Security

Responsible disclosure policy, scope, severity levels, and the platform security model.

Responsible disclosure

Do not open a public GitHub issue for security vulnerabilities. Email security@satelink.network. We acknowledge within 48 hours and triage within 7 days. Include a description, reproduction steps, impact assessment, and optionally a suggested fix.

In scope

  • Smart contracts (RevenueVault, node registry, settlement/claims contracts)
  • The RPC gateway and its authentication/authorization
  • Settlement and claims flows, epoch anchoring, Merkle verification
  • The node edge agent

Out of scope

  • Social engineering and physical attacks
  • Third-party dependencies (report upstream)
  • Test/mock contracts
  • Gas-limit denial of service

Severity

LevelMeaning
CriticalDirect loss of funds
HighProtocol disruption or access-control bypass
MediumLimited or conditional impact
LowInformational

There is no formal bug bounty yet. We commit to safe harbor for good-faith research.

Platform security model

  • Non-custodial payments. Deposits are plain ERC-20 transfers from your wallet to a verified vault contract. We never hold your private keys, and key binding uses a gas-free signature.
  • Secrets hygiene. No secrets in the repository; configuration is environment-injected. Admin credentials never reach the browser — the frontend proxies admin calls server-side.
  • Financial safety gates. On-chain settlement broadcasting sits behind multiple independent guards (funded signer, revenue threshold, explicit human enablement) and currently runs in dry-run mode.
  • Data integrity. Test and phantom data are flagged at the row level and excluded from all reported revenue. Historical incidents and their fixes are documented, not hidden — see the incident history in the repository.

Contact