Security
DonutMe implements multiple layers of security to protect your payments and data.
Smart Contract Security
The DonutMePayment contract is built on battle-tested OpenZeppelin 5.x libraries:
- AccessControlDefaultAdminRules (RBAC) — Role-based access with two-step admin transfer and 48-hour delay
- Pausable — Emergency pause capability for the contract manager
- ReentrancyGuard — Protection against reentrancy attacks
- SafeERC20 — Safe token transfer handling
- EnumerableSet — Gas-efficient token allowlist management
- Permit2 — Witness-based replay protection for payments
Payment Security Features
| Feature | Description |
|---|---|
| Session Nonce | Replay protection — each payment uses a unique nonce |
| Fee Cap | Maximum fee capped at 1000 basis points (10%) on-chain; current platform fee is 250 bps (2.5%). See Pricing |
| Token Allowlist | Only manager-approved tokens can be used for payments |
| Rescue Function | Admin can recover accidentally sent tokens or ETH |
API Security
- Session-based auth via Better Auth with CSRF protection
- Rate limiting per session to prevent abuse
- Input validation on all endpoints via class-validator DTOs
- CORS restricted to allowed origins
- Security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
- Request signing for webhook deliveries
Data Protection
- All data encrypted in transit (TLS 1.3)
- PostgreSQL with parameterized queries (no SQL injection)
- Passwords hashed with bcrypt
- Sessions stored server-side with secure cookies
- Sensitive config via environment variables (never committed)
Infrastructure
- Docker containers with minimal base images
- Health checks on all services
- Prometheus metrics for monitoring
- Graceful shutdown handling
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly by contacting our security team. Do not open public issues for security concerns.