Security Center
Security is not a feature; it is the foundation of the OCS Network. We operate with a defense-in-depth strategy, combining protocol-level enforcement with rigorous external auditing.
Our Threat Model
The OCS Network assumes an adversarial environment. We do not rely on perimeter security or API keys. Instead, we rely on cryptographic enforcement of user policy at the Sequencer level.
- No Custodian Risk: Users retain full custody of their L1 keys.
- No Single Point of Failure: The PGTAIL Protocol prevents any single actor (even us) from executing unauthorized transactions.
- Native Rejection: Invalid transactions are dropped from the mempool, preventing them from ever being mined.
Audits & Verification
We are committed to transparency. All core smart contracts (Smart Account, Factory, L1 Bridge) undergo rigorous audits by top-tier security firms before Mainnet deployment.
Audit reports for the Testnet contracts will be published here upon completion (Target: M8 Milestone).
Bug Bounty Program
We incentivize security researchers to find and report vulnerabilities in our protocol. Our bug bounty program covers the OCS L2 Protocol, Smart Account contracts, and the Bridge interface.
Critical: Up to $100,000
Direct theft of user funds, unauthorized minting, or permanent freezing of assets.
High: Up to $20,000
Temporary denial of service, bypass of non-critical policy checks, or manipulation of risk scores.
To report a vulnerability, please email security@onchainsentinel.com using our PGP key.
Reporting an Incident
If you believe your account has been compromised or you have detected an active exploit on the network, please follow these steps immediately:
- Disconnect your wallet from all dApps.
- Revoke permissions using a tool like Revoke.cash.
- Contact us immediately via the Emergency Channel.
Note: While the OCS Network has built-in "Incident Pause" modes (E5), they are triggered by governance or the Security Council, not individual user reports, to prevent abuse.