System Integrity Overview

Capital backing ONyc is held in legally segregated accounts and committed to collateralize reinsurance obligations. Collateral is not held in smart contracts and cannot be accessed through contract exploits. The collateral pool includes stablecoins, cash equivalents, and T-Bill exposure for liquidity and capital efficiency.

The mint authority is a Program Derived Address (PDA), meaning issuance can only occur through program logic. No operator or private key can mint outside defined rules.

ONyc collateral is structurally separate from DeFi integrations. Activity in external protocols does not directly impact the underlying capital base.

ONyc is a yield bearing token on Solana representing a proportional share of a regulated, segregated reinsurance account. The system separates onchain execution (minting, redemption, NAV), offchain underwriting and capital deployment, and custody of collateral in segregated insurance accounts.

Minting and redemption are enforced by contract logic using NAV based pricing derived from a base price, annual rate, and time component. No offchain service or external key determines issuance. A maximum supply cap is enforced at the contract level on every mint.

NAV used for minting and redemption is computed from parameters stored within the contract. External providers such as Chainlink and Pyth support integrations and pricing inputs but do not control execution.

Administrative actions, including parameter updates, vault management, and contract changes, require multisig approval through a distributed signer set. Ownership transfers follow a two step proposal and acceptance process.

• A publicly viewable 3-of-6 multisig governs OnRe’s segregated liquidity reserve, supporting redemptions and broader market stability.

• A separate publicly viewable 3-of-6 multisig governs protocol administration, including program upgrades, offer creation and management, vault administration, mint authority management, max supply configuration, fee updates, redemption controls, admin and approver management, SPL freeze authority, metadata update authority, and reactivation following a kill switch event.

Critical actions require multisig approval across multiple signers. Timelocks and execution delays are being implemented to introduce a review window before changes take effect. Designated admin accounts retain the ability to activate a kill switch to pause specific operations in the event of abnormal activity.

OnRe does not currently use durable nonces and follows standard Solana transaction execution flows, while evaluating additional sequencing and nonce based protections.

Security operations include monitoring of onchain activity, governance actions, and execution flows. In the event of abnormal behavior, response mechanisms include multisig intervention and the ability to halt certain operations such as a kill switch.

Smart contracts are publicly accessible. NAV, reserves, and portfolio composition are reported through transparency dashboards, supported by monthly attestations and independent audits.

The most recent independent audit was completed by Quantstamp in January 2026. Ongoing transparency is supported through additional audits and attestations.

Current improvements include:

• Timelock implementation

• Evaluation of advanced nonce and sequencing mechanisms

• Continued optimization of signer distribution

External partners including Allez Labs, Accountable, and Apex Group support data integrity, verification, and attestation processes.

The primary risk is underwriting risk. If claims exceed premium income, NAV may decline, including in extreme or correlated loss scenarios.