Transparency First
We believe in radical honesty. Njangi House is currently live on Polygon Amoy Testnet โ not mainnet. Our smart contracts have not yet been formally audited by a third-party security firm. A formal audit is planned and required before any mainnet deployment with real funds.
This post explains what we've built, the security measures already in place, and the steps remaining before we go live with real money.
Current Status: Testnet
All Njangi House smart contracts are deployed and verified on Polygon Amoy (Chain ID: 80002). This is a test network โ all tokens and transactions use test MATIC and mock USDC. No real funds are at risk.
What's deployed and verified on PolygonScan:
NkapToken.solโ ERC-20 utility and governance token (100M fixed supply)NjangiHouse.solโ Core ROSCA savings circle logicNjangiFactory.solโ CREATE2 factory for deploying house instancesMomoOracle.solโ Mobile Money oracle bridge contractNjangiNFT.solโ Dynamic on-chain SVG contribution badges
Total Solidity: ~1,800 lines (excluding OpenZeppelin dependencies)
You can inspect every line of code on PolygonScan โ all contracts are verified and source code is public.
Security Measures Already in Place
While we haven't had a formal audit, we've built security into every layer of the protocol:
Reentrancy Protection
All state-changing functions with external calls use OpenZeppelin's ReentrancyGuard. This prevents a class of attacks where malicious contracts attempt to re-enter functions during execution.
Anti-Replay Protection
MoMo payment references are checked at two layers: the oracle rejects any reference it has seen before (globally), and each house contract independently rejects duplicates. This prevents double-spend attacks.
Oracle Rate Staleness Check
The MoMo oracle includes a staleness threshold โ if the XAF/USDC exchange rate hasn't been updated within 4 hours, the oracle automatically stops processing payments. Cloud Scheduler updates the rate every 30 minutes, providing an 8x safety margin.
Access Control
Role-based permissions using OpenZeppelin's AccessControl. The relayer key is stored in GCP Secret Manager, not in code. Key rotation procedures are documented and tested.
SafeERC20
All USDC operations use OpenZeppelin's SafeERC20.safeTransfer(), which reverts clearly on failure rather than failing silently.
Emergency Pause
House organizers can pause all state changes in an emergency, giving users time to assess a situation before more funds flow in.
Custom Errors
All revert conditions use custom Solidity errors for gas efficiency and clear error reporting.
What's Left Before Mainnet
We have a clear checklist before deploying to Polygon mainnet with real funds:
- Formal third-party audit โ This is non-negotiable. We will not deploy to mainnet without a professional security audit by a reputable firm
- Extended testnet period โ We need more real users testing edge cases on Amoy
- Bug bounty program โ We plan to launch a bug bounty before mainnet
- Load testing โ Stress-test the MoMo oracle bridge under high transaction volumes
- Legal review โ Ensure compliance with financial regulations in target markets
- Community governance review โ Allow NKAP holders to review and vote on the final contract parameters
How You Can Help
If you're a smart contract auditor, security researcher, or Solidity developer โ we'd love your eyes on our code. Every bug found on testnet is a vulnerability prevented on mainnet.
- Review contracts on PolygonScan
- Report issues via email: nkefua@ndnanalytics.com
- Join the discussion: Telegram | Discord
Our Commitment
We will never claim our contracts are "audited" until they actually are. We will never deploy real user funds to unaudited code. And when the audit happens, we will publish the full report โ every finding, every fix, complete transparency.
Security in DeFi is earned, not assumed. We're building that trust one transparent step at a time.
Want to support Njangi House's journey to mainnet? Read our call for supporters or try the testnet now.