Security
If you have security concerns, encounter issues, or need to report suspicious activity:
Read our Safety and Security Guide for best practices, learn how to Get Help, provide feedback, or check our Crypto Terminology guide if you need clarification.
For immediate support, visit our Discord server and open a support ticket.
Aims
As a Web3 company, security is our highest priority. Managing user funds through products like SkyBridge and Aviator Arcade is a privilege that comes with tremendous responsibility. Our comprehensive security framework is built on three fundamental principles:
- Multiple Layers of Protection: We implement multiple independent security measures, from multi-signature controls to multiple third-party audits
- Proactive Risk Management: Continuous monitoring and active bug bounties help identify potential vulnerabilities before they can impact users
- Transparent Operations: Every security measure and administrative action is verifiable on-chain, and advertised ahead of time, maintaining full accountability to our community
Audits & Monitoring
Aviator's security is maintained through multiple independent audits and continuous monitoring:
- SkyBridge: Two independent smart contract audits by Hacken
- Token Contract: Smart contract audit by SolidProof
- Active Monitoring: Hacken Extractor provides real-time exploit detection with
pauser
role capabilities - Smart Contract Management: OpenZeppelin Defender manages contract upgrades
- Bug Bounty: Ongoing program triaged by HackenProof
Smart Contract Security
SkyBridge Access Control
SkyBridge's admin functionality (managing bridges, fees, and roles) is secured through a 5-7 multi-signature contract at skybridge-admin.eth. All seven signers are KYC-certified by SolidProof.
The admin can:
- Set bridge and backend addresses
- Update bridging fees and addresses
- Pause bridging for users
- Set the AVI address on new L2 chains
- Manage roles for other users
Full list of signers:
- 0x1cFd452EB369a7B9475B07D1457dd1d0500fD788
- 0x81C5acDb4081906018Fa8367a6FD211cc885319F
- 0x0BE7ebB1720369CefC00943C08Ed7Bf6B513C4D0
- 0x6Ec09D3d9404c00e23032d9f3aAC0eF7e0b29A37
- 0x9D4F017f7B77D799d2D8D5C5Fa1a68765BE7B3f0
- 0xf5C3455A1B6D38fD1a6C066EdC6066321A6800e0
- 0xBA13a7Abf6D098077C8A4c0102F0570976Ed76C3
Contract Upgradeability
SkyBridge uses proxy contracts for upgrades, allowing for bug fixes and feature improvements. Updates require multi-signature approval, protecting against unauthorized changes. For technical details, see our implementation documentation.
Token Security History
Complete deployment history of Aviator token on Ethereum:
- Initial deployment: July 13, 2023
- Funds secured in 3/5 multi-signature safe
- Initial liquidity add
- Liquidity transfer to deployer
- Initial liquidity lock
- Subsequent relocks: 1, 2, 3, 4
Compliance
Aviator operates under US regulations with:
- Full FinCEN and corporate registration
- Continuous legal counsel and SEC compliance monitoring
- Regular OFAC sanctions review
- Global community protection standards