๐Ÿ”’ Security & Transparency

100% on-chain.
100% in your control.

BotBank never touches your money. Smart contracts enforce every rule. The blockchain proves every transaction. You hold the keys.

BotBank Security
Core Principles
Security isn't a feature. It's the foundation.
๐Ÿ”

Non-Custodial

BotBank never has access to your funds. Your vault is a smart contract โ€” only you hold the owner keys. We can't touch your money, even if we wanted to.

โ›“๏ธ

On-Chain Rules

Spending limits, whitelists, and thresholds are enforced at the smart contract level. Not by our servers โ€” by math. Immutable. Unstoppable.

๐Ÿ”

Full Transparency

Every transaction is recorded on Base L2 (Ethereum). Anyone can verify any payment, any time. No hidden ledgers. No trust required.

How It Works
Security at every layer
๐Ÿฆ

Vault Security (Your Money)

Your vault is a smart contract on Base L2, inheriting Ethereum's security. Only the vault owner (you) can:

  • Withdraw funds from the vault
  • Create or delete agent accounts
  • Modify spending rules
  • Freeze or unfreeze agents

The smart contract code is open source and audited by third-party security firms.

๐Ÿค–

Agent Security (Their Spending)

Each agent account has hard-coded limits in the smart contract:

  • Daily budget cap โ€” mathematically impossible to exceed
  • Vendor whitelist โ€” can only pay approved addresses
  • Per-transaction threshold โ€” large payments require human approval
  • Account isolation โ€” agents cannot access each other's funds

Even if an agent is compromised, the damage is limited to its daily budget with whitelisted vendors only.

๐Ÿ”‘

API Key Security

Agent API keys are scoped and revocable:

  • Each key is tied to one agent account
  • Keys can be revoked instantly (one click)
  • Keys have permission levels (pay only, read only, full)
  • All key usage is logged and auditable
๐Ÿšจ

Emergency Controls

When something goes wrong, you have multiple kill switches:

  • ๐Ÿ›‘ Freeze agent โ€” single agent stops instantly
  • ๐Ÿ›‘ Freeze vault โ€” all agents stop instantly
  • ๐Ÿ”‘ Revoke key โ€” specific key disabled
  • ๐Ÿ’ฐ Withdraw all โ€” pull everything back to your wallet

All emergency actions execute on-chain in under 1 second.

Blockchain Transparency
Don't trust us. Verify.

Every transaction produces an on-chain receipt that anyone can verify. This isn't a database entry โ€” it's a permanent, immutable record on the Ethereum network.

  • Every payment has a transaction hash
  • Verify any transaction on BaseScan
  • Smart contract code is open source
  • Contract audits published publicly
  • No hidden fees or off-chain transactions
  • Export complete history anytime
transaction receipt
{ "txHash": "0x7a3f...8c2d", "block": 18547293, "timestamp": "2026-02-21T08:42:15Z", "from": "research-agent", "to": "api.openai.com", "amount": "4.20 USDC", "vault": "0x7B4f...3E9a", "status": "approved", "rule_check": { "daily_limit": "PASS (18.40/50.00)", "whitelist": "PASS", "threshold": "PASS (4.20 < 25.00)" }, "verify": "basescan.org/tx/0x7a3f..." }
Comparison
BotBank vs traditional approaches
TraditionalBotBank
Fund controlYour credit card on fileSmart contract vault
Spending limitsSoftware-level (hackable)Contract-level (immutable)
Agent isolationShared API keysIndividual accounts
Kill switchDelete API key manuallyOne-click freeze
Audit trailMultiple dashboardsOn-chain receipts
CustodyPlatform holds your moneyNon-custodial (your keys)
TransparencyTrust the companyVerify on-chain
Security FAQ
Common security questions
What if BotBank goes down?
Your funds are in a smart contract, not on our servers. Even if BotBank disappears, you can interact directly with the smart contract to withdraw your funds. We never have custody.
What if an agent's API key is stolen?
The thief can only spend within the agent's daily limit and whitelisted vendors. Revoke the key instantly from your dashboard. Maximum exposure = one day's budget to approved vendors only.
Has the smart contract been audited?
Yes. Our contracts are audited by independent security firms, and the code is open source on GitHub. Anyone can review it.
What blockchain do you use?
Base L2, which inherits Ethereum's security while providing near-instant transactions and fees under $0.01. Base is built by Coinbase and is one of the most trusted L2 networks.
Can BotBank access my funds?
No. The smart contract is non-custodial. Only the vault owner address (you) can withdraw funds. BotBank's servers facilitate the API layer but never hold or control funds.

Security you can verify, not just trust

Open source. On-chain. Audited. Non-custodial.

Get Started โ†’