Resources
Security overview
How Bastion approaches custody design, operational controls, and responsible disclosure.
1. Design principles
- Least privilege — operational keys scoped to explicit roles
- Defense in depth — contract checks, monitoring, and pause controls
- User sovereignty — Bastion never asks for seed phrases or private keys
2. Smart-contract posture
Vault logic is intended to be auditable and upgrade-governed. Emergency pause may halt deposits or withdrawals if a material threat is detected. Pause is a risk control, not a guarantee against loss.
3. What we never request
- Seed phrases, private keys, or wallet passwords
- Remote desktop access to your devices
- Transfers to personal staff wallets outside published contracts
4. Your responsibilities
Verify URLs, contract addresses, and transaction details before signing. Phishing sites commonly impersonate staking brands. Bookmark the official Bastion domain.
5. Responsible disclosure
Report suspected vulnerabilities to [email protected]. Include steps to reproduce and impact assessment. Good-faith researchers acting within the law will not face legal action from Bastion for the report itself.