OnChain Sentinel logoOnChain Sentinel

Security Center

Security is not a feature; it is the foundation of OnChain Sentinel. We operate with a defense-in-depth strategy around the PGTAIL engine: fail-closed evaluation, signed audit logs, and rigorous review of deployment artifacts.

Our Threat Model

OnChain Sentinel assumes an adversarial environment. Production protection is API-native: wallets and applications call PGTAIL before signing; policy violations return structured block decisions with full audit context.

  • No Custodian Risk: Users retain full custody of their keys.
  • No Single Point of Failure: Policy is explicit, versioned, and evaluated independently per request.
  • Fail-closed decisions: When risk exceeds policy, PGTAIL returns block before the user proceeds — with explainable guard signals.
Read the full Threat Model Rationale →

Audits & Verification

We are committed to transparency. All core smart contracts (Smart Account, Factory, L1 Bridge) undergo rigorous audits by top-tier security firms before Mainnet deployment.

Audit reports for the Testnet contracts will be published here upon completion (Target: M8 Milestone).

Bug Bounty Program

We incentivize security researchers to find and report vulnerabilities in our protocol. Our bug bounty program covers the OCS L2 Protocol, Smart Account contracts, and the Bridge interface.

Critical: Up to $100,000

Direct theft of user funds, unauthorized minting, or permanent freezing of assets.

High: Up to $20,000

Temporary denial of service, bypass of non-critical policy checks, or manipulation of risk scores.

To report a vulnerability, please email security@onchainsentinel.com using our PGP key.

Reporting an Incident

If you believe your account has been compromised or you have detected an active exploit on the network, please follow these steps immediately:

  1. Disconnect your wallet from all dApps.
  2. Revoke permissions using a tool like Revoke.cash.
  3. Contact us immediately via the Emergency Channel.

Note: While the OCS Network has built-in "Incident Pause" modes (E5), they are triggered by governance or the Security Council, not individual user reports, to prevent abuse.