🛡️Security & Risk Mitigation

Fume’s protocol is designed with a strong focus on the security of fund administration. While the protocol automates administrative tasks, the underlying liquidity remains in secure, segregated custody. The protocol only interacts with liquidity during key moments such as subscriptions, redemptions, and fee management. This approach minimizes the risk of exposure and ensures that liquidity is always handled in a secure environment.

Security by Design

After an on-chain fund is deployed by Fume, only authorized parties can interact with the smart contract:

• Fund Manager (Owner): The fund manager is granted the ability to whitelist investors, move liquidity, perform NAV calculations, and pay fees.

• Whitelisted Investors: Only investors approved by the manager can interact with the smart contract, and their actions are limited to subscribing to the fund or redeeming their shares.

By restricting access in this way, Fume drastically reduces the on-chain attack surface, eliminating 99.9% of potential vulnerabilities typically targeted in hacks.

Authentication and Access Control

For accessing the Fume platform, we eliminate the risk of leaking sensitive data by not using passwords. Instead, users log in via email links or OAuth-based 2-factor authentication (2FA). Importantly, logging into the web platform only provides a read-only view of the on-chain fund. All fund interactions—such as calculating the NAV or move liquidity—require the fund manager to use their wallet for approval. To further enhance security, we strongly recommend fund managers use multi-signature solutions such as Safe Wallet or Fireblocks to protect fund control.

Implementation Best Practices

Fume adheres to industry-leading implementation standards to mitigate risks, including:

• 100% Code Coverage: Our smart contracts are thoroughly tested, with every line of code covered in automated testing. This includes a method called fuzzy testing, which randomly generates valid inputs to identify edge cases.

• Integer Overflow/Underflow: We ensure our contracts are protected against overflow and underflow errors. Solidity version 0.8.0 automatically handles these by throwing errors and reverting when such issues arise.

• Re-entrancy Attack Prevention: To safeguard against re-entrancy attacks, we employ two strategies: ensuring proper code ordering and utilizing the OpenZeppelin re-entrancy guard. These measures, combined with thorough syntax checks using tools like Foundry, Mythril, and Slither, ensure maximum contract security.

Fixes and Upgradability

If an unforeseen issue arises that cannot be fixed on the fly, we have developed a two-tiered approach:

1. No Upgradeable Contracts: We’ve opted not to use upgradeable contracts, as they introduce additional attack vectors and technical complexity.

2. Redeployment with Catch-Up Mechanism: Instead of upgrading, we redeploy a new contract with the corrected code. Importantly, the fund’s state and history are preserved through a catch-up mechanism—all key events are logged on-chain, allowing the new contract to "replay" the fund’s history and resume from the exact state before the redeployment.

Audit

Fume is committed to maintaining the highest level of security for its smart contracts. We’ve already engaged an independent expert for an initial review of our code and are preparing for a full security audit. This will ensure that the protocol continues to meet the highest standards for security and risk mitigation.