Security

MomentMM follows a defense-in-depth approach for user funds, keys, and platform integrity.

Encryption & Key Management

• Private keys and mnemonics are encrypted with AES-256-CBC using a derived key: SHA-256(user_email + ENCRYPTION_SECRET).
• Each wallet has a unique IV and encrypted secrets are stored server-side.
• Decryption happens only in-memory during transaction signing and is erased immediately after use.

API & Network Security

• Clerk authentication secures user sessions and access to protected endpoints.
• Rate limiting and Edge middleware protect against abuse.
• TLS 1.3 and CORS policies enforced across APIs.

Smart Contract & On-Chain Security

• NFT contracts follow ERC-721 standards and are audited before major launches.
• The MMMT token and any treasury contracts will undergo third-party audits.
• Multi-sig governance for treasury operations is planned.

Operational Security

• Regular backups and encrypted storage for backups.
• Access controls and least-privilege for admin operations.
• Bug bounty program for community-led security testing.

User Best Practices

• Keep backups of your mnemonic (encrypted copy recommended).
• Use a hardware wallet for large balances.
• Verify transaction recipients and check explorer links.

For detailed incident reporting, contact security@momentmm.xyz.