Sudo

Security & privacy

Web3-native safety. Built into every layer.

Sudo combines end-to-end encryption, on-chain validators, scam-link defence and hardware-wallet support into one safety stack — open source, audited and self-hostable.

5/5

Audits passed

$1M

Bug bounty pool

100%

E2EE messages

0

Funds lost in escrow

The stack

Eight defences working together

End-to-end encryption

Messages encrypted with libsignal. Group rooms use MLS for forward-secret group keys.

Approval revoker

One-click revocation of risky token approvals across every chain you transact on.

Scam-link autopurge

Built-in detector flags airdrop bait, fake-mint sites and approval traps before you click.

Hardware wallet first

Ledger and Trezor signing supported on every device. Optional 'hardware-only' account mode.

Spend limits

Per-app daily limits — even if a dApp is malicious, it can't drain you.

Validator-secured escrow

Disputed deals resolved by hidden validator panels — never by Sudo support.

Spam-resistant DMs

First DM costs a refundable gas-only stake. Bots cost more than they earn.

Self-host the relay

The Sudo relay is open source. Power users and orgs can run their own.

Self-defence tools

Tools you can use today

Approval Revoker

Scan every chain for outstanding ERC-20 / 721 / 1155 approvals. Revoke in bulk in one transaction batch.

Open revoker

Scam Inbox

Sudo flags inbound payments, airdrops and DMs that match known scam fingerprints. Filter to a quarantine folder.

Configure filters

Wallet Health

Personalised security score based on signing history, hardware-wallet usage and approval hygiene.

Run a check

Stealth Pay

Send privately to stealth addresses for one-off receivers — no chain-of-custody on the recipient.

Try stealth

Phish Trainer

Sudo periodically sends harmless test phishes — pass them and unlock badges. Fail and we coach you.

Start training

Backup Vault

Encrypted backup of your encryption keys via Shamir sharding to friends or hardware devices.

Set up backup

Security model

What we guarantee, what we don't

We do protect message confidentiality with on-device E2EE, prevent custody risk by holding zero user funds, randomise validator selection via on-chain VRF, and slash bad actors with public, on-chain penalties.

We do not recover lost private keys, reverse on-chain transactions, take sides in escrow disputes, or moderate the contents of E2E encrypted DMs (we cannot read them).

The full threat model, audit reports and incident response playbook are published on GitHub. Pull requests welcome.

View audits

Bug bounty

Up to $250,000 per critical finding

Critical

$50k–$250k

Smart contract drain, key extraction, validator collusion exploits.

High

$10k–$50k

DM leakage, payment redirection, escrow bypass.

Medium

$2k–$10k

Auth bypass, unauthorised metadata access, denial-of-service vectors.

Low

$250–$2k

UX confusion that could lead to user loss, missing rate limits.

Info

Swag + credit

Hardening suggestions, threat-model improvements.

Special

Negotiated

Whole-system or novel-class exploits with responsible disclosure.

Reports go to security@su.do (PGP key on GitHub) or via Immunefi. We acknowledge within 24 hours and triage within 72.

FAQ

Security, answered

Can Sudo read my messages?+
No. Messages are encrypted on your device with keys we never see. We can't read DMs, group chats, or in-call audio.
Can Sudo move my funds?+
No. Sudo is non-custodial. Every payment, escrow and contract interaction is signed by your wallet, not us.
What if Sudo gets hacked?+
Worst case: relay metadata (who-talks-to-whom timing) might leak. Message contents stay encrypted. Funds stay in your wallet. Validators continue to operate.
How is selection of validators audited?+
Selection uses Chainlink VRF + on-chain entropy and emits a verifiable random output per dispute. Anyone can replay the math.
How do I report a security issue?+
Email security@su.do with PGP, or submit through Immunefi. Critical findings receive bounty within 30 days of confirmation.

Open source. Audited. Self-hostable.

Security shouldn't be a black box.