Security Policy

OrangeBit is committed to maintaining the highest standards of platform security, ensuring the safety of user funds, smart contracts, and infrastructure. The Security Policy defines the platform’s approach to vulnerability management, incident response, and key operational safeguards.

1. Security Response & Reporting

• Vulnerability Reporting:

  Researchers can report security issues to [email protected]. Reports should follow the Bug Bounty Program guidelines, including clear reproduction steps and PoC (proof-of-concept) where applicable.

• Acknowledgement & Response:

  • OrangeBit acknowledges receipt within 24 hours.

  • Critical issues are triaged and addressed within 72 hours, while medium/low priority issues are addressed within 7 business days.

• Disclosure Window:

  Public disclosure is coordinated with researchers to allow sufficient remediation time:

  • Critical vulnerabilities: disclosure may be immediate if user safety is at risk.

  • Non-critical vulnerabilities: disclosure typically permitted 30 days after patch release.

• Reward Mechanism:

  Security researchers are eligible for bounties based on severity (Critical/High/Medium/Low), following Bug Bounty Program rules. Rewards can be paid in USD, stablecoins, or $ORANGE tokens.

2. Minimum Security Standards

OrangeBit maintains strict internal controls to safeguard assets and infrastructure:

1. Multi-Signature Wallets:

   Critical platform wallets require multiple authorized signatures for transaction approval, reducing single-point-of-failure risk.

2. Hardware Security Modules (HSM):

   Private keys and sensitive cryptographic material are stored in HSMs to prevent unauthorized access.

3. On-Chain Monitoring:

   Continuous monitoring of transactions and smart contract activity detects abnormal patterns or potential exploits in real time.

4. Incident Logging & Auditing:

   All security events, access logs, and transaction histories are recorded for auditing, compliance, and forensic analysis.

5. Periodic Security Reviews:

   Regular internal audits and external third-party security assessments ensure the platform remains resilient to emerging threats.

3. Strategic Objectives

• Protect User Funds: Ensure all assets and trading activity are secure from unauthorized access or exploitation.

• Transparency & Trust: Public disclosure windows, reporting mechanisms, and bounty rewards foster a culture of accountability.

• Operational Resilience: Multi-layered security controls (multi-sig, HSM, monitoring) minimize operational risks.

• Regulatory Compliance: Comprehensive logging, reporting, and audit procedures support legal and regulatory obligations.

OrangeBit’s Security Policy ensures that vulnerabilities are responsibly handled, incidents are swiftly addressed, and all platform assets are protected by industry-standard best practices, reinforcing the safety and trust of the OrangeBit ecosystem.