Independent Audits
Audit Reports
🛡️
Trail of Bits
Smart contracts (Solana / Anchor) · Proof of Computation algorithm · Node daemon security
🔐
OtterSec
Token contract ($OMNI SPL) · Staking mechanism · Escrow settlement logic
🔬
Zellic
ZK-SNARK proof system · Validator slashing conditions · Sybil resistance mechanism
📋
Halborn Security
Mainnet smart contracts · Cross-chain bridge · Full protocol re-audit before mainnet launch
Q2 2026
Pending
Transparency Log
All Findings & Resolutions
Every issue identified across all audits is listed below, with full resolution status. No findings have been hidden or suppressed.
| ID | Auditor | Severity | Title | Status |
|---|---|---|---|---|
| TOB-001 | Trail of Bits | Medium | Validator reward distribution rounding error | ✓ Fixed v0.9.2 |
| TOB-002 | Trail of Bits | Medium | Node registration allows duplicate wallet binding | ✓ Fixed v0.9.3 |
| TOB-003 | Trail of Bits | Medium | Escrow timeout edge case allows double-claim | ✓ Fixed v0.9.4 |
| TOB-004 | Trail of Bits | Low | Burn calculation uses integer division (precision loss) | ✓ Fixed v0.9.4 |
| TOB-005 | Trail of Bits | Info | Missing event emission on stake withdrawal | ✓ Fixed v0.9.5 |
| OTT-001 | OtterSec | Medium | Staking unlock schedule bypass via re-entrancy pattern | ✓ Fixed v0.9.6 |
| OTT-002 | OtterSec | Low | Token metadata URI not validated on-chain | ⚠ Acknowledged |
| ZEL-001 | Zellic | Info | ZK circuit lacks domain separation for test/mainnet | ✓ Fixed v0.9.7 |
Security Architecture
How We Stay Secure
Multisig Upgrade Keys
All protocol upgrades require a 4-of-7 multisig from the security council. No single person can push a contract change unilaterally.
72-Hour Upgrade Timelock
Every smart contract upgrade is subject to a 72-hour on-chain timelock, giving the community time to review and respond before changes go live.
ZK Computation Proofs
Node results are verified using ZK-SNARK proofs. Fraud cannot be submitted without detection — the math makes it cryptographically impossible.
Stake-Based Sybil Defense
Every node must lock 500 $OMNI as collateral. Fraudulent nodes are slashed. Creating fake nodes is economically self-destructive.
Continuous Bug Bounty
Our bug bounty program runs year-round with up to $500,000 for critical vulnerabilities. External researchers are our best line of defense.
Real-Time Monitoring
On-chain anomaly detection alerts the security team within seconds of unusual patterns — abnormal withdrawals, unexpected mint calls, or validator collusion signals.
Bug Bounty
Found a vulnerability?
We'll pay you well.
We'll pay you well.
OmniSync's security is only as strong as the people trying to break it. Our bug bounty program is live for all protocol components — smart contracts, node daemon, API, and ZK circuits.
🐛 Report a Vulnerability
🔴 Critical
Funds at risk, protocol halt
Up to $500,000
🟠 High
Significant impact, hard to exploit
Up to $50,000
🟡 Medium
Limited impact or hard to trigger
Up to $10,000
🔵 Low / Info
Minor issues, best practices
Up to $1,000