Security
Bunny Protocol Security
Security begins before the transaction.
Learn how to verify Bunny access, protect your wallet, review token approvals, inspect contract information and reduce common risks before interacting with decentralized finance.
Confirm the official domain before connecting a wallet.
Understand every token approval and spending limit.
Check the network, assets, contract and estimated result.
Never disclose private keys or wallet recovery phrases.
The security model
User control creates user responsibility.
A non-custodial protocol allows users to authorize blockchain transactions through their own wallets. It also means Bunny cannot recover credentials, reverse completed transactions or approve an action on the user’s behalf.
The Bunny interface can organize transaction details and provide educational guidance, but the wallet remains the final authorization layer. Users must inspect each request before signing.
Protocol security includes smart-contract design, interface integrity, official communication and responsible disclosure. User security includes wallet protection, contract verification and careful approvals.
Shared security model
Different layers protect different parts of an interaction.
No single security measure can eliminate every DeFi risk. Safer interaction depends on protocol controls, wallet protection, blockchain verification and informed user decisions.
Official protocol access
Users should reach Bunny through the verified official domain and avoid links delivered through unsolicited messages, advertisements or impersonated support accounts.
Credential protection
The wallet recovery phrase, private key and signing device remain under user control. They should never be entered into a website, chat or support form.
Smart-contract logic
Contracts define executable blockchain rules. Users should verify addresses, understand permissions and recognize that technical vulnerabilities may still exist.
Transaction judgment
The user reviews token amounts, contract permissions, network fees, slippage and wallet prompts before deciding whether to authorize an action.
Common threat model
Recognize the risks before they reach your wallet.
Phishing websites
A copied website can imitate Bunny and request malicious approvals or wallet signatures. Verify the domain manually before connecting.
Fake support accounts
Impersonators may offer assistance through private messages and request credentials. Legitimate support should never ask for a recovery phrase.
Malicious token approvals
An approval can authorize a contract to spend selected tokens. Unlimited permissions can remain active after the original transaction.
False token contracts
Multiple assets may use the same name or symbol. Always verify the exact token contract address rather than relying on branding.
Unsafe wallet signatures
Some signatures can create permissions or authorize actions that are not immediately obvious. Read the wallet request and reject unfamiliar actions.
Smart-contract vulnerabilities
Errors, unsafe dependencies or compromised administrative controls can affect protocol operation and user assets.
Wallet security
The wallet is your authorization boundary.
A wallet connection does not automatically transfer assets. Risk begins when a user approves token access, signs a message or authorizes a blockchain transaction without understanding it.
-
01
Protect the recovery phrase
Store it offline and never provide it to a website, support representative or application.
-
02
Use a dedicated wallet when appropriate
Separating long-term holdings from active DeFi activity can reduce exposure.
-
03
Read every wallet prompt
Confirm the network, destination, asset, amount and permission before signing.
-
04
Review active approvals
Remove permissions that are no longer required or that were granted to unfamiliar contracts.
Token approvals
An approval can remain active after the transaction.
Token approval allows a contract to spend a defined asset under specified conditions. Users should understand the approval amount and revoke unnecessary permissions.
Verify the exact contract address of the asset being approved.
Confirm the contract receiving permission to use the token.
Check whether the approval is limited or effectively unlimited.
Review and revoke permissions that are no longer needed.
Smart-contract security
Understand the contract behind the interface.
A polished interface does not prove that a contract is safe. Users and developers should verify the contract address, review available source information and understand privileged administrative functions.
No smart contract should be treated as completely risk-free. Technical reviews can reduce uncertainty, but they cannot guarantee that every vulnerability or future dependency issue has been identified.
Review Protocol DocumentationOfficial communication
Verify information before trusting it.
Scammers can copy branding, create fake social profiles and publish fraudulent token addresses. Official information should be confirmed through more than one trusted source.
Official website
Type or bookmark the Bunny domain directly. Avoid connecting a wallet through unknown shortened links or sponsored copies.
Verified addresses
Confirm token, pool and protocol contract addresses through official documentation before interaction.
Public support process
Use published contact channels. Treat unsolicited direct messages and urgent wallet requests as suspicious.
Technical resources
Use the official Bunny GitHub page and documentation rather than repositories shared by unknown third parties.
Contract over symbol
Token names and symbols can be copied. The blockchain contract address is the primary technical identifier.
Cross-check updates
Confirm important protocol announcements across the official website, documentation and recognized project channels.
Responsible disclosure
Report security concerns privately and clearly.
Potential vulnerabilities should be reported through the official Bunny contact process before they are disclosed publicly. A useful report includes the affected component, reproduction steps, possible impact and relevant technical evidence.
Identify the interface, contract or documented workflow.
Explain how the issue can be observed safely.
Describe the assets, users or protocol functions at risk.
Include transaction hashes, logs or technical references.
Transaction checklist
Stop and verify before signing.
Wallet prompts can appear routine, especially during repeated DeFi activity. Treat each request as a separate security decision and confirm that it matches the action you intended.
Reject the request if the network, contract, token, amount or permission differs from what you expected. A delayed transaction is safer than an irreversible mistake.
Read the Full Risk Disclosure- Confirm the official Bunny domain
- Check the active blockchain network
- Verify the destination contract address
- Confirm the token and transaction amount
- Review approval limits and permissions
- Check fees, slippage and price impact
- Reject unexplained message signatures
- Never enter a wallet recovery phrase
Residual DeFi risk
Good security practices reduce risk, not eliminate it.
Even correctly verified interactions can be affected by smart-contract errors, market conditions, blockchain congestion and external dependencies.
Code vulnerability
A smart contract may contain an error or unexpected behavior that affects protocol operation or user assets.
Privileged control
Authorized addresses may retain upgrade, pause, fee or other administrative permissions.
External protocols
A transaction may depend on tokens, pools, bridges, wallets or infrastructure outside Bunny.
Blockchain conditions
Network congestion, reorganization, fee spikes or failed transactions may affect execution.
Price movement
Slippage, price impact, low liquidity and volatility can produce unexpected financial results.
Operational error
Incorrect addresses, networks, amounts or permissions can result in irreversible loss.
Security FAQ
Common questions about safe protocol access.
Will Bunny ever ask for my recovery phrase?
Is connecting a wallet the same as approving a transaction?
What is a token approval?
How do I verify a token?
Does open-source code guarantee security?
Can Bunny reverse a malicious transaction?
How should I report a possible vulnerability?
Can security practices guarantee that I will not lose funds?
Use Bunny responsibly
Verify first. Review carefully. Sign only when ready.
Continue to the Bunny application or review the complete protocol risk disclosure before interacting.
