Security
Security is our top priority. usmewe implements multiple layers of protection for your assets and data.Security Status
| Category | Status |
|---|---|
| Smart Contract Audit | PASS (0 critical, 0 high) |
| Penetration Testing | PASS (69 tests) |
| Rate Limiting | Multi-tier DDoS protection |
| Secret Management | Infisical + pre-commit hooks |
Security Layers
Smart Contract Security
Audited Solidity contracts with formal verification
API Security
Rate limiting, input validation, CORS protection
Data Protection
Encrypted at rest, TLS in transit, GDPR compliant
Account Security
2FA, session management, suspicious activity alerts
Audit Reports
Our smart contracts have been professionally audited:Security Audit Report
View full audit findings and remediations
Findings Summary
| Severity | Found | Fixed |
|---|---|---|
| Critical | 0 | - |
| High | 0 | - |
| Medium | 3 | 3 |
| Low | 5 | 5 |
| Informational | 8 | 7 |
Bug Bounty Program
We offer rewards for responsible disclosure of security vulnerabilities:| Severity | Reward |
|---|---|
| Critical | 25,000 |
| High | 5,000 |
| Medium | 2,500 |
| Low | 500 |
Bug Bounty Details
How to report vulnerabilities and claim rewards
Security Practices
Development
- All code reviewed by at least 2 developers
- Automated security scanning in CI/CD
- Dependency vulnerability monitoring
- Pre-commit hooks for secrets detection
Operations
- 24/7 monitoring and alerting
- Incident response procedures
- Regular backup and recovery testing
- Access logging and audit trails
Infrastructure
- Cloud security best practices
- Network segmentation
- Regular penetration testing
- DDoS protection
Responsible Disclosure
If you discover a security issue:- Do not publicly disclose the vulnerability
- Email [email protected] with details
- We’ll respond within 24 hours
- Work with us on a fix
- Receive your bounty reward
Contact
For security concerns:- Email: [email protected]
- PGP Key: Download
- Response Time: < 24 hours