Security

Security you can verify on-chain.

Solinkify is non-custodial by design: your money settles through an open, auditable program on Solana, never through a Solinkify wallet. Here's exactly how it's protected, and where Solinkify is on audits.

Principles

Four guarantees, built into the protocol.

Non-custodial

Funds never touch a Solinkify wallet. Every payment locks into an on-chain escrow PDA and releases 99% straight to the recipient.

On-chain & verifiable

One open program on Solana. Every payment, fee split, and release is a public transaction you can audit yourself.

Fail-closed payments

Payment and metering paths fail closed: no verification, no access. The paywall itself fails open, so your site never goes down over a Gate bug.

Least privilege

The program's upgrade authority moves to a Squads multisig; operational keys are separated and team tokens vest on-chain.

Safeguards

Defense in depth, from the contract up.

The same core protects every pillar: datasets, checkouts, paywalls, social storefronts, and the node network.

  • Anti-replay: every payment verification is one-shot, bound to the endpoint, amount, and mint. A reused signature is rejected.
  • Deterministic escrow PDAs keyed to payer + payment, with a timeout-release crank as a safety net.
  • Settlement verified on-chain via token-balance deltas: the recipient must receive ≥99% or the payment fails.
  • Stablecoin whitelist: only USDC, USDT, and PYUSD, kept in sync across the contract, backend, and SDKs.
  • Anti-abuse: a 2-tier, SEO-safe bot detector plus rate limiting and challenge / proof-of-work layers.
  • Transparent economics: a flat 1% fee split atomically on-chain; team vesting and LP locks are publicly verifiable.

Threat model

The attacks Solinkify designs against.

The x402 paywall handles a lot of untrusted traffic, so Solinkify treats it as an adversarial system. The concrete attacks it defends, and how.

Replay attacks on payment proofs

Every proof is verified on-chain against the escrow PDA, one-shot, and bound to the endpoint, amount, and mint. Prepaid access uses nonce'd, use-counted capability tokens, and the Pay gateway rejects any reused transaction signature.

Forged payment tokens

Payment is never trusted from a request header. It is confirmed on-chain via escrow state or token-balance deltas, so a fake token cannot fabricate a payment that never happened. Prepaid capability tokens are payer-signed; challenge clearances are HMAC-signed and compared in constant time.

Bot impersonation

A request claiming to be Googlebot or Bingbot is checked against the crawler's official published IP ranges. An impostor spoofing a search-engine user-agent loses the SEO free-pass. If a range list is unavailable it fails safe, so a real crawler is never wrongly blocked.

Rate abuse & DoS

Sliding-window rate checks plus an optional proof-of-work challenge raise the cost of automated abuse. Volumetric network floods are absorbed at the CDN edge, as is standard.

This is defense in depth, not a silver bullet. Scraper detection is an arms race, so the paywall fails open: a missed bot never takes a creator's site down. Payment integrity (custody, replay, forgery) is enforced on-chain, where it cannot be bypassed. The external audit with sec3 is in progress.

Status

Where Solinkify stands, honestly.

Non-custodial escrowLive
On-chain, open programLive
Anti-replay & fail-closed paymentsLive
Internal contract reviewComplete
External audit (sec3)In progress · pre-mainnet
NetworkSolana devnet · mainnet after audit

Audits & reviews

Solinkify completed an internal contract review (tightening fee validation and access control) and worked through a pre-audit checklist covering eight areas, including capability-scoped prepaid tokens, constant-time comparisons, proxy-trust defaults, and admin fail-closed builds. An external audit with sec3 is engaged and scheduled before mainnet.

Until that audit completes Solinkify describes the system as reviewed, not yet externally audited, and it runs on Solana devnet. Mainnet follows the audit and a coordinated switch of the whole ecosystem at once.

$SINKY safety

Designed to be safe to hold and stake.

Thinking of buying or staking $SINKY? Here's what protects you, by design, on-chain.

Fixed, capped supply

10,000,000 SINKY, fixed. New emission is hard-capped (1,370/day over 5+ years). No surprise inflation dilutes holders.

Vesting on-chain

Team (12-month cliff + 36-month linear) and investor allocations vest on-chain and are publicly verifiable. No instant unlock or dump.

Locked liquidity, real buyback

LP is locked at TGE, and buyback-and-hold uses real protocol revenue (not a burn gimmick) to support the token.

Non-custodial staking

Staking locks your SINKY in the on-chain program, never a team wallet. Unstake when you want (a cooldown applies). You always control your tokens.

$SINKY is live on Solana devnet. The mainnet token, the TGE, and any purchase follow a security audit and a coordinated launch. The parameters above are the locked v2 tokenomics.

Found a vulnerability?

Please report it privately and give Solinkify a chance to fix it before any public disclosure. Solinkify is grateful for responsible reports.