Security at bonuz
bonuz is the Human Layer protocol, and security is its foundation. Every protocol, smart contract, and piece of infrastructure we use is audited, battle-tested, or trusted at scale by tens of millions of users.
- ✓Core protocols audited by Hacken (score: 10/10).
- ✓ERC-4337 account abstraction powered by Biconomy.
- ✓Infra providers audited by top firms like Trail of Bits, Quantstamp, Halborn, OpenZeppelin, and others.
All core bonuz protocol contracts (Engagement protocol and bonuz ID protocol) are audited by Hacken with a perfect score, covering state machines, permissions, and integration points.
Smart Contract Security
Hacken 10/10All Bonuz Inc. (St. Lucia) core protocol contracts, including the Engagement protocol and bonuz ID protocol, have been independently audited by Hacken, with a 10/10 result.
The audit covers:
Trusted & Audited Infrastructure
Industry-Gradebonuz relies on infrastructure that powers major Web3 wallets, exchanges, and protocols. These providers undergo regular audits by top-tier cybersecurity firms such as Trail of Bits, Quantstamp, Halborn, OpenZeppelin, SlowMist, Hacken, Sigma Prime, CertiK, and others.
Web3Auth
MPC / TSS LoginSecure, Web2-simple onboarding via MPC/TSS key infrastructure. Web3Auth secures tens of millions of users across wallets and apps.
Audited by: Quantstamp, Halborn, SlowMist
View Web3Auth audits →Zerion
AA & Wallet InfraWallet and account abstraction infrastructure trusted by millions of users, with robust smart account design and ongoing audits.
Audited by: Trail of Bits and other independent firms
Zerion security overview →Biconomy
ERC-4337 AAERC-4337 account abstraction infrastructure for smart accounts, paymasters, gas sponsorship, bundling, and session keys in the bonuz ecosystem.
Audited by: Quantstamp, Hacken, OpenZeppelin and others
Biconomy security & audits →Alchemy
RPC & NodesEnterprise-grade RPC and node infrastructure with SOC 2 Type II and ISO 27001 certifications, used by leading Web3 projects.
Security posture: SOC2, ISO-27001, enterprise security audits
Alchemy security →Helios
Verified RPCHigh-integrity RPC focused on correctness and verification, with open-source code and community reviews.
Helios docs →Jupiter
Solana RoutingSolana's leading swap and routing aggregator, processing billions in volume with audited routing contracts.
Audited by: Sec3, OtterSec and ecosystem reviewers
Jupiter security & docs →1inch
AggregationMulti-chain DEX aggregation contracts that rank among the most audited in DeFi, underpinning bonuz swap aggregation.
Audited by: OpenZeppelin, Trail of Bits, Chainsafe, SlowMist and others
1inch audit repository →Account Abstraction Security
ERC-4337 by Biconomybonuz uses ERC-4337 smart accounts powered by Biconomy for execution. This enables smart accounts, paymasters, gas sponsorship, bundling, and session keys, while keeping users fully self-custodial.
The wallet itself is not "fully gasless." Instead, bonuz sponsors gas on selected core actions (e.g. ID updates, Engagement claims and redemptions), so for users the experience feels gasless while remaining transparent and secure onchain.
Operational Security & Monitoring
Runtime SafetyProtocol Monitoring
- ✓Continuous monitoring of protocol events and critical metrics
- ✓Anomaly and fraud detection for suspicious patterns
- ✓Secure QR/NFC flows with anti-double-spend protections
- ✓Rate limiting and guardrails for sensitive actions
Identity & Data
- ✓Permissioned bonuz ID reads and writes
- ✓User-controlled visibility and scopes on identity records
- ✓Regular internal reviews for new protocol versions
- ✓Threat modeling before major upgrades
User Protection & Mission
Self-SovereigntyEven though bonuz feels "Web2-simple," users remain fully sovereign:
The Human Layer must be safe, reliable, and sovereign. If it isn't secure, it doesn't ship.
bonuz exists to make blockchains usable for normal people and brands, without giving up the core promise of Web3: self-custody over money, identity, passes, and reputation.