Smart Contract Risk
Abstract
Smart Contract + Technology risk refers to potential vulnerabilities/failures that could occur because of the smart contracts we use to underpin the blockchain ecosystem we operate within. Smart contract risks include but are not limited to bugs in the code as well as faulty logic or unknown exploitable attack vectors that can be used to steal funds. In any of these cases, depending on the security of the issue, this can lead to exploits conducted by malicious parties and loss of value or assets. This risk also includes the risks associated with operating in a space that is rapidly growing and changing (with specific respect to the tech stack), as technological changes can potentially impact operations.
Policy
Endaoment believes in protecting customer onchain assets and account data from smart contract and technological errors or bugs. We manage these risks through regular smart contract audits, technological evaluations, and rigorous assessments of our third-party partners’ security protocols.
Scope and Applicability
This policy applies to all Endaoment employees, contractors, board members, and those acting on behalf of Endaoment in any capacity, as well as any smart contracts, wallets, or other blockchain tools used by Endaoment. Non-compliance with this policy may lead to disciplinary action up to and including termination/removal. Should there be a conflict of law, the more stringent of either this policy or the applicable law will be applied.
Operational Controls + Testing
Internal controls will be monitored and/or tested on a periodic basis determined by risk. Monitoring and testing outcomes will be used to inform the continuous improvement of internal controls in order to appropriately mitigate risk.
Training
All Endaoment employees will receive training on Legal Compliance + Regulatory Risk to ensure policy continuity and application. New hires will be trained within their first 60 days, and mandatory incumbent trainings will be conducted bi-annually with all current employees.
Governance
This policy will be reviewed by the officers of Endaoment and updated semi-annually to ensure it remains up-to-date. Escalation of any questions, concerns, or requests for exceptions regarding this policy must be made to the Endaoment executive team and approved unanimously.