Build on the Truth Layer.
Ten contracts live on Polygon Mainnet. Source public on GitHub. The same primitives the Sovereign Truth Layer uses for its own attestation pipeline are available to integrators today, with first-class API + SDK launching at Tier-1 audit publication. Build above the chain that refuses to mint without physics.
Five minutes to first integration.
Three steps from clone to first read of an attestation event. No API key required for read-only contract inspection. The contracts speak directly via Polygon RPC.
Clone the source
Pull the foundry-round2 branch. Foundry-based build, Solidity 0.8.28. All contracts plus 119 invariant + unit tests.
git clone github.com/ecovent-africa/vpay-sovereign
Run the test suite
Foundry runs all 119 tests with 256-run × 128k-call invariant fuzzing across the Trinity contracts. Green suite in under 30 seconds on modern hardware.
forge test --gas-report
Read mainnet state
Use ethers.js, web3.js, viem, or any JSON-RPC client. The example below reads block height directly from drpc.org and confirms all 10 contracts are deployed.
curl polygon.drpc.org
// Verify all 10 VPAY Genesis contracts are deployed on Polygon Mainnet import { JsonRpcProvider, Contract } from 'ethers'; const provider = new JsonRpcProvider('https://polygon.drpc.org'); const contracts = { SOV: '0x5833ABF0Ecfe61e85682F3720BA4d636084e0eC0', AttestationBridge: '0x0ba2c622a2571c449fed251b165096f48adb8b0a', // IP #1 · Matter KommitBridge_v12: '0x6B986eF2EFDB5852F1DAa51e450E3ecA86B1590E', // IP #2 · Mind MasieBridge_v10: '0x358c50C1DAe9AD41D0070a3767221F3c191b22F6', // IP #3 · Witness CircuitBreaker: '0xeaef8dc4872a73815aea74a31ff7c83fdaa347d4', SovereignNode: '0x85fd80586649b730241ef9312653005119dc2fe1', MinerRewards_v2: '0xfcb7d33f7d00040767faaca707f57c4e0bd5db19', VPAYVault: '0x8e0cec6a163ad43b1df8d050acf162f251d37165', GuardianBond: '0x180a4d91daead13cabe2cc60985a8808eab82ff1', SOVVesting: '0x452987FE45BbbF38A8cf12854F99983b549369F1', }; // Verify every address has deployed bytecode for (const [name, addr] of Object.entries(contracts)) { const code = await provider.getCode(addr); console.log(`${name}:`, code.length > 2 ? '✓ deployed' : '✗ not found'); }
Output: all ten contracts return ✓ deployed. You are now connected to the Sovereign Truth Layer.
What's live · what's launching · what's coming.
Honest roadmap of integrator-facing surfaces. The Tier-1 audit gate is the inflection point — production API and SDK launch at audit publication, currently targeting Q3 2026.
Source on GitHub Live
Full contract source on the foundry-round2 branch. 10 contracts. Foundry build system. 119 tests + 256-run × 128k-call invariant fuzzing across the Trinity (Matter / Mind / Witness). Reproducible builds.
github.com/ecovent-africa/vpay-sovereign →Polygon RPC integration Live
Read directly from Polygon Mainnet via any JSON-RPC client. drpc.org and polygon-rpc.com both supported. No authentication required for read-only inspection. All contracts source-verified on Polygonscan for ABI extraction.
View contracts on Polygonscan →Institutional API Q3 2026
Production REST + WebSocket API for attestation events, reserve queries, mint/burn streams. Role-based access (exchange · custodian · regulator tiers). Authenticated. Mock spec already public — see /technical.html#institutions.
View mock API spec →SDKs Q3 2026
First-class SDKs in TypeScript, Python, and Go. Launching alongside the production API at Tier-1 audit publication. Type-safe access to all contract methods plus higher-level helpers for attestation verification and reserve queries.
Awaiting audit publicationPolygon Amoy sandbox Q3 2026
Testnet deployment of the full contract suite on Polygon Amoy (testnet) for sandbox integration testing without mainnet risk. Mocked attestation flows. Free POL faucet integration. Reset weekly.
Sandbox config launching with auditBug bounty Q3 2026
Immunefi / HackenProof class bug-bounty programme launching at Tier-1 audit publication. Scope, exclusions, and payout tiers documented at audit close. Responsible disclosure address below remains active in the interim.
See responsible disclosure →Found something? Tell us before you tell the world.
Pre-audit, responsible disclosure goes through a single point of contact. Post-audit, the formal bug-bounty programme replaces this channel. In the meantime — security researchers welcome.
Responsible disclosure protocol
Security disclosure address: security@ecoventafrica.com · responses within 48 business hours · acknowledgement of receipt within 24 hours.
PGP key: available at /.well-known/security.txt (RFC 9116 compliant).
Scope: all 10 Polygon Mainnet contracts (see /transparency for the full ledger) · the GSU hardware specification · all deployed website surfaces. Out-of-scope: third-party services (Plausible · Netlify · Polygon RPC providers).
Acknowledgement: security researchers who follow responsible disclosure are publicly credited (with permission) at /security-hall-of-fame (in development). Pre-audit period: discretionary bounty offered for valid critical findings.
Public disclosure: agreed 90 days from acknowledgement of receipt OR upon patch deployment + verification, whichever is earlier. Coordinated disclosure preferred over zero-day publication.
Building something on top of VPAY?
Reach out. We're actively engaging with integrators across custody, exchange, wallet, payment, and RWA infrastructure layers. Developer grants programme launching Q4 2026.