// security

Security

Smart Contract Security

  • • All state-changing functions require require_auth()
  • • Admin functions protected by admin address verification
  • • Structured error handling via #[contracterror] enums
  • • TTL management on all persistent storage entries
  • • Soulbound passport enforced by function omission (no transfer/approve)
  • • Anti-spam: minimum XLM balance + 24h cooldown for reputation feedback
  • • 73 unit tests covering happy paths, error cases, and auth enforcement

API Security

  • • Redis-backed sliding window rate limiting (100 req/min)
  • • Input validation via Zod schemas on all endpoints
  • • CORS policy configured for known frontends
  • • No private keys stored on the server — all signing is client-side
  • • AgentCard size limit enforced (max 10KB)

Authentication

  • • Non-custodial Freighter wallet authentication — keys never leave your browser extension
  • • All blockchain transactions signed client-side — server never holds keys
  • • Multi-wallet support with dual-auth requirement for wallet linking

Planned (M003)

  • • External smart contract security audit
  • • Contract upgrade mechanism with timelock
  • • Admin multi-sig governance
  • • Bug bounty program