Security

What's chain-enforced

The token primitives that matter most for holders are enforced by Solana directly — no operator key can override them.

• Mint authority revoked at genesis. No new $avoid tokens can ever be created. Verifiable via the mint account on Solscan.
• Freeze authority revoked at genesis. No account's tokens can be frozen by the operator.
• 10% of supply locked via Streamflow (100,000,000 tokens). All five contracts are time-locked or cliff-locked — the chain enforces they cannot be moved before each contract's scheduled date. See /tokenomics for the full wallet disclosure with per-contract links.
• Burns are permanent. Every audit calls the SPL Burn instruction; tokens leave circulation forever. The supply bar on /tokenomics shows the live count.

Staking system

Phase 1 staking is currently paused under architecture review while the team evaluates migration from a hybrid vault + off-chain lockup model to a fully on-chain enforcement model. The infrastructure shipped to support Phase 1 was hardened across multiple review rounds and is documented as a public attack catalog so any future relaunch can be evaluated against the same surface.

What's in place today

• Kill switch. Operator can halt all new stake-related KV writes from a single admin endpoint. The pause check runs first in every state-changing handler — before rate-limit counters or vault env reads — so a paused system doesn't leak budget or surface area.
• Replay protection. 90-day SETNX marker on every deposit signature; a second confirm with the same signature returns 409 immediately, never re-creates a stake.
• Cluster-namespaced KV. Every staking key is prefixed with the runtime Solana cluster (mainnet vs devnet) so a preview deployment can't cross-contaminate prod state. The verifier additionally asserts the RPC endpoint's genesis hash matches the declared cluster, so a copy-pasted devnet RPC URL into prod env hard-rejects rather than silently accepting wrong-cluster transactions.
• Pool cap + rate limits. Hard cap on total staked tokens (operator + community combined). Per-IP rate limit on quote and confirm; per-(wallet+IP) composite limit on quote so an attacker can't exhaust a victim's rate budget by spamming with the victim's wallet pubkey.
• Atomic activation. Stake activation runs as a Redis MULTI/EXEC transaction — either all six writes commit or none do. Step-1 (signature claim) and step-2 (pool reserve) outside the transaction get explicit rollback on failure.
• CSRF guard. Strict same-origin: the Origin header must be present and on the allowlist. Drainer pages in a victim's tab can't mint quotes against the prod backend.
• Prototype-pollution defense. Request bodies are walked for __proto__ / constructor / prototype own-keys at the boundary; any positive hit returns 400 before handler logic runs.

The full living document — every attack vector considered, the guard, where it lives, and how to verify — is the staking attack catalog on GitHub. New attack ideas welcome via the disclosure channel below.

Vault custody (current + migration plan)

Bootstrap phase (now): staking vault is a single-key hot wallet, with the secret key stored as a Vercel env var. Combined with the soft-launch pool cap (5% of supply) this caps maximum exposure to a key-compromise event at well under $10K equivalent at current price. Conservative bound by design — the cap exists specifically so the bootstrap-key risk is bounded.

Migration trigger: upgrade to Squads 2-of-3 (operator-held keys across separate devices) when whichever fires first:

• Total staked approaches 8% of supply (80% of bootstrap cap)
• Ledger hardware wallet(s) arrive
• 4 weeks post-launch

The migration is a one-time vault-to-vault transfer announced publicly with an estimated 30-minute downtime budget.

Detector + extension

• Detection skill is open source. The pattern set and reasoning logic are public at github.com/conorbronsdon/avoid-ai-writing (MIT). Fork, audit, contribute — the whole detection layer is inspectable.
• Chrome extension runs locally. Pattern detection happens in the browser; text never leaves the user's machine unless they explicitly click the deep-audit (paid) flow. Privacy policy at /privacy-extension.
• Paid web app burns on use. Each audit calls the SPL Burn instruction; the burn is on-chain verifiable. Pricing is ~$0.25 per audit at the spot-price-adjusted token amount, recomputed every 30 seconds from DexScreener + Jupiter feeds.

Reporting a vulnerability

Email: security@avoidaiwriting.com — forwards to the project operator. For sensitive disclosures, send a short initial message asking for an encrypted channel (Signal, age key, or PGP); we'll set one up case-by-case.

Don't: open a public GitHub issue with details, post the finding on social before a fix lands, test against mainnet wallets you don't control, or exfiltrate / modify data beyond what's needed to demonstrate the finding.

The full policy — scope, response SLA, bounty tiers (up to 500 USDC per critical finding at current scale), safe-harbor commitment, Hall of Fame — lives in SECURITY.md on GitHub.

Verify on-chain

• Token mint: Solscan (mint & freeze authority both shown as revoked)
• Streamflow contracts: 30d cliff · 90d cliff · 180d cliff · 3-month vest · 6-month vest
• Burn flow: every paid audit calls the SPL Burn instruction; cumulative count visible on the homepage burn counter and /tokenomics supply bar.
• Source code: app repo · detection skill