← Back to home

Security

Security First. Always.

BMAXI Network is designed with defense-in-depth. Every layer — from smart contracts to API gateway — is hardened against known attack vectors.

Threat model & guarantees

  • API key compromise: Keys are issued by BMAXI and used server-side only. Rotate via contact; rate limits and circuit breakers limit blast radius.
  • Contract upgrade risk: UUPS proxy allows upgrades only by owner; multi-sig (e.g. Gnosis Safe) recommended for production.
  • API abuse / DDoS: Rate limiting per IP, request validation, and optional admin-only monitoring endpoints.

Where your data & keys live

API keys are issued by BMAXI and stored server-side (env or secrets manager). We never expose private keys to clients. Oracle and deployer keys are stored in hardware wallet or KMS; no secrets in client-side code or repos.

Certificate payloads are written on-chain (Base L2); the transparency log is append-only and hash-chained (SHA-256) for auditability.

Backup & recovery

On-chain certificates are immutable once issued; verification does not depend on our backend. The transparency log is append-only — we do not delete or rewrite history. In case of backend failure, anyone can still verify certs via the contract and chain explorer. Key material is backed up according to our operational playbook (recovery via multi-sig / KMS).

Scope and limitations of the automated audit

Our automated audit is a technical compliance filter: it checks headers, opt-out, robots.txt, wallet reputation, content patterns, and config. It works well to detect obvious spam, misconfigured agents, and non-compliant behavior (e.g. emails without unsubscribe, aggressive scraping).

It does not judge intent or semantic truth. Examples of issues the auto audit does not cover:

  • An agent that lies in its content or makes fraudulent promises
  • A trading bot that manipulates a market
  • An agent that changes behavior after certification
  • Ambiguous cases (e.g. scraping for research vs. attack, bulk email as newsletter vs. spam)

For those cases, a human or community arbitration layer is needed. We are building toward that (Layer 3 — planned). Today, BMAXI delivers a strong Layer 1 (automated audit + short-lived cert) and Layer 2 (reputation via wallet + revocation).

Smart Contract Security

  • No external calls — zero reentrancy risk
  • Solidity 0.8.34 — native overflow/underflow protection
  • UUPS proxy pattern — upgradeable without data migration
  • Metadata length capped (4096 bytes) — prevents gas griefing
  • Batch operations capped (100) — prevents out-of-gas attacks
  • Emergency pause mechanism — owner can freeze all write operations
  • EIP-165 introspection — standard-compliant interface detection

Access Control

  • Role separation: Owner (admin) vs Oracle (operations)
  • Multi-signer support — authorized signers can act as oracle
  • Multi-sig recommended for production owner (Gnosis Safe)
  • Oracle key rotation via transferOracle() — no downtime
  • Ownership transfer with zero-address protection

Data Integrity

  • SHA-256 hash-chained transparency log — tamper-evident
  • On-chain certificates — immutable once issued on Base L2
  • Certificate expiry checked dynamically (1 day validity)
  • Private certificate storage — readable only via getCertificate()
  • 7-check compliance oracle — automated trust scoring

Infrastructure

  • API rate limiting per IP — DDoS mitigation
  • Circuit breaker pattern — cascading failure prevention
  • Request validation & sanitization on all endpoints
  • CORS restricted to authorized domains
  • HTTPS enforced on all public endpoints
  • No secrets in client-side code — env-only configuration

Operational Security

  • Deployer keys stored in hardware wallet or KMS
  • CI/CD pipeline with automated linting & testing
  • Docker containers with resource limits & read-only filesystem
  • Graceful shutdown — no data loss on restart
  • Structured logging with correlation IDs

Report a vulnerability

Found a vulnerability? We welcome responsible disclosure. Please report it so we can address it promptly.

Report a vulnerabilityRead Security Docs

Last security review: March 2026 • Next scheduled review: June 2026

Contact: agent@bmaxi.network