Security Model
Zero Key Storage Policy
Oak Network never stores private keys. We leverage industry-leading security providers to ensure maximum security:- Privy: Embedded wallet management and social authentication
- Turnkey: Enterprise-grade hardware security modules
- User Wallets: Direct blockchain interactions with user-controlled keys
Multi-Layer Security
Oak Network implements a comprehensive security model with multiple layers of protection:Key Management Security
Privy Integration
Oak Network integrates with Privy to provide secure, user-friendly wallet management:- Embedded Wallets: Seamless wallet creation without seed phrases
- Social Authentication: Email, Google, Apple, and social media login
- Multi-Factor Authentication: Enhanced security for all users
- Recovery Mechanisms: Secure account recovery without private keys
- Hardware Security: Integration with device security features
Turnkey Integration
For enterprise and platform integrations, Oak Network uses Turnkey for hardware-grade security:- Hardware Security Modules: Enterprise-grade key storage
- Multi-Signature Support: Advanced transaction signing
- Audit Trails: Complete transaction and key usage logging
- Compliance: SOC 2 Type II and other security certifications
- Zero-Knowledge Proofs: Cryptographic proofs without key exposure
Security Architecture
Access Control
Role-Based Permissions
Permission Hierarchy
- Protocol Admin: Global protocol control
- Platform Admin: Platform-specific control
- Campaign Owner: Campaign-specific control
- Public: Read-only access
Input Validation
Parameter Validation
Bounds Checking
Reentrancy Protection
Checks-Effects-Interactions Pattern
Reentrancy Guards
Audit Process
Our Commitment to Security
Oak Network takes security extremely seriously. We believe that for a decentralized crowdfunding protocol handling real funds, comprehensive security audits are not optional—they are essential. That’s why we’ve invested in multiple professional security audits from industry-leading firms.Professional Security Audits
Oak Network contracts have been audited by two of the most respected security firms in blockchain:OpenZeppelin
Industry Leader in Smart Contract Security OpenZeppelin conducted a comprehensive audit of Oak Network’s smart contracts:- Completed: May 2026
- Scope: All core contracts and utilities
- Focus Areas:
- Access control mechanisms
- Reentrancy protection
- Economic security
- Integration patterns
- Status: ✅ Completed - All findings addressed
- Robust access control implementation
- Proper use of established security patterns
- Strong input validation throughout
- Efficient gas optimization
Immunefi
Leading Blockchain Security Firm Immunefi performed an independent security audit:- Scope: Full protocol security review
- Focus Areas:
- Smart contract vulnerabilities
- Economic exploits
- Upgrade mechanism security
- Cross-contract interactions
- Status: ✅ Completed - Critical issues resolved
- No critical vulnerabilities
- 2 medium-severity issues (fixed)
- 5 low-severity issues (fixed)
- Strong security architecture overall
Immunefi
Bug Bounty Platform Partner Oak Network is part of Immunefi’s bug bounty program:- Platform: Immunefi (premier Web3 bug bounty platform)
- Program Status: Active
- Rewards: Up to $50,000 for critical vulnerabilities
- Scope: All smart contracts and integrations
- Critical: Up to $50,000
- High: Up to $20,000
- Medium: Up to $5,000
- Low: None
Why Multiple Audits?
We believe in defense in depth:- Different Perspectives: Each auditor brings unique expertise and perspective
- Comprehensive Coverage: Multiple audits catch different types of vulnerabilities
- Industry Standards: Aligns with best practices for DeFi protocols
- Community Confidence: Demonstrates our commitment to security
Audit Scope
Our audits covered:- Smart Contract Security: Comprehensive code review
- Economic Security: Tokenomics and incentive analysis
- Integration Security: Cross-contract interaction analysis
- Upgrade Security: Upgrade mechanism review
- Access Control: Multi-level permission systems
- Reentrancy Protection: State management and external calls
- Input Validation: Parameter bounds and type checking
Audit Reports
- Immunefi: Completed
- OpenZeppelin: Completed
Continuous Security
Our commitment to security doesn’t end with audits:- Ongoing Monitoring: Real-time security monitoring
- Bug Bounty: Active Immunefi program
- Regular Reviews: Periodic security assessments
- Community Input: Open source security reviews
- Rapid Response: Dedicated incident response team
Bug Bounty Program
Oak Network participates in Immunefi’s bug bounty program—the leading Web3 bug bounty platform used by major DeFi protocols like Synthetix, Chainlink, and MakerDAO.Program Details
Scope:- All Oak Network smart contracts
- Integration security issues
- Economic exploits
- Access control vulnerabilities
- Upgradability mechanisms
- Treasury contract interactions
| Severity | Reward Range | Examples |
|---|---|---|
| Critical | $10,000 - $50,000 | Loss of funds, contract destruction |
| High | $5,000 - $20,000 | Permanent freezing of funds |
| Medium | $1,000 - $5,000 | Temporary freezing, access control bypass |
| Low | None |
Submission Process
- Report: Submit detailed vulnerability report through Immunefi
- Review: Oak Network security team reviews within 24 hours
- Validation: Reproduce and validate the issue
- Fix: Implement security fix
- Reward: Issue reward for valid submissions
- Disclosure: Coordinate public disclosure
Eligibility
- First valid submission of a vulnerability
- Detailed reproduction steps and impact analysis
- Responsible disclosure
- No public disclosure before Oak Network approval
How to Participate
SoonSecurity Best Practices
For Developers
Smart Contract Development
Integration Security
For Platform Integrators
Access Control
Data Validation
For Users
Wallet Security
- Use Hardware Wallets: Store private keys in hardware wallets
- Secure Backup: Create secure backups of seed phrases
- Regular Updates: Keep wallet software updated
- Phishing Protection: Verify website URLs and contracts
Transaction Security
- Verify Contracts: Always verify contract addresses
- Check Gas Limits: Set appropriate gas limits
- Review Transactions: Review all transaction details
- Use Testnets: Test on testnets before mainnet
Emergency Procedures
Pause Mechanism
Upgrade Mechanism
Incident Response
Response Team
- Protocol Team: Core development team
- Security Team: Dedicated security experts
- Community Moderators: Community support team
Response Process
- Detection: Identify and assess security incident
- Containment: Implement immediate containment measures
- Investigation: Conduct thorough investigation
- Remediation: Implement fixes and improvements
- Communication: Communicate with community
- Prevention: Update security measures
Security Monitoring
On-Chain Monitoring
Off-Chain Monitoring
- Transaction Monitoring: Monitor all protocol transactions
- Anomaly Detection: Detect unusual patterns and behaviors
- Community Reports: Process security reports from community
- Regular Audits: Conduct regular security assessments
Security Resources
Documentation
Tools
Community
Next Steps
- Audit Reports - Review security audits
- Best Practices - Security guidelines
- Bug Bounty - Participate in bug bounty
- Incident Response - Emergency procedures