> ## Documentation Index
> Fetch the complete documentation index at: https://yieldxyz.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Overview

> Yield.xyz security architecture and practices

## Executive Summary

Yield.xyz is built with security at its core. We apply a **defense-in-depth approach** across infrastructure, access control, endpoint security, and development workflows, complemented by continuous monitoring and external audits. All production data is encrypted at rest and in transit, with strict access controls and network segmentation in place. Our in-house DevSecOps specialists ensure continuous enforcement and improvement of these controls.

At the application layer, we provide **Yield.xyz Shield**, a client-side, zero-trust transaction validation library that ensures every transaction presented for signing is structurally correct, safe, and consistent with the expected behavior of the selected yield integration.

Shield prevents tampering, man-in-the-middle manipulation, and unintended contract calls by enforcing strict pattern matching across calldata, contract recipients, authorities, and instruction flows — without relying on cryptographic attestation.

Yield.xyz operates under a formal SOC 2–aligned control environment and maintains a structured incident response framework.

<CardGroup cols={2}>
  <Card title="SOC 2 Type I" icon="check">
    Issued December 2025
  </Card>

  <Card title="SOC 2 Type II" icon="clock">
    Expected March 2026
  </Card>
</CardGroup>

***

## Self-Custodial Architecture

<Card title="Your Keys, Your Crypto" icon="key">
  Yield.xyz **never** has access to user private keys. We only return unsigned transactions.
</Card>

<Steps>
  <Step title="Request Action">
    Your app requests an action (enter, exit, manage)
  </Step>

  <Step title="Receive Unsigned Transaction">
    Yield.xyz returns a fully-formed but unsigned transaction
  </Step>

  <Step title="You Sign">
    Your app signs with user's wallet/custody solution
  </Step>

  <Step title="You Broadcast">
    Your app broadcasts to the blockchain
  </Step>
</Steps>

***

## Production and Infrastructure

* **Environment Separation**: Staging and production run in fully isolated AWS accounts.
* **Deployment Security**: Short-lived GitHub OIDC credentials; static or long-lived credentials are prohibited.
* **Monitoring and Resilience**: Infrastructure monitoring, AWS Shield and WAF protection, recurring backups, and validated disaster recovery plans.
* **Multi-cloud architecture**: AWS + Google Cloud failover
* **Geographic redundancy**: Distributed across regions
* **Automated failover**: DNS rerouting on service degradation
* **Manual override**: Support for manual intervention when needed

***

## Data & Network Security

* **Encryption & Retention**: All production data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Retention policies ensure strict deletion schedules.
* **Access Controls**: Based on least privilege; all access is logged and periodically reviewed.
* **Remote Access**: VPN + MFA required for all production access.
* **Network Segmentation**: Public services isolated from internal systems using strict logical separation and firewall rules.

***

## Access Control and Authentication

* **MFA Everywhere**: FIDO2 hardware keys or TOTP required for AWS, GitHub, Google Workspace.
* **Role-Based Access Control**: Least-privilege provisioning with multi-party approvals for sensitive actions.
* **Auditing**: All access events are logged and regularly reviewed.

***

## Endpoint and Device Security

* **Device Policy**: All engineer laptops (company-issued or BYOD) must meet strict security requirements and full-disk encryption.
* **Mobile Device Management**: Enforces patching, encryption, firewall rules, and remote wipe.
* **Endpoint Detection & Response**: Continuous anomaly detection and automated incident response.

***

## Security Suite Overview

<Tabs>
  <Tab title="Shield">
    **Zero-trust transaction validation**

    A lightweight validation library that checks unsigned transactions against verified templates before signing.

    * Pattern-matched validation of every transaction
    * Recipient, authority, and contract-address verification
    * Multi-chain support (EVM, Solana, Tron, more coming)
    * TypeScript and Golang implementations
    * Immediate and clear error reporting to developers

    Shield prevents the most severe attack scenarios such as malicious frontend injections, MITM modification, and manipulated RPC responses.

    [Learn more →](/documentation/shield-security/shield)
  </Tab>

  <Tab title="Shield Go">
    **Compiled validation for secure environments**

    A compiled version of Shield for secure-enclave and hardware environments.

    * Designed for institutional clients
    * Runs inside restricted devices or on-premises systems
    * Feature-parity with TypeScript version for validation and decoding

    [Learn more →](/documentation/shield-security/shield#shield--go-package)
  </Tab>

  <Tab title="HyperNative">
    **Pre-transaction simulation and risk scoring**

    Real-time execution simulation and compliance screening engine.

    * Real-time execution simulation in sandboxed environments
    * Compliance screening (OFAC, pool toxicity, sanctions)
    * Supports custom policies via dashboard or Python SDK
    * Fully API-driven and exportable for client-side use

    [Learn more →](/documentation/shield-security/hypernative)
  </Tab>

  <Tab title="Security Tiers">
    **Deployment models for every use case**

    Three security configurations to match your requirements:

    * **Baseline**: HyperNative simulation
    * **Enhanced**: HyperNative simulation + Shield validation
    * **Advanced**: On-premises Shield and HyperNative deployment with full policy control

    [Learn more →](/documentation/shield-security/security-tiers)
  </Tab>
</Tabs>

***

## API and Transaction Security

### Yield.xyz Shield (Zero-Trust Transaction Validation)

Shield is a lightweight, client-side validation library that ensures unsigned transactions generated by the Yield API are safe, unmodified, and consistent with the expected yield integration before they are presented for signing.

Shield applies a **zero-trust** model by validating the structure, contract targets, parameters, and expected behavior of each transaction. If anything appears tampered with — such as a changed recipient, altered calldata, or unexpected authority — Shield blocks the transaction and returns a clear error.

Key protections include:

* Pattern-matched validation of every transaction
* Recipient, authority, and contract-address verification
* Multi-chain support across EVM, Solana, Tron (with more coming)
* Immediate and clear error reporting to developers

Shield prevents the most severe attack scenarios such as malicious frontend injections, MITM modification, and manipulated RPC responses.

<Card title="Shield Documentation" icon="shield-check" href="/documentation/shield-security/shield">
  For detailed integration examples, error types, and supported yield IDs
</Card>

### Anomaly Detection

API endpoints are continuously monitored for abnormal usage, automated abuse patterns, and suspicious behaviors, with alerts routed to our on-call team.

***

## Security Layers

<CardGroup cols={2}>
  <Card title="Shield Validation" icon="shield-check">
    Pre-signing transaction validation against verified patterns
  </Card>

  <Card title="HyperNative Simulation" icon="bolt">
    Real-time transaction simulation and risk scoring
  </Card>

  <Card title="Contract Verification" icon="file-contract">
    Only verified, audited protocol contracts
  </Card>

  <Card title="Compliance Screening" icon="scale-balanced">
    OFAC sanctions and pool toxicity checks
  </Card>

  <Card title="Rate Limiting" icon="gauge">
    Protection against abuse and DDoS
  </Card>

  <Card title="API Key Security" icon="key">
    Secure authentication with scoped permissions
  </Card>

  <Card title="Geoblocking" icon="globe">
    Geographic access controls
  </Card>

  <Card title="Audit Trail" icon="file-lines">
    Complete action logging for compliance
  </Card>
</CardGroup>

***

## Governance, Compliance, and Incident Response

* **SOC 2 Compliance**
  * **SOC 2 Type I** report issued in **December 2025**
  * **SOC 2 Type II** audit currently in progress, covering Security, Availability, and Confidentiality
  * Type II report **expected by the end of March 2026**
* **Incident Response**: 24/7 on-call, formal escalation paths, and recurring tabletop exercises.
* **Governance**: Policies, risk assessments, and procedures reviewed regularly.
* **Sensitive Operations**: Deployments, configuration changes, and access escalations require multi-party approvals.

***

## Risks and Mitigations

| Risk                             | Description                                                  | Mitigation                                                                                |
| -------------------------------- | ------------------------------------------------------------ | ----------------------------------------------------------------------------------------- |
| Transaction tampering at runtime | Unsigned transaction intercepted or modified before signing. | **Shield pattern validation** ensures every field conforms to a pre-audited safe pattern. |
| Man-in-the-middle attack         | Attacker injects malicious calldata or new recipients.       | **Recipient, program, and parameter validation** prevent unauthorized modifications.      |
| Invalid contract target          | Transaction attempts to reach a fake protocol address.       | Shield enforces **contract address correctness** per integration.                         |
| Wrong authority / ownership      | Delegation or withdrawal directed to attacker-owned address. | Shield validates **delegate authority**, user ownership, and stake account linkage.       |
| Infrastructure compromise        | Unauthorized access to production systems.                   | Isolation, MFA, RBAC, short-lived credentials, monitoring.                                |
| Credential misuse                | Misused engineer access.                                     | Hardware MFA, rotation, centralized secrets, auditing.                                    |
| Supply chain attacks             | Malicious package injection.                                 | npm MFA, GitHub scanning, version locks.                                                  |
| DDoS / service disruption        | Attackers overwhelm public services.                         | AWS Shield, WAF, auto-scaling.                                                            |
| Insider threat                   | Malicious or manipulated employee actions.                   | Multi-party approvals, RBAC, immutable logs.                                              |

***

## Protocol Security

We only integrate protocols that meet our security standards:

* ✅ Independent security audits
* ✅ Bug bounty programs
* ✅ Track record (TVL, time in production)
* ✅ Transparent team and governance

***

## External Validation

### Independent Audits

Yield.xyz's infrastructure and smart contracts undergo regular third-party audits.

<CardGroup cols={2}>
  <Card title="Trail of Bits" icon="magnifying-glass">
    Security Assessment - Q3 2024
  </Card>

  <Card title="Zellic" icon="file-contract">
    Smart Contract Audits
  </Card>
</CardGroup>

**Selected Audit Reports:**

* [Zellic - Smart Contract Security Assessment (OAV) - Q1 2025](https://github.com/Zellic/publications/blob/master/StakeKit%20-%20Zellic%20Audit%20Report.pdf)
* [Zellic - Smart Contract Security Assessment (Fee Wrapper) - Q3 2024](https://github.com/Zellic/publications/blob/master/StakeKit%20FeeWrapper%20-%20Zellic%20Audit%20Report.pdf)

### Continuous Automatic Testing

Penetration testing and vulnerability scanning are conducted through [Aikido](https://aikido.dev/). Full reports are available to clients on request.

***

## Security Incident History

<Card title="Zero Breaches" icon="shield-check">
  Yield.xyz has had **no security breaches, hacks, or loss of client funds** since inception.
</Card>

For detailed security incident history, audit information, and regulatory engagement details, see our [Security Notice](/legal/security-notice).

***

## Trust Center

For additional transparency, security posture, and trust artifacts:

<Card title="Trust Center" icon="building-shield" href="https://trust.yield.xyz">
  [https://trust.yield.xyz](https://trust.yield.xyz)
</Card>

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Shield" icon="shield-check" href="/documentation/shield-security/shield">
    Transaction validation library
  </Card>

  <Card title="HyperNative" icon="bolt" href="/documentation/shield-security/hypernative">
    Simulation and compliance
  </Card>

  <Card title="Security Tiers" icon="layer-group" href="/documentation/shield-security/security-tiers">
    Deployment models
  </Card>

  <Card title="Security Notice" icon="bell" href="/legal/security-notice">
    Incident history & disclosures
  </Card>
</CardGroup>