Non-Custodial by Design
Zenland Never Holds Your Funds
When you create an escrow, funds go directly to a smart contract — not to Zenland.
- ✅ No company can access your funds
- ✅ No employee can steal or freeze your money
- ✅ No server hack can compromise your escrow
- ✅ No government can seize funds without your keys
How It Works
The smart contract:- Holds funds according to programmed rules
- Only releases when conditions are met
- Cannot be changed after deployment
- Is fully auditable by anyone
Security Layers
Layer 1: Smart Contract Safety
Minimal Proxies (EIP-1167)
Each escrow is a lightweight clone of the audited implementation.
Reentrancy Guards
Protection against reentrancy attacks on all state-changing functions.
SafeERC20
OpenZeppelin’s safe transfer library prevents token-related exploits.
Checks-Effects-Interactions
State changes happen before external calls to prevent manipulation.
Layer 2: Protocol Safety
CREATE2 Addresses
Escrow addresses are deterministic — you know where funds go before sending.
Atomic Operations
Escrow creation and funding happen in one transaction. No front-running.
State Machine
Clear state transitions prevent invalid operations.
Token Whitelist
Only DAO-approved tokens are supported. No weird token exploits.
Layer 3: Trust Boundaries
Factory Registry
Only escrows created by the official factory are recognized.
Agent Validation
Agents are re-validated when invited to prevent stake manipulation.
What Could Go Wrong (And How We Handle It)
Malicious token contracts
Malicious token contracts
Risk: Tokens with hooks, fees, or rebasing could exploit escrows.Mitigation: Only whitelisted stablecoins (USDC, USDT) are supported. Fee-on-transfer and rebasing tokens are explicitly blocked.
Front-running attacks
Front-running attacks
Risk: Someone could front-run your escrow creation.Mitigation: CREATE2 salt includes your address, so only you can deploy to your predicted address.
Agent collusion
Agent collusion
Risk: Agent could collude with one party.Mitigation: Agents stake funds (5% of MAV minimum). Misbehavior = slashing by DAO.
Smart contract bugs
Smart contract bugs
Risk: Bugs could lock or drain funds.Mitigation: Contracts are thoroughly tested and audited. Immutable escrows can’t be “patched” after deployment.
Immutability
Once your escrow is created:- The rules can’t change — your escrow follows the version it was created with
- No admin backdoor — there’s no function to drain funds
- DAO upgrades don’t affect you — only new escrows use new code
This is intentional. Immutability is a feature, not a bug. It means you can trust the code.
Best Practices for Users
Verify the Address
Check that the escrow address matches what’s in your PDF contract.
Use the Official App
Always use zen.land. Bookmark it to avoid phishing sites.
Keep Your Keys Safe
Your wallet is your escrow access. Protect your seed phrase.
Understand the Terms
Read the escrow terms before funding. The smart contract enforces them exactly.
View Security Audit
Learn about our security audits →