Security

Security Model

Soltag is designed with a defense‑in‑depth approach:

No custody of user funds: The protocol never holds tokens.
Wallet Signatures: All state changes require explicit user approval.
Deterministic Logic: The program outcome is purely a function of instruction inputs and on-chain state.

Threat Model

We have considered the following risks:

Unauthorized tag creation: Mitigated via authority checks.
Spam or abuse: Mitigated via rent costs and future token-gating.
Malicious upgrades: Mitigated by Multisig upgrade authority.

Audits

Audit status: Planned.
Scope includes all on‑chain programs and critical client logic.

Operations

Releases and Versioning

Each release of the mobile app is versioned and published via the Solana dApp Store CLI. On‑chain releases are immutable and publicly verifiable.

Monitoring and Analytics

Operational metrics include:

Transaction counts
Unique signers
Instruction usage

Analytics are collected without compromising user privacy (no IP logging).

Previous← SDK & Integration NextGovernance & Roadmap →