Skip to main content

Security & Audits

Router Protocol is committed to security and undergoes regular security assessments. Our smart contracts and infrastructure are audited by leading security firms to ensure the safety of user funds and system integrity.

Security Philosophy

Router OGA is built with security as a foundational principle. We implement multiple layers of security measures to protect user funds and ensure system reliability:

  • Non-custodial Architecture: Users maintain full control of their funds throughout the swap process
  • Isolated Revert Logic: Failures are confined to individual hops, preventing cascading failures
  • On-chain Reputation System: Node operators are scored based on reliability and performance
  • Permissionless Node Registry: Transparent, auditable node registration with EIP-712 authentication
  • Modular Design: Isolated components reduce attack surface and enable easier security audits

Security Assessment Reports

We maintain transparency about our security practices. All security assessment reports are publicly available:

Router Protocol Aggregator - Security Assessment Report

All Audit Reports

For a complete list of all security assessments and audit reports:

Security Features

Non-Custodial Architecture

Router OGA is fully non-custodial. Users maintain control of their funds at all times:

  • No funds are held in intermediate contracts
  • Direct user-to-user swaps where possible
  • Transparent transaction flow
  • Users can verify all transactions on-chain

Isolated Revert Logic

Router's isolated revert logic ensures that failures are contained:

  • Failures in one hop don't cascade to other hops
  • Partial execution benefits are preserved
  • End-to-end revert risk is reduced to <0.5%
  • Users receive partial benefits even if some infrastructure fails

On-Chain Reputation System

Node operators are continuously evaluated:

  • Real-time performance monitoring
  • On-chain reputation scoring
  • Automatic routing away from unreliable nodes
  • Transparent reputation metrics

Permissionless Node Registry

The node registry is open and auditable:

  • EIP-712 authentication for node registration
  • On-chain verification of node capabilities
  • Transparent node metadata
  • Community-driven node discovery

Modular Hook Architecture

The modular design enhances security:

  • Isolated components reduce attack surface
  • Easier to audit individual modules
  • Custom workflows without compromising core security
  • Governance-driven routing policies

Best Practices for Users

When integrating with Router OGA, follow these security best practices:

API Security

  • Use HTTPS: Always use HTTPS endpoints in production
  • Secure API Keys: Store API keys securely and never commit them to version control
  • Rate Limiting: Implement client-side rate limiting to avoid exceeding limits
  • Error Handling: Implement proper error handling for all API calls

Transaction Security

  • Verify Transactions: Always verify transaction details before signing
  • Check Routes: Review route details and fees before executing
  • Monitor Status: Use the transaction status endpoint to track execution
  • Handle Failures: Implement proper error handling for failed transactions

Integration Security

  • Validate Inputs: Always validate and sanitize user inputs
  • Check Chain IDs: Verify chain IDs match expected networks
  • Amount Formatting: Use proper amount formatting (strings with full precision)
  • Test Thoroughly: Test integrations on testnets before production deployment

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

  • GitHub Security Advisories: Create a security advisory
  • Email: Reach out to Admins on TG
  • Do not open public issues for security vulnerabilities

We appreciate responsible disclosure and will work with security researchers to address any issues.

Continuous Security Improvements

Security is an ongoing process. We continuously:

  • Conduct regular security audits
  • Monitor for emerging threats
  • Update and improve security measures
  • Review and enhance smart contract code
  • Maintain transparent security practices