Security & Disclosure

How Foundation protects you

Foundation is a non-custodial application on Solana. Custody runs through Squads multisig. Every vault, every transaction, and every line of code is publicly verifiable.

What Foundation will never do

  • Ask for your seed phrase, private keys, or wallet password.
  • Ask you to install software, browser extensions, or sign messages outside your wallet UI.
  • Request payment information, credit cards, or banking details.
  • Run airdrop claim flows, fake giveaways, or urgency-based promotions.
  • Send unsolicited DMs on Twitter, Telegram, or Discord asking you to connect your wallet.

How custody works

Foundation does not hold your USDC. When you deposit, funds are routed into a Squads Protocol v4 multisig on Solana mainnet that holds the underlying yield position. You receive a Token-2022 receipt (e.g. awyUSD, soloUSD) representing your share.

Withdrawals burn your receipt token and return USDC to your wallet. Multisig addresses, vault PDAs, and receipt mints are all listed on /transparency. You can verify every balance and every transaction on Solana Explorer.

Wallet connection uses the official @solana/wallet-adapter SDK. Every transaction is signed in your own wallet (Phantom, Solflare, Backpack) after you review and approve it.

Audits & status

Smart contracts

External audit pending — Q2 2026

Multisig

Squads Protocol v4 (audited)

Receipt tokens

SPL Token-2022 (audited extension)

Stage

Alpha — see disclaimer below

Report a vulnerability

If you discover a security issue, please report it privately before public disclosure. We commit to acknowledging reports within 48 hours.

v@fdnusd.comsecurity.txt

Scope: fdnusd.com, demo.fdnusd.com, app.fdnusd.com, and Foundation's on-chain programs on Solana mainnet.

Foundation Alpha — DeFi carries smart-contract, market, and counterparty risk. This site is for educational purposes and is not investment advice. Only deposit what you can afford to lose.