Documentation Index
Fetch the complete documentation index at: https://yieldxyz.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Executive Summary
Yield.xyz is built with security at its core. We apply a defense-in-depth approach across infrastructure, access control, endpoint security, and development workflows, complemented by continuous monitoring and external audits. All production data is encrypted at rest and in transit, with strict access controls and network segmentation in place. Our in-house DevSecOps specialists ensure continuous enforcement and improvement of these controls. At the application layer, we provide Yield.xyz Shield, a client-side, zero-trust transaction validation library that ensures every transaction presented for signing is structurally correct, safe, and consistent with the expected behavior of the selected yield integration. Shield prevents tampering, man-in-the-middle manipulation, and unintended contract calls by enforcing strict pattern matching across calldata, contract recipients, authorities, and instruction flows — without relying on cryptographic attestation. Yield.xyz operates under a formal SOC 2–aligned control environment and maintains a structured incident response framework.SOC 2 Type I
Issued December 2025
SOC 2 Type II
Expected March 2026
Self-Custodial Architecture
Your Keys, Your Crypto
Yield.xyz never has access to user private keys. We only return unsigned transactions.
Production and Infrastructure
- Environment Separation: Staging and production run in fully isolated AWS accounts.
- Deployment Security: Short-lived GitHub OIDC credentials; static or long-lived credentials are prohibited.
- Monitoring and Resilience: Infrastructure monitoring, AWS Shield and WAF protection, recurring backups, and validated disaster recovery plans.
- Multi-cloud architecture: AWS + Google Cloud failover
- Geographic redundancy: Distributed across regions
- Automated failover: DNS rerouting on service degradation
- Manual override: Support for manual intervention when needed
Data & Network Security
- Encryption & Retention: All production data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Retention policies ensure strict deletion schedules.
- Access Controls: Based on least privilege; all access is logged and periodically reviewed.
- Remote Access: VPN + MFA required for all production access.
- Network Segmentation: Public services isolated from internal systems using strict logical separation and firewall rules.
Access Control and Authentication
- MFA Everywhere: FIDO2 hardware keys or TOTP required for AWS, GitHub, Google Workspace.
- Role-Based Access Control: Least-privilege provisioning with multi-party approvals for sensitive actions.
- Auditing: All access events are logged and regularly reviewed.
Endpoint and Device Security
- Device Policy: All engineer laptops (company-issued or BYOD) must meet strict security requirements and full-disk encryption.
- Mobile Device Management: Enforces patching, encryption, firewall rules, and remote wipe.
- Endpoint Detection & Response: Continuous anomaly detection and automated incident response.
Security Suite Overview
- Shield
- Shield Go
- HyperNative
- Security Tiers
Zero-trust transaction validationA lightweight validation library that checks unsigned transactions against verified templates before signing.
- Pattern-matched validation of every transaction
- Recipient, authority, and contract-address verification
- Multi-chain support (EVM, Solana, Tron, more coming)
- TypeScript and Golang implementations
- Immediate and clear error reporting to developers
API and Transaction Security
Yield.xyz Shield (Zero-Trust Transaction Validation)
Shield is a lightweight, client-side validation library that ensures unsigned transactions generated by the Yield API are safe, unmodified, and consistent with the expected yield integration before they are presented for signing. Shield applies a zero-trust model by validating the structure, contract targets, parameters, and expected behavior of each transaction. If anything appears tampered with — such as a changed recipient, altered calldata, or unexpected authority — Shield blocks the transaction and returns a clear error. Key protections include:- Pattern-matched validation of every transaction
- Recipient, authority, and contract-address verification
- Multi-chain support across EVM, Solana, Tron (with more coming)
- Immediate and clear error reporting to developers
Shield Documentation
For detailed integration examples, error types, and supported yield IDs
Anomaly Detection
API endpoints are continuously monitored for abnormal usage, automated abuse patterns, and suspicious behaviors, with alerts routed to our on-call team.Security Layers
Shield Validation
Pre-signing transaction validation against verified patterns
HyperNative Simulation
Real-time transaction simulation and risk scoring
Contract Verification
Only verified, audited protocol contracts
Compliance Screening
OFAC sanctions and pool toxicity checks
Rate Limiting
Protection against abuse and DDoS
API Key Security
Secure authentication with scoped permissions
Geoblocking
Geographic access controls
Audit Trail
Complete action logging for compliance
Governance, Compliance, and Incident Response
- SOC 2 Compliance
- SOC 2 Type I report issued in December 2025
- SOC 2 Type II audit currently in progress, covering Security, Availability, and Confidentiality
- Type II report expected by the end of March 2026
- Incident Response: 24/7 on-call, formal escalation paths, and recurring tabletop exercises.
- Governance: Policies, risk assessments, and procedures reviewed regularly.
- Sensitive Operations: Deployments, configuration changes, and access escalations require multi-party approvals.
Risks and Mitigations
| Risk | Description | Mitigation |
|---|---|---|
| Transaction tampering at runtime | Unsigned transaction intercepted or modified before signing. | Shield pattern validation ensures every field conforms to a pre-audited safe pattern. |
| Man-in-the-middle attack | Attacker injects malicious calldata or new recipients. | Recipient, program, and parameter validation prevent unauthorized modifications. |
| Invalid contract target | Transaction attempts to reach a fake protocol address. | Shield enforces contract address correctness per integration. |
| Wrong authority / ownership | Delegation or withdrawal directed to attacker-owned address. | Shield validates delegate authority, user ownership, and stake account linkage. |
| Infrastructure compromise | Unauthorized access to production systems. | Isolation, MFA, RBAC, short-lived credentials, monitoring. |
| Credential misuse | Misused engineer access. | Hardware MFA, rotation, centralized secrets, auditing. |
| Supply chain attacks | Malicious package injection. | npm MFA, GitHub scanning, version locks. |
| DDoS / service disruption | Attackers overwhelm public services. | AWS Shield, WAF, auto-scaling. |
| Insider threat | Malicious or manipulated employee actions. | Multi-party approvals, RBAC, immutable logs. |
Protocol Security
We only integrate protocols that meet our security standards:- ✅ Independent security audits
- ✅ Bug bounty programs
- ✅ Track record (TVL, time in production)
- ✅ Transparent team and governance
External Validation
Independent Audits
Yield.xyz’s infrastructure and smart contracts undergo regular third-party audits.Trail of Bits
Security Assessment - Q3 2024
Zellic
Smart Contract Audits
- Zellic - Smart Contract Security Assessment (OAV) - Q1 2025
- Zellic - Smart Contract Security Assessment (Fee Wrapper) - Q3 2024
Continuous Automatic Testing
Penetration testing and vulnerability scanning are conducted through Aikido. Full reports are available to clients on request.Security Incident History
Zero Breaches
Yield.xyz has had no security breaches, hacks, or loss of client funds since inception.
Trust Center
For additional transparency, security posture, and trust artifacts:Trust Center
Next Steps
Shield
Transaction validation library
HyperNative
Simulation and compliance
Security Tiers
Deployment models
Security Notice
Incident history & disclosures