Security is central to ONTON Γ ONIONβs infrastructure β from smart contract integrity to user protection in the Mini App ecosystem. This document outlines the layers in place to ensure safe participation and decentralized trust.
π Smart Contract Security
| Contract Component | Status |
|---|---|
| ONION Jetton Token | β Audited (May 2025) |
| Genesis NFT + Merge | π Internal reviewed, public audit pending |
| Claim & Airdrop Engine | π Security tests in progress |
| Staking Contracts | β Built on audited TONStakers base |
All production contracts will be:
- Open-source
- Verified on TON network
- Linked in claim and governance UIs
π€ Mini App Security & UX Integrity
- Telegram WebApp SDK integration only through verified sessions
- No private key storage; sessions are temporary & scoped
- Wallet connections via Tonkeeper, OpenMask, or QR login
- Only one claim or merge per snapshot wallet
Spam, bot, and sybil filters include:
- Unique wallet-telegram linkage
- Event-specific SBT verification
- Claim throttling logic & CAPTCHA triggers
π§ββοΈ Treasury & Governance Safety
- DAO-controlled multi-sig wallet (Foundation + staker reps)
- All treasury outflows must pass a proposal + vote threshold
- Emergency halt switch for critical contract issues
𧩠Ongoing Protections
- Public bug bounty program (July 2025)
- GitHub + IPFS version control for proposals and snapshots
- Legal review for every token issuance campaign (airdrop, sale)
ONTON grows through participation β and participation must be secure, verifiable, and fair.