Getting Started

User Guides

Technical

Development

Resources

Security & Privacy

Protecting the protocol and user data

Overview

Security and privacy are fundamental to Elusiv's mission. The protocol implements multiple layers of protection to ensure user safety, data integrity, and censorship resistance.

Elusiv uses battle-tested security patterns and undergoes regular security audits to ensure protocol safety.

Smart Contract Security

Security Patterns

All Elusiv smart contracts implement industry-standard security patterns:

ReentrancyGuard

All contracts use OpenZeppelin's ReentrancyGuard to prevent reentrancy attacks on state-changing functions.

Access Control

Ownable pattern restricts sensitive functions to contract owner. Future versions will support role-based access control.

Safe Transfers

SafeERC20 library prevents token transfer failures from breaking contract execution.

OpenZeppelin Standards

Built on audited OpenZeppelin contracts (ERC721, ERC20, Ownable, ReentrancyGuard).

Input Validation

All user inputs are validated before processing:

  • Query length limits (max 512 characters) prevent gas limit issues
  • Payment amount validation ensures correct token transfers
  • Address validation prevents zero-address errors
  • Supply cap checks prevent overflow issues
  • Mint price validation ensures correct payment amounts

Error Handling

Contracts use custom errors for gas-efficient error reporting:

Example Errors:
  • error MintClosed() - Minting is disabled
  • error SoldOut() - Maximum supply reached
  • error InvalidRequest() - Invalid request ID
  • error AlreadyFulfilled() - Request already completed

Privacy Features

Pseudonymous Participation

Elusiv supports pseudonymous participation:

Wallet-Based Identity

Users interact using wallet addresses, not personal information.

Optional KYC

No mandatory KYC for basic platform usage. Future features may require verification.

Research Anonymity

Research requests are linked to addresses, but users can use multiple wallets for additional privacy.

Data Minimization

Elusiv follows data minimization principles:

  • Only essential data stored on-chain (request metadata, hashes)
  • Full research dossiers stored in decentralized storage
  • No personal data collection beyond wallet addresses
  • Optional metadata can be omitted for privacy

Future Privacy Enhancements

Planned Privacy Features (v2-v3)

  • Zero-knowledge proofs for private research requests
  • Encrypted research dossiers with access controls
  • Private payment channels
  • Enhanced anonymity features

Audit Reports

Security Audits

Elusiv contracts undergo regular security audits:

Audit Status

Security audits are conducted by reputable firms before mainnet deployment. Audit reports are published for transparency.

Check the official Elusiv channels for the latest audit reports and security updates.

Bug Bounty Program

Responsible Disclosure

Elusiv encourages responsible disclosure of security vulnerabilities. A bug bounty program may be established for critical findings.

Best Practices

For Users

Secure Your Wallet

Use hardware wallets for large holdings. Never share your private keys or seed phrases.

Verify Transactions

Always verify contract addresses and transaction details before confirming.

Use Official Channels

Only interact with official Elusiv contracts and interfaces. Beware of phishing attempts.

For Developers

Verify Contract Addresses

Always verify contract addresses from official sources before integration.

Handle Errors Gracefully

Implement proper error handling for all contract interactions.

Monitor Events

Use event indexing to track contract state changes rather than polling.

Known Limitations

Current Limitations

  • On-chain query storage is limited (512 characters max)
  • Full anonymity not yet implemented (v2-v3)
  • Single-chain deployment initially (multi-chain in future)
  • Manual completion approval process (automation in v2)

Incident Response

Security Incidents

If you discover a security vulnerability or incident:

  1. Report immediately through official channels
  2. Do not disclose publicly until resolved
  3. Provide detailed information about the issue
  4. Allow time for investigation and patching

Continue Learning

Explore other technical aspects of the Elusiv protocol.

Protocol ArchitectureBlockchain Integration