Security | The Candidate Protocol

Protocol Overview

The Candidate Protocol is a tokenized entertainment ecosystem on Solana that sells vesting contracts for the $CANDI token. The protocol uses a hybrid architecture with only two custom on-chain programs, leveraging audited third-party protocols for all other functionality.

Domain: candi.thecandidate.com
Network: Solana Mainnet-Beta
Entity: The Candidate, LLC (Puerto Rico)

On-Chain Programs

The protocol deploys two custom Solana programs, both built with the Anchor framework:

FoundersEraProgram

Phase 1 contract sales, revenue routing, and vesting stream creation

GLZPaMcGNU5vwHcq8kLiq92BdgK5eB6bvPVg6KSEmYRj

MarketplaceProgram

Secondary market for vesting contract transfers with 3% fee

AP71borjhnb1F7EeJDMXftAyHCA3Ch2dUc1fZTXfm8nB

Token Security

The $CANDI token has a fixed supply with strong on-chain security guarantees:

Fixed Supply: 1,000,000,000 CANDI (1 billion) — no inflation possible
Mint Authority Revoked: No entity can create new tokens
No Freeze Authority: No entity can freeze user token accounts
Standard SPL Token: Native Solana token standard, fully interoperable
Immutable Vesting: Once created, vesting schedules cannot be modified or cancelled

Third-Party Protocol Integrations

The protocol integrates with established, audited Solana protocols rather than building custom solutions for standard functionality:

Protocol	Purpose
Streamflow Finance	5-year linear vesting for all CANDI contracts
Squads Protocol v4	2-of-3 multisig governance with 72-hour timelock
Jupiter DCA	Automated USDC-to-CANDI buybacks via Jupiter DCA (24/day per position; up to ~720/day at scale)
Solana Attestation Service (SAS)	On-chain KYC attestations for transaction gating

KYC/AML Compliance

All participants must complete identity verification before transacting:

Provider: Sumsub (industry-leading KYC/AML platform)
On-Chain Gating: Solana Attestation Service (SAS) attestations are verified by the program at transaction time
Universal Verification: A single KYC verification unlocks all protocol features (buying, selling, affiliates, marketplace)
Validated At Transaction Time: The on-chain program validates KYC status during each transaction, not just at registration
Tax Compliance: 1099-MISC for US affiliates ($600+ threshold), 1099-K for US marketplace sellers ($5,000+ threshold)

Governance Model

Protocol governance uses Squads Protocol v4 for safe, transparent multisig operations:

2-of-3 Multisig: All administrative actions require approval from at least 2 of 3 authorized signers
72-Hour Timelock: Approved transactions are delayed 72 hours before execution, allowing community review
On-Chain Transparency: All governance actions are verifiable on the Solana blockchain
No Unilateral Control: No single key can modify the protocol or access funds

Revenue Architecture

Revenue routing is enforced on-chain with immutable split ratios:

50% to CCV (Continuous Collateralized Vault): Always — executes automated CANDI buybacks via Jupiter DCA
40-50% to Company: Operational expenses and development
10% Affiliate Commission: When applicable, paid from the company share (CCV always receives exactly 50%)

The CCV never sells CANDI — it is an accumulation-only buyback mechanism that creates persistent buy pressure.

Protocol Constraints

The following actions are architecturally impossible by design:

Mint new CANDI tokens (mint authority revoked)
Burn CANDI tokens
Freeze user token accounts (no freeze authority)
Modify vesting schedules after creation
Sell CANDI from the CCV (accumulation only)
Change Phase 1 contract count or pricing tiers
Allow buyers to select specific tiers (sequential assignment only)

Transaction Security

Every transaction includes multiple safety checks:

Transaction Simulation: All transactions are simulated before sending to prevent failed transactions and wasted fees
Versioned Transactions: Uses Address Lookup Tables (ALT) to optimize transaction size
USDC Payments Only: All purchases use USDC stablecoin — no volatile token payments
Content Security Policy: Strict CSP headers restrict which domains the application can communicate with

Monitoring & Transparency

Helius Webhooks: Real-time monitoring of all on-chain program activity with Discord alerting
Dune Analytics: Public dashboards for transparent on-chain reporting
SOL Balance Monitoring: Automated alerts when vault SOL balance approaches critical thresholds

Contact

For security inquiries, verification requests, or to report vulnerabilities:

The Candidate, LLC
A Puerto Rico Limited Liability Company

Security: security@thecandidate.com
General: support@thecandidate.com
Website: thecandidate.com