Security

Security.

Non-custodial. No omnibus account. No user private keys.

Contracts

Testnet only. Mainnet gated on audit.

Contract

Chain

Status

Audit

WrappedEquity

packages/contracts/contracts/tokenized/WrappedEquity.sol

Base

Testnet deployed

Pending

EquityFactory

packages/contracts/contracts/tokenized/EquityFactory.sol

Base

Testnet deployed

Pending

OTCEscrow

packages/contracts/contracts/escrow/OTCEscrow.sol

Base

Testnet deployed

Pending

PredictionMarket

packages/contracts/contracts/prediction/PredictionMarket.sol

Base

Testnet deployed

Pending

PredictionFactory

packages/contracts/contracts/prediction/PredictionFactory.sol

Base

Testnet deployed

Pending

Auditor shortlist

Trail of BitsOpenZeppelinConsensys Diligenceengagement pending

Selection disclosed with the engagement letter. No report claimed until published.

Bug bounty

Private preview. Reports to security@mithril.pro.

Critical

$5,000 – $25,000

Remote exploit, theft of user funds, unauthorized upgrade, signature-scheme break.

High

$1,000 – $5,000

Privilege escalation, order-book manipulation, off-chain signer compromise.

Medium

$250 – $1,000

Auth bypass without fund exposure, rate-limit evasion, session fixation.

Low

$50 – $250

Information disclosure without impact, self-XSS, missing headers on public pages.

In scope

• mithril.pro and all *.mithril.pro subdomains
• Smart contracts listed above once deployed to mainnet
• API endpoints under api.mithril.pro/v1/*
• Mithril mobile clients once released

Out of scope

• Third-party services (Vercel, Supabase, Clerk — report to vendor)
• Testnet deployments prior to mainnet go-live
• Social-engineering attacks on Mithril staff
• Reports requiring physical access or rooted devices
• Rate-limit issues reproducible only via single-IP flooding

Application security

Session timeout

30 min idle / 24 hr max

MFA

Optional via Clerk (TOTP + WebAuthn)

Password reset

Magic-link via verified email

CSRF

Next.js same-site cookies + origin check

Transport

HSTS, TLS 1.3, HTTP/2

CSP / headers

Published at /.well-known/security.txt

Rate limiting

Per-IP and per-account, 429 on breach

Audit logging

Write-path events persisted in audit_log

Full header inventory, CSP rules, and disclosure contact are published at /.well-known/security.txt.

Wallet permissions

• We request signatures for specific transactions only (wrap, unwrap, order placement, settlement).
• We never request unlimited ERC-20 approvals; each approval is scoped to the exact trade size.
• On Base, users can revoke approvals anytime at etherscan.io/tokenapprovals.
• On Solana, users can inspect and revoke delegations at solscan.io.
• Mithril cannot move user funds without a user-signed message from the user's wallet.

Incident response

Detect

24/7 on-call with automated monitors. PagerDuty, 5-minute ack SLA.

Contain

Pause guardian on PredictionMarket and OTCEscrow, disable affected routes, revoke keys.

Notify

Email + /status banner within 2 hours of containment. Material incidents on /changelog.

Post-mortem

Published within 7 days — root cause, timeline, blast radius, remediation.

Responsible disclosure

• 90-day coordinated disclosure window from first report acknowledgement.
• We will not pursue legal action against researchers acting in good faith and within the rules below.
• Do not access accounts or data belonging to other users. Create your own test accounts.
• Do not degrade production service (no denial-of-service testing, no mass scraping).
• Submit to security@mithril.pro. PGP key available on request.
• Hall-of-fame credit available on request; bounty payment in USDC on Base by default.

Transparency State availability Compliance System status

Security

Security.

Non-custodial. No omnibus account. No user private keys.

Contracts

Testnet only. Mainnet gated on audit.

Contract

Chain

Status

Audit

WrappedEquity

packages/contracts/contracts/tokenized/WrappedEquity.sol

Base

Testnet deployed

Pending

EquityFactory

packages/contracts/contracts/tokenized/EquityFactory.sol

Base

Testnet deployed

Pending

OTCEscrow

packages/contracts/contracts/escrow/OTCEscrow.sol

Base

Testnet deployed

Pending

PredictionMarket

packages/contracts/contracts/prediction/PredictionMarket.sol

Base

Testnet deployed

Pending

PredictionFactory

packages/contracts/contracts/prediction/PredictionFactory.sol

Base

Testnet deployed

Pending

Auditor shortlist

Trail of BitsOpenZeppelinConsensys Diligenceengagement pending

Selection disclosed with the engagement letter. No report claimed until published.

Bug bounty

Private preview. Reports to security@mithril.pro.

Critical

$5,000 – $25,000

Remote exploit, theft of user funds, unauthorized upgrade, signature-scheme break.

High

$1,000 – $5,000

Privilege escalation, order-book manipulation, off-chain signer compromise.

Medium

$250 – $1,000

Auth bypass without fund exposure, rate-limit evasion, session fixation.

Low

$50 – $250

Information disclosure without impact, self-XSS, missing headers on public pages.

In scope

• mithril.pro and all *.mithril.pro subdomains
• Smart contracts listed above once deployed to mainnet
• API endpoints under api.mithril.pro/v1/*
• Mithril mobile clients once released

Out of scope

• Third-party services (Vercel, Supabase, Clerk — report to vendor)
• Testnet deployments prior to mainnet go-live
• Social-engineering attacks on Mithril staff
• Reports requiring physical access or rooted devices
• Rate-limit issues reproducible only via single-IP flooding

Application security

Session timeout

30 min idle / 24 hr max

MFA

Optional via Clerk (TOTP + WebAuthn)

Password reset

Magic-link via verified email

CSRF

Next.js same-site cookies + origin check

Transport

HSTS, TLS 1.3, HTTP/2

CSP / headers

Published at /.well-known/security.txt

Rate limiting

Per-IP and per-account, 429 on breach

Audit logging

Write-path events persisted in audit_log

Full header inventory, CSP rules, and disclosure contact are published at /.well-known/security.txt.

Wallet permissions

• We request signatures for specific transactions only (wrap, unwrap, order placement, settlement).
• We never request unlimited ERC-20 approvals; each approval is scoped to the exact trade size.
• On Base, users can revoke approvals anytime at etherscan.io/tokenapprovals.
• On Solana, users can inspect and revoke delegations at solscan.io.
• Mithril cannot move user funds without a user-signed message from the user's wallet.

Incident response

Detect

24/7 on-call with automated monitors. PagerDuty, 5-minute ack SLA.

Contain

Pause guardian on PredictionMarket and OTCEscrow, disable affected routes, revoke keys.

Notify

Email + /status banner within 2 hours of containment. Material incidents on /changelog.

Post-mortem

Published within 7 days — root cause, timeline, blast radius, remediation.

Responsible disclosure

• 90-day coordinated disclosure window from first report acknowledgement.
• We will not pursue legal action against researchers acting in good faith and within the rules below.
• Do not access accounts or data belonging to other users. Create your own test accounts.
• Do not degrade production service (no denial-of-service testing, no mass scraping).
• Submit to security@mithril.pro. PGP key available on request.
• Hall-of-fame credit available on request; bounty payment in USDC on Base by default.

Transparency State availability Compliance System status