Aegis Network is security infrastructure for DeFi. We take security seriously and appreciate responsible disclosure of vulnerabilities.

Do not open public GitHub issues for security vulnerabilities.

1. Email: Send details to biangulo43@gmail.com (or create a private security advisory on GitHub)

2. Include:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (optional)

3. Response Timeline:

   • Initial response: 24-48 hours
   • Status update: within 7 days
   • Fix timeline: depends on severity

• Smart contracts (sentinel-core/src/)
• Node software (sentinel-node/)
• AI/ML inference engine (sentinel-brain/)
• Cryptographic implementations (BLS signatures)
• P2P network protocol

• Third-party dependencies (report upstream)
• Issues in test files only
• Documentation typos
• Social engineering attacks

We plan to launch a bug bounty program. Details coming soon.

• Store BLS private keys securely (HSM recommended for production)
• Use dedicated machines for node operation
• Keep software updated
• Monitor node logs for anomalies
• Use firewalls to restrict P2P port access

• Implement ISentinel interface correctly
• Test pause/unpause functionality thoroughly
• Set appropriate access controls on unpause()
• Monitor SentinelShield bounty deposits

• BLS signature verification uses BN254 precompiles (EIP-196, EIP-197)
• Optimistic verification has 48-hour dispute window
• 21-day unstaking cooldown prevents stake-and-slash attacks

• gRPC connections to inference server are unencrypted by default
• P2P gossip messages are signed but not encrypted
• Local heuristic fallback may have different detection rates

• Model trained on historical exploits may not detect novel attacks
• Adversarial inputs could potentially evade detection
• False positives trigger 48-hour bounty dispute process

Audit reports will be published in /audits directory once completed.

• Security issues: biangulo43@gmail.com
• General questions: Open a GitHub Discussion