VORTYX LABS

VTX • 20B SECURE ECOSYSTEM
SECURITY • OVERVIEW

12-Layer Protection – Code, Not Promises

VTX is designed to remove the most common attack vectors in DeFi: hidden minting, owner burns, trading pauses, tax rugs, blacklist abuse and unrestricted dev pools. Each layer below is backed by specific Solidity logic.

Core Layers (1–6)

  • 1. Fixed 20B Supply
    Tokens are minted once in the constructor. There is no external mint function and no role that can create new VTX.

  • 2. No Owner Burn / Supply Tricks
    The contract does not provide an owner-only burn function. Supply manipulation via privileged burns is impossible.

  • 3. Vault-Enforced Supply
    The Vault must hold the full 20B VTX before it can be initialized. Without this, vesting and pool payouts remain locked.
  • 4. 10-Year Owner Vesting
    The 4B owner allocation unlocks over 10 years using time-based calculations. There is no manual override to accelerate this schedule.

  • 5. One-Way Trading Enable
    Trading is disabled by default and can only be enabled once. After enableTrading(), there is no way to turn it off, removing the classic “pause-and-dump” rug switch.

  • 6. Anti-Whale Limits
    maxTxAmount and maxWalletAmount prevent extreme concentration of supply. Specific addresses (Vault, LP) can be exempted without compromising decentralization.

Governance & Tax Layers (7–9)

  • 7. Max 2% Tax with Lock
    The sum of LP tax and Treasury tax can never exceed 2%. Once lockTaxConfig() is called, the chosen values are permanent.

  • 8. Blacklist Freeze
    Blacklist is meant only for pre-launch bot protection. After freezeBlacklist(), no new addresses can be blocked, preventing abuse against investors and whales.
  • 9. Tax & Limit Exemptions for System Addresses
    Internal addresses such as the Vault and core modules can be marked as tax- and limit-exempt, ensuring smooth ecosystem operations without exposing users to unfair rules.

Vault & Module Layers (10–12)

  • 10. Role-Locked Vault
    Dev, Rewards, Maintenance, Hyper and Liquidity roles are set once and then locked via lockRoles(). No new “backdoor modules” can be introduced after launch.

  • 11. Registry-Approved Modules Only
    The Vault consults VTXRegistry to ensure that modules acting on its pools are explicitly approved. This prevents rogue contracts from calling sensitive functions.
  • 12. Reentrancy Protection on All Payouts
    The Vault and modules use a simple but effective ReentrancyGuard. All functions that move funds outward are protected by a nonReentrant modifier, blocking reentrancy-based attacks.

  • Bonus: Owner Reputation Protection
    By design, the system removes the ability to perform classic rug actions. This protects not just investors, but also the founder’s long-term reputation in the ecosystem.