cayman Islands and regulated by the Cayman Islands Monetary Authority (CIMA). As part of operating under that regulated framework, the reinsurance company must confirm that capital providers are not sanctioned and that funds are not linked to money laundering or other prohibited activity.

   • The protocol employs rigorous Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures, powered by trusted third-party services like SumSub and Chainalysis.

2. Ongoing Monitoring:

   • Continuous monitoring of wallet activities and risk profiles ensures that all participants comply with regulatory requirements.

Participant Assurance

• Real-Time Reporting:

  • Participants can monitor their assets and the protocol’s performance through detailed, real-time dashboards.

• Insurance for Custodial Risks:

  • The protocol is exploring partnerships to provide additional layers of protection against custodial and operational risks.

By prioritizing security and compliance, the Re Protocol creates a safe and transparent environment for participants to engage with the reinsurance market. These measures reinforce trust, enabling the protocol to operate as a resilient and reliable platform for capital allocation.