LaserSell

Security is a foundational pillar of LaserSell, not an afterthought.

We build for adversarial conditions from day one. Every layer of our stack is designed around realistic threat models, explicit trust boundaries, and operational discipline to protect trader capital.

Security-First Leadership

LaserSell is built with a deep understanding of real-world threat models. Threat-modeling discipline is embedded into product design, release, and operations. Our founder is OSCP certified and has extensive frontline experience as a Security Engineer, Penetration Tester, Bug Bounty Hunter, and Security Analyst at HackerOne.

Proactive Client Security

Client security controls are designed to reduce exploitability, contain blast radius, and preserve key confidentiality under pressure.

  • LaserSell Client is built in Rust to benefit from strict memory-safety guarantees and reduce common exploit classes.
  • Private keys are stored in a local encrypted keystore using Argon2id key derivation and XChaCha20-Poly1305 authenticated encryption, unlocked only with your passphrase.
  • Transaction payloads are handled with defensive isolation and minimal exposure windows to protect funds.

Independent Audits

We do not rely on internal testing alone. LaserSell systems and new software releases are independently audited by our security partners at Null Consolidated.

External review is built into our release process so findings are identified early and remediated before broad deployment.

Null ConsolidatedVisit website

Vulnerability Disclosure Policy (VDP)

We actively welcome and encourage responsible disclosure from the security community. Scope, rules of engagement, and safe-harbor expectations are published in our `security.txt`.

View security.txt

Reporting & Contact

Send vulnerability reports to our security team and include clear reproduction details, impact, and affected versions.

Contact:security@lasersell.io

For sensitive submissions, strongly encrypt your report with our PGP key before sending:

Download LaserSell PGP Key

Disclosure Workflow

What to expect when submitting a vulnerability report.

1. Initial Triage

We validate scope and severity quickly, then acknowledge legitimate reports with transparent communication.

2. Remediation & Verification

Confirmed vulnerabilities are prioritized for remediation and validated through targeted testing and partner review where applicable.

3. Closure

After a verified fix, we communicate closure details and next actions to support responsible disclosure.