Partner With UsDownload App
Security

Security at bonuz

bonuz is the Human Layer protocol — and security is its foundation. Every protocol, smart contract, and piece of infrastructure we use is audited, battle-tested, or trusted at scale by tens of millions of users.

  • Core protocols audited by Hacken (score: 10/10).
  • ERC-4337 account abstraction powered by Biconomy.
  • Infra providers audited by top firms like Trail of Bits, Quantstamp, Halborn, OpenZeppelin, and others.
Protocols: DNFT, Social OracleEntities: Bonuz Inc. (St. Lucia)Apps: by Bonuz Technology DMCC (Dubai)
Smart Contract Security
HACKEN 10/10

All Bonuz Inc. (St. Lucia) core protocol contracts — the DNFT protocol and Social Oracle protocol — have been independently audited by Hacken, with a 10/10 result.

The audit covers:

  • DNFT lifecycle safety (issue → active → redeem → expire).
  • Social Oracle permission and event logic.
  • On-chain attestation and identity record updates.
  • Anti-fraud protections for redemptions and state changes.
  • Integration points for account abstraction and paymasters.
Open Hacken audit report →
Auditor: HackenScope: DNFT protocolScope: Social Oracle protocolScore: 10/10
Trusted & Audited Third-Party Infrastructure
INDUSTRY-GRADE

bonuz relies on infrastructure that powers major Web3 wallets, exchanges, and protocols. These providers undergo regular audits by top-tier cybersecurity firms such as Trail of Bits, Quantstamp, Halborn, OpenZeppelin, SlowMist, Hacken, Sigma Prime, CertiK, and others.

Web3Auth
MPC / TSS LOGIN
Secure, Web2-simple onboarding via MPC/TSS key infrastructure. Web3Auth secures tens of millions of users across wallets and apps.
Audited by: Quantstamp, Halborn, SlowMist
View Web3Auth audits →
Zerion
AA & WALLET INFRA
Wallet and account abstraction infrastructure trusted by millions of users, with robust smart account design and ongoing audits.
Audited by: Trail of Bits and other independent firms
Zerion security overview →
Biconomy
ERC-4337 AA
ERC-4337 account abstraction infrastructure for smart accounts, paymasters, gas sponsorship, bundling, and session keys in the bonuz ecosystem.
Audited by: Quantstamp, Hacken, OpenZeppelin and others
Biconomy security & audits →
Alchemy
RPC & NODES
Enterprise-grade RPC and node infrastructure with SOC 2 Type II and ISO 27001 certifications, used by leading Web3 projects.
Security posture: SOC2, ISO-27001, enterprise security audits
Alchemy security →
Helios
VERIFIED RPC
High-integrity RPC focused on correctness and verification, with open-source code and community reviews.
Helios docs →
Jupiter
SOLANA ROUTING
Solana's leading swap and routing aggregator, processing billions in volume with audited routing contracts.
Audited by: Sec3, OtterSec and ecosystem reviewers
Jupiter security & docs →
1inch
AGGREGATION
Multi-chain DEX aggregation contracts that rank among the most audited in DeFi, underpinning bonuz swap aggregation.
Audited by: OpenZeppelin, Trail of Bits, Chainsafe, SlowMist and others
1inch audit repository →
Account Abstraction Security
ERC-4337 BY BICONOMY

bonuz uses ERC-4337 smart accounts powered by Biconomy for execution. This enables smart accounts, paymasters, gas sponsorship, bundling, and session keys, while keeping users fully self-custodial.

Key principles:

  • Smart accounts are self-custodial; users remain in control.
  • Paymasters sponsor only selected, capped bonuz ecosystem actions.
  • Bundling and validation go through audited entry points.
  • Session keys are scoped and revocable.
Important: the wallet itself is not "fully gasless." Instead, bonuz sponsors gas on selected core actions (e.g. ID updates, DNFT claims and redemptions), so for users the experience feels gasless while remaining transparent and secure on-chain.
Operational Security & Monitoring
RUNTIME SAFETY

To protect the integrity of the Human Layer, we apply:

  • Continuous monitoring of protocol events and critical metrics.
  • Anomaly and fraud detection for suspicious patterns.
  • Secure QR/NFC flows with anti-double-spend protections.
  • Rate limiting and guardrails for sensitive actions.

For identity and data:

  • Permissioned Social Oracle reads and writes.
  • User-controlled visibility and scopes on identity records.
  • Regular internal reviews for new protocol versions.
  • Threat modeling before major upgrades.
User Protection & Mission
SELF-SOVEREIGNTY

Even though bonuz feels "Web2-simple," users remain fully sovereign:

  • Assets are held in self-custodial smart accounts.
  • No centralized custody or pooled user funds.
  • Every action is on-chain and transparent.
  • Identity data and attestations are permissioned and user-controlled.

The Human Layer must be safe, reliable, and sovereign. If it isn't secure, it doesn't ship.

bonuz exists to make blockchains usable for normal people and brands, without giving up the core promise of Web3: self-custody over money, identity, passes, and reputation.

Join our E-Mail list and stay up to date about new releases and launches!

We promise not to spam you. We never share your details with third parties