Security
MAGMA's security posture spans the on-chain programs, the oracle stack, and the backend infrastructure. This page documents the model, the audit roadmap, the bug bounty, and how to report a vulnerability.
The protocol is experimental software on Solana devnet. The controls below describe the target posture; several audits and programs are in progress (see status tables). Treat all deployments as pre-production.
Security model
On-chain program — Written in Rust with the Anchor framework. Checked math throughout, PDA-derived authorities, and explicit CPI validation. Privileged instructions verify the program upgrade authority.
Oracle architecture — A redundant oracle stack with cryptographic verification of inputs and adversarial aggregation logic. See Oracle Architecture.
Backend & infrastructure — Rate limiting, parameterized queries, row-level security on the data layer, and rotation of admin credentials.
Sybil resistance — A difficulty multiplier, verified wallet age, and correlated wallet detection raise the cost of Sybil attacks against the Conviction Score.
Audit status
| Scope | Auditor | Status |
|---|---|---|
| Anchor/Rust program (full) | Solana-specialist firm (TBD) | Pre-mainnet |
| Backend API security | Internal review | Ongoing |
| Oracle aggregation logic | Internal review + adversarial simulation | Complete (internal) |
Planned pre-mainnet tooling and engagements:
| Item | Status |
|---|---|
| Sec3 X-Ray (automated) | Planned pre-mainnet |
| Auditware Radar | Planned pre-mainnet |
| Riverguard simulation | Planned pre-mainnet |
| OtterSec full audit | Budgeted post-ICO |
| STRIDE evaluation | Applied |
| SIRN registration | Registered |
Bug bounty
| Severity | Examples | Reward (up to) |
|---|---|---|
| Critical | Funds at risk, protocol halt, unauthorized state manipulation | 50,000 MAGMA |
| High | Score manipulation, Echo Pool extraction, Sybil bypass | 20,000 MAGMA |
| Medium | Rate-limit bypass, minor data exposure, UI manipulation | 5,000 MAGMA |
| Low | Informational, non-exploitable | Acknowledged |
Response targets: acknowledgment within 24 hours, initial assessment within 72 hours, and a resolution timeline within 7 days. Responsible disclosure window is up to 30 days to resolve critical/high severity issues.
In scope
- On-chain program
- Backend API (
api.magmaprotocol.xyz) - Oracle aggregation logic
- Conviction Score, Echo Pool, waitlist/airdrop
Out of scope
- Third-party services (Solana, Pyth, Switchboard, Grok, Tavily, Supabase)
- Social engineering
- Denial-of-service
- Wallet vulnerabilities outside MAGMA's control
Key management
- AWS KMS (
ECC_SECG_P256K1) for production signing — no plaintext key exposure. - Chainlink CCIP for cross-chain messaging (dual DON + independent Risk Management Network). TRON connectivity bridges via Wormhole.
- Explicit prohibition on durable nonces for admin/governance transactions.
Monitoring
- Hypernative — real-time alerts on capital flows, rapid settlements, and unauthorized upgrades.
- Range Security — alerts on 5% pool-balance thresholds.
- Shield probe surveillance — intrusion detection and path-scanning bot flagging (see MAGMA Shield).
Security programs
- STRIDE — Solana Trust, Resilience and Infrastructure for DeFi Enterprises (applied).
- SIRN — Solana Incident Response Network (registered with Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow).
Reporting a vulnerability
Email magma@exidante.xyz with the subject prefix [SECURITY]. Please include a
clear description, reproduction steps, and impact assessment. Do not disclose
publicly until we have acknowledged and resolved the issue under the responsible
disclosure window above.