Security
If you have security concerns, encounter issues, or need to report suspicious activity:
Read our Safety and Security Guide for best practices, learn how to Get Help, provide feedback, or check our Crypto Terminology guide if you need clarification.
For immediate support, visit our Discord server and open a support ticket.
Aims
As a Web3 company, security is our highest priority. Managing user funds through products like SkyBridge and Aviator Arcade is a privilege that comes with tremendous responsibility. Our comprehensive security framework is built on three fundamental principles:
- Multiple Layers of Protection: We implement multiple independent security measures, from multi-signature controls to multiple third-party audits.
- Proactive Risk Management: Continuous monitoring and active bug bounties help identify potential vulnerabilities before they can impact users.
- Transparent Operations: Every security measure and administrative action is verifiable on-chain, and advertised ahead of time, maintaining full accountability to our community.
Audits & Monitoring
Aviator's security is maintained through multiple independent audits and continuous monitoring:
- SkyBridge: Two independent smart contract audits by Hacken.
- Token Contract: Smart contract audit by SolidProof.
- Active Monitoring: Hacken Extractor provides real-time exploit detection with
pauserrole capabilities. - Smart Contract Management: OpenZeppelin Defender manages contract upgrades.
- Bug Bounty: Ongoing program triaged by HackenProof.
Smart Contract Security
SkyBridge Access Control
SkyBridge's admin functionality (managing bridges, fees, and roles) is secured through a 5-7 multi-signature contract at skybridge-admin.eth. All seven signers are KYC-certified by SolidProof.
The admin can:
- Set bridge and backend addresses.
- Update bridging fees and addresses.
- Pause bridging for users.
- Set the AVI address on new L2 chains.
- Manage roles for other users.
Full list of signers:
Contract Upgradeability
SkyBridge uses proxy contracts for upgrades, allowing for bug fixes and feature improvements. Updates require multi-signature approval, protecting against unauthorized changes. For technical details, see our implementation documentation.
Aviator Arcade Access Control
The Aviator Arcade admin account is protected by a 3-of-5 multi-signature contract. The admin account controls upgrades to the Aviator Arcade proxy contract. All five signers are KYC-certified by SolidProof.
Token Security History
Complete deployment history of Aviator token on Ethereum:
- Initial deployment: July 13, 2023
- Funds secured in 3/5 multi-signature safe
- Initial liquidity add
- Liquidity transfer to deployer
- Initial liquidity lock
- Subsequent relocks: 1, 2, 3, 4
Compliance
Aviator operates under US regulations with:
- Full FinCEN and corporate registration.
- Continuous legal counsel and SEC compliance monitoring.
- Regular OFAC sanctions review.
- Global community protection standards.