Security
Audit Status
Smart contracts are currently unaudited. The security audit is scheduled before Phase 1 mint opens (Q3 2026). Do not invest funds you cannot afford to lose before the audit is complete and results are published.
| Milestone | Status |
|---|---|
| Smart contract development | In progress |
| Internal review | Planned |
| Third-party audit | Scheduled — pre-mint |
| Audit report published | At audit completion |
| Mainnet deployment | Post-audit |
When the audit is complete, the full report will be published at docs.sandboxghi.xyz/audit-report and pinned on @SandboxGHI (opens in a new tab).
Trust Model
What the program can do
- Custody NFTs during staking (returned on unstake, no delay)
- Mint
$GHIfrom the mining vault to stakers - Create and close
AgentAccountPDAs - Debit agent $GHI budgets for task execution (authority-only)
What the program cannot do
- Transfer NFTs to any address other than the staker
- Spend user wallet funds beyond what is explicitly signed
- Upgrade itself after the upgrade authority is revoked at audit completion
- Access any token account not passed explicitly in each instruction
Upgrade authority
The program's Solana upgrade authority will be set to null (immutable) after the security audit completes. Until then, the upgrade authority is held by the team multisig.
Team Vesting
The team allocation (15% of $GHI supply = 150,000,000 $GHI) is subject to:
- 6-month cliff — zero tokens released for the first 6 months after TGE
- 24-month linear vesting — tokens release monthly after the cliff
This is enforced on-chain via a vesting contract. The team cannot dump before the cliff regardless of market conditions.
Treasury & DAO
All treasury movements require a DAO vote once governance launches (2027). Until DAO is live, treasury is controlled by a 3-of-5 multisig — no single key can move funds.
Multisig addresses will be published at launch.
What Cannot Be Rugged
| Protection | Mechanism |
|---|---|
| Team token dump | 6-month cliff + 2-year vesting on-chain |
| Smart contract backdoor | Non-upgradable after audit |
| Treasury drain | Multisig (3-of-5) → DAO governance |
| NFT rug (collection shutdown) | NFTs are standard Metaplex — freely tradeable on any marketplace regardless of project status |
| $GHI supply manipulation | Fixed 1,000,000,000 supply, mint authority revoked at TGE |
Staying Safe
The team will never DM you first asking for SOL, seed phrases, or wallet signatures.
- Only use official URLs:
sandboxghi.xyz,docs.sandboxghi.xyz,mint.sandboxghi.xyz - Only buy
$SGHIfrom the contract address announced on @SandboxGHI (opens in a new tab) - Verify the program ID before signing any transaction — the official ID is published in this docs site after audit
- Do not click links from DMs, even if they look official
- Revoke any approvals you no longer need using revoke.cash (opens in a new tab) or Phantom's token approvals tab
Responsible Disclosure
Found a vulnerability? Report it privately before disclosing publicly:
- Telegram: @SandboxGHI (opens in a new tab) (DM the pinned security contact)
- Email: security@sandboxghi.xyz
Critical bugs reported before exploit will be rewarded from the Treasury allocation.