Security

Bunny Protocol Security

Security begins before the transaction.

Learn how to verify Bunny access, protect your wallet, review token approvals, inspect contract information and reduce common risks before interacting with decentralized finance.

Bunny will never request your wallet recovery phrase.
Security Overview
Security model User-authorized access
VERIFY
Wallet custody User controlled
Transaction signing Wallet required
Recovery phrase Never requested
Blockchain actions May be irreversible
Open Security Resources
01 Verify access

Confirm the official domain before connecting a wallet.

02 Review permissions

Understand every token approval and spending limit.

03 Inspect transactions

Check the network, assets, contract and estimated result.

04 Protect credentials

Never disclose private keys or wallet recovery phrases.

The security model

User control creates user responsibility.

A non-custodial protocol allows users to authorize blockchain transactions through their own wallets. It also means Bunny cannot recover credentials, reverse completed transactions or approve an action on the user’s behalf.

The Bunny interface can organize transaction details and provide educational guidance, but the wallet remains the final authorization layer. Users must inspect each request before signing.

Protocol security includes smart-contract design, interface integrity, official communication and responsible disclosure. User security includes wallet protection, contract verification and careful approvals.

Shared security model

Different layers protect different parts of an interaction.

No single security measure can eliminate every DeFi risk. Safer interaction depends on protocol controls, wallet protection, blockchain verification and informed user decisions.

01 / INTERFACE

Official protocol access

Users should reach Bunny through the verified official domain and avoid links delivered through unsolicited messages, advertisements or impersonated support accounts.

02 / WALLET

Credential protection

The wallet recovery phrase, private key and signing device remain under user control. They should never be entered into a website, chat or support form.

03 / CONTRACT

Smart-contract logic

Contracts define executable blockchain rules. Users should verify addresses, understand permissions and recognize that technical vulnerabilities may still exist.

04 / USER

Transaction judgment

The user reviews token amounts, contract permissions, network fees, slippage and wallet prompts before deciding whether to authorize an action.

Common threat model

Recognize the risks before they reach your wallet.

01

Phishing websites

A copied website can imitate Bunny and request malicious approvals or wallet signatures. Verify the domain manually before connecting.

02

Fake support accounts

Impersonators may offer assistance through private messages and request credentials. Legitimate support should never ask for a recovery phrase.

03

Malicious token approvals

An approval can authorize a contract to spend selected tokens. Unlimited permissions can remain active after the original transaction.

04

False token contracts

Multiple assets may use the same name or symbol. Always verify the exact token contract address rather than relying on branding.

05

Unsafe wallet signatures

Some signatures can create permissions or authorize actions that are not immediately obvious. Read the wallet request and reject unfamiliar actions.

06

Smart-contract vulnerabilities

Errors, unsafe dependencies or compromised administrative controls can affect protocol operation and user assets.

Access verification Before connection
OFFICIAL DOMAIN
BUNNY APP
WALLET
Domain Verified
Connection User initiated
Credentials Not shared
Transaction review Before signing
TRANSACTION
REVIEW
SIGN OR REJECT
Network Confirmed
Contract Checked
Decision User controlled
Post-transaction review After interaction
CONFIRMATION
APPROVALS
REVOKE IF NEEDED
Status On-chain
Permissions Reviewed
Exposure Reduced

Wallet security

The wallet is your authorization boundary.

A wallet connection does not automatically transfer assets. Risk begins when a user approves token access, signs a message or authorizes a blockchain transaction without understanding it.

  • 01
    Protect the recovery phrase

    Store it offline and never provide it to a website, support representative or application.

  • 02
    Use a dedicated wallet when appropriate

    Separating long-term holdings from active DeFi activity can reduce exposure.

  • 03
    Read every wallet prompt

    Confirm the network, destination, asset, amount and permission before signing.

  • 04
    Review active approvals

    Remove permissions that are no longer required or that were granted to unfamiliar contracts.

Token approvals

An approval can remain active after the transaction.

Token approval allows a contract to spend a defined asset under specified conditions. Users should understand the approval amount and revoke unnecessary permissions.

Asset Which token?

Verify the exact contract address of the asset being approved.

Spender Which contract?

Confirm the contract receiving permission to use the token.

Limit How much access?

Check whether the approval is limited or effectively unlimited.

Duration Still required?

Review and revoke permissions that are no longer needed.

Smart-contract security

Understand the contract behind the interface.

A polished interface does not prove that a contract is safe. Users and developers should verify the contract address, review available source information and understand privileged administrative functions.

No smart contract should be treated as completely risk-free. Technical reviews can reduce uncertainty, but they cannot guarantee that every vulnerability or future dependency issue has been identified.

Review Protocol Documentation
Contract review Verification model
Blockchain network Confirmed
Contract address Matched
Source information Reviewed
Owner permissions Identified
Upgrade controls Disclosed
External dependencies Considered
Security conclusion Risk remains

Official communication

Verify information before trusting it.

Scammers can copy branding, create fake social profiles and publish fraudulent token addresses. Official information should be confirmed through more than one trusted source.

01 / DOMAIN

Official website

Type or bookmark the Bunny domain directly. Avoid connecting a wallet through unknown shortened links or sponsored copies.

02 / CONTRACTS

Verified addresses

Confirm token, pool and protocol contract addresses through official documentation before interaction.

03 / SUPPORT

Public support process

Use published contact channels. Treat unsolicited direct messages and urgent wallet requests as suspicious.

04 / GITHUB

Technical resources

Use the official Bunny GitHub page and documentation rather than repositories shared by unknown third parties.

05 / TOKEN DATA

Contract over symbol

Token names and symbols can be copied. The blockchain contract address is the primary technical identifier.

06 / ANNOUNCEMENTS

Cross-check updates

Confirm important protocol announcements across the official website, documentation and recognized project channels.

Responsible disclosure

Report security concerns privately and clearly.

Potential vulnerabilities should be reported through the official Bunny contact process before they are disclosed publicly. A useful report includes the affected component, reproduction steps, possible impact and relevant technical evidence.

Security report structure
01
Affected component

Identify the interface, contract or documented workflow.

02
Reproduction steps

Explain how the issue can be observed safely.

03
Potential impact

Describe the assets, users or protocol functions at risk.

04
Supporting evidence

Include transaction hashes, logs or technical references.

Transaction checklist

Stop and verify before signing.

Wallet prompts can appear routine, especially during repeated DeFi activity. Treat each request as a separate security decision and confirm that it matches the action you intended.

Reject the request if the network, contract, token, amount or permission differs from what you expected. A delayed transaction is safer than an irreversible mistake.

Read the Full Risk Disclosure
Before every signature
  • Confirm the official Bunny domain
  • Check the active blockchain network
  • Verify the destination contract address
  • Confirm the token and transaction amount
  • Review approval limits and permissions
  • Check fees, slippage and price impact
  • Reject unexplained message signatures
  • Never enter a wallet recovery phrase

Residual DeFi risk

Good security practices reduce risk, not eliminate it.

Even correctly verified interactions can be affected by smart-contract errors, market conditions, blockchain congestion and external dependencies.

01 / CONTRACT

Code vulnerability

A smart contract may contain an error or unexpected behavior that affects protocol operation or user assets.

02 / ADMIN

Privileged control

Authorized addresses may retain upgrade, pause, fee or other administrative permissions.

03 / DEPENDENCY

External protocols

A transaction may depend on tokens, pools, bridges, wallets or infrastructure outside Bunny.

04 / NETWORK

Blockchain conditions

Network congestion, reorganization, fee spikes or failed transactions may affect execution.

05 / MARKET

Price movement

Slippage, price impact, low liquidity and volatility can produce unexpected financial results.

06 / USER

Operational error

Incorrect addresses, networks, amounts or permissions can result in irreversible loss.

Security FAQ

Common questions about safe protocol access.

Will Bunny ever ask for my recovery phrase?
No. A wallet recovery phrase or private key should never be shared with Bunny, a support representative, a website or another person.
Is connecting a wallet the same as approving a transaction?
No. A basic wallet connection normally allows the interface to view the connected public address. Token approvals, message signatures and transactions require separate wallet actions.
What is a token approval?
A token approval grants a selected smart contract permission to use a specified token amount. The permission may remain active until it is revoked or exhausted.
How do I verify a token?
Verify the blockchain network and exact token contract address through official project documentation. A token name, logo or symbol is not sufficient.
Does open-source code guarantee security?
No. Open-source code can support review and transparency, but public availability does not guarantee that all errors, vulnerabilities or unsafe dependencies have been identified.
Can Bunny reverse a malicious transaction?
No. Confirmed blockchain transactions may be irreversible. Users should verify transaction details before signing and contact appropriate wallet or security services when an incident occurs.
How should I report a possible vulnerability?
Use the official Bunny contact channel and provide the affected component, reproduction steps, possible impact and technical evidence. Avoid publishing exploitable details before the issue can be reviewed.
Can security practices guarantee that I will not lose funds?
No. Security practices can reduce exposure to common threats, but DeFi still involves smart-contract, market, network, liquidity and operational risks.

Use Bunny responsibly

Verify first. Review carefully. Sign only when ready.

Continue to the Bunny application or review the complete protocol risk disclosure before interacting.