Belief Index holds investor assets on the Polygon blockchain in a dedicated multi-signature Safe — a smart-contract wallet that requires multiple authorized signers to approve any outbound transaction. All holdings are on-chain and publicly verifiable. This page explains the security controls, withdrawal safeguards, and operational practices that protect investor funds.Documentation Index
Fetch the complete documentation index at: https://docs.beliefsystems.xyz/llms.txt
Use this file to discover all available pages before exploring further.
Custody arrangements are operational and evolving during the alpha program. This page describes the current model and its design principles.
What Is Held in Custody
When you invest in a Belief Index series, two types of assets are held on your behalf:| Asset Type | Description | Standard |
|---|---|---|
| pUSD | Polymarket USD — a dollar-pegged stablecoin (backed 1:1 by USDC) held in custody as the cash leg of all prediction market positions. Investor deposits arrive as USDC and are converted to pUSD inside custody. | ERC-20 on Polygon |
| Outcome tokens | Prediction market positions acquired through the minting process | ERC-1155 on Polygon |
Custody Model
Assets are held in a multi-signature wallet (a Safe) on the Polygon blockchain. A Safe is a smart-contract wallet that requires more than one authorized signer to approve any outbound transaction — no single individual can move funds unilaterally. This is the same custody pattern used by professional crypto treasuries and institutional funds.- How it works
- Traditional finance analogy
The Safe is configured with multiple authorized signing keys, and a threshold of those keys must sign before any outbound transfer is executed on-chain. In practice, this means:
- No single point of failure — Compromise or loss of one key alone does not move funds
- No unilateral action — Every withdrawal, rebalance, or transfer requires multiple independent approvals
- On-chain governance — The signer set, the threshold, and every approval are all recorded on the blockchain and publicly verifiable
- Defense in depth — The multi-sig requirement sits underneath the application-layer safeguards (admin approval, cooldown, solvency check) described below
For operational security, Belief Systems does not publish the specific signer set, threshold configuration, or hardware-signer details. The Safe contract itself, all signer approvals, and every executed transaction are public on-chain and can be independently inspected at the custody address.
| Property | Detail |
|---|---|
| Blockchain | Polygon (public, auditable) |
| Wallet type | Multi-signature smart-contract wallet (Safe) |
| Authorization | Multiple independent signers required per transaction |
| Assets held | pUSD + prediction market outcome tokens (ERC-1155) |
| Transparency | All holdings, signer approvals, and transactions are on-chain and publicly verifiable |
| Control | Belief Systems maintains operational control of the signer set during the alpha program |
| Reconciliation | Internal ledger is reconciled against on-chain state |
Withdrawal Safeguards
Every withdrawal goes through a multi-step process with layered security controls. No withdrawal is executed automatically — each one requires human approval and passes through multiple automated checks before any funds leave custody.Request
The investor submits a withdrawal request specifying the amount and destination wallet address. Funds are locked in the ledger immediately, preventing double-spending. The system validates the destination address and confirms the investor has sufficient unlocked balance (accounting for any existing pending withdrawals).
Admin review
Every withdrawal requires explicit approval from an authorized administrator. The admin reviews the request alongside enriched context: the investor’s history, current balances, recent activity, and any automatic risk flags (see below). The admin can approve or reject the request.
Mandatory cooldown
After approval, a 15-minute mandatory cooldown period begins. During this window, the withdrawal cannot be executed. This provides a buffer for detecting errors, responding to suspicious patterns, or revoking approval if new information emerges. The admin retains the ability to reject the withdrawal during cooldown.
Pre-flight solvency check
Before execution, the system performs an automated solvency check — verifying that the custody Safe holds sufficient pUSD to cover this withdrawal plus all other pending withdrawal obligations. If the balance is insufficient, execution is blocked.
On-chain execution and confirmation
The pUSD transfer is submitted on-chain as a Safe transaction signed by the required number of authorized signers. The system monitors the transaction for confirmation. Once confirmed on the blockchain, the withdrawal is finalized in the ledger. If the transaction fails or reverts, funds are automatically unlocked and returned to the investor’s balance.
Automatic Risk Detection
The system automatically flags withdrawal patterns that warrant additional scrutiny. These flags are surfaced to the reviewing administrator alongside each withdrawal request:| Risk Flag | Trigger | Purpose |
|---|---|---|
| First withdrawal | Investor has never completed a withdrawal before | Higher scrutiny for initial fund movements |
| Large withdrawal | Amount exceeds 50% of investor’s lifetime deposits | Detect unusually large outflows |
| Rapid withdrawal | A deposit was credited within the last 24 hours | Flag potential deposit-and-withdraw patterns |
| Balance percentage | Amount as a percentage of total uninvested balance | Context for the relative size of the request |
Separation of Funds
The custody model maintains clear separation between different categories of funds:| Category | Description | Purpose |
|---|---|---|
| Platform funds | Uninvested investor deposits and withdrawal reserves | Not allocated to any series; available for investment or withdrawal |
| Series funds | Prediction market positions and cash allocated to a specific series | Collateral backing the shares of that series |
- Assets belonging to one series are not commingled with another
- Uninvested capital is identifiable and available for deployment or withdrawal
- Each series’ backing can be independently verified
Why separation matters
Why separation matters
In traditional fund management, commingling client assets is a serious regulatory violation. While Belief Index operates in a different regulatory context, the principle is the same: investors should be able to verify that their series’ assets exist and are not being used to cover obligations of a different series.The internal ledger tracks which positions belong to which series, and the on-chain holdings can be cross-referenced for verification. See On-Chain Verification for how to independently confirm holdings.
Double-Entry Accounting
The internal ledger uses double-entry accounting — the same system used by every professional fund administrator. Every transaction is recorded as a balanced debit and credit entry, ensuring that:- No value is created or destroyed — Every debit has a corresponding credit
- Errors are detectable — If debits and credits don’t balance, the system halts
- Full audit trail — Every mint, redemption, fee accrual, deposit, withdrawal, and position change is recorded immutably
Finalized ledger entries are immutable — they cannot be edited or deleted. If a correction is needed, it is recorded as a new compensating entry, preserving the complete audit history. This is standard practice in fund accounting and ensures that the historical record is never altered.
Investor Protections
What the security model provides:- Multi-signature Safe custody — multiple authorized signers required for any outbound transfer
- Human-in-the-loop approval for all withdrawals
- Mandatory cooldown period before fund movements
- Automated solvency checks before execution
- Automatic suspicious pattern detection for admin review
- On-chain auditability of all holdings, signer approvals, and transactions
- Separation between series assets and platform funds
- Double-entry accounting with immutable records
- Automated integrity checks and halting on discrepancies
- Insurance or deposit guarantees (no FDIC, SIPC, or equivalent)
- Guaranteed access to funds at any time
- Protection against smart contract vulnerabilities in the underlying tokens
- Independence from Belief Systems’ operational decisions
- Protection against blockchain-level failures or attacks
Integrity Safeguards
The system includes automated safeguards that prioritize asset safety:| Safeguard | Description |
|---|---|
| Reconciliation checks | Internal ledger is regularly reconciled against on-chain holdings |
| Integrity halts | Minting and redemption are automatically paused if any discrepancy is detected |
| Invariant enforcement | The system continuously verifies that share supply equals the sum of investor balances |
| No negative balances | The system prevents overdrafts or unauthorized creation of value |
| Database-level locking | Concurrent withdrawal executions are serialized to prevent race conditions |
On-Chain Verification
How to independently verify that assets exist on-chain.
Risk Factors
Comprehensive risk disclosure including custody risks.
Deposits & Withdrawals
How to move funds in and out of custody.
NAV Methodology
How custody positions are valued.