Security Policy

Non-custodial by design

0node is a delegation-only interface to Solana's native stake program. It cannot move, custody, or freeze your funds. Every state-changing action is a transaction that your wallet signs locally — we never receive, store, or transmit your private key, seed phrase, or wallet password.

Stake account authorities (staker + withdrawer) are set to your wallet's address on creation. We are not on the authority list. If you stop using this site, your stake accounts continue to operate normally — anyone with a Solana CLI or compatible UI can manage them with the same wallet.

Validator infrastructure

Bare-metal servers with enterprise-grade networking and disk redundancy.
SSH access is key-only — no passwords accepted on the validator host.
Identity keypair lives on the validator host only. It is not present in this site's code, the source repository, or any staging/build environment.
Validator client: Jito-Solana BAM, kept on the current stable release with monitoring for vote credit anomalies.
Public observability: rank, vote success rate, skip rate, and uptime are all visible on Stakewiz and other Solana explorers.

Frontend security

100% client-side application. No backend, no database, no login, no analytics, no third-party trackers.
Strict Content-Security-Policy: script-src 'self' with a sha256 allow-list for the single inline JSON-LD block, no 'unsafe-inline' or 'unsafe-eval'.
frame-ancestors 'none' prevents the site from being embedded in an attacker-controlled iframe (clickjacking).
HSTS with includeSubDomains forces HTTPS for one year.
Referrer-Policy is strict-origin-when-cross-origin; paths and query strings never leak to third parties.
Validator names and icons are read directly from the Solana on-chain validator-info Config program. We do not relay this through any third-party indexer.
Icons load only for the 0node validator; we never pull images from arbitrary third-party servers based on on-chain pointers.
Persistent state is limited to functional localStorage entries (custom-RPC URL, disconnect intent flag, validator metadata cache). No cookies, no fingerprinting, no advertising IDs.

Code and dependencies

Source code is published on GitHub so anyone can audit what runs in their browser.
Dependencies are pinned in bun.lock. Production builds always use those exact versions; minor bumps are explicit commits, not silent upgrades.
Routine bun audit checks. Transitive WebSocket-stack advisories are tracked and shipped only when they affect code paths we actually import.
Builds are reproducible (Vite + Bun) and deployed via Netlify. Each release is an immutable, hash-named asset bundle.

Incident response

Suspected vulnerabilities or active incidents: support@0node.io. We commit to acknowledging the report within 48 hours.

Operational alerts and post-mortems are posted in our community channels: Discord and Telegram.

Coordinated disclosure is appreciated. Please give us a reasonable window to fix and ship before publication; in exchange we will credit the reporter publicly if they wish.

Out of scope

Bugs in Solana itself, wallet extensions, or other validators — report those to the respective project.
Cosmetic issues with no security impact.
Self-XSS that requires a user to paste hostile code into their own browser console.
Findings only reproducible with a user-supplied malicious custom RPC URL. We display a warning when this option is enabled and consider trusting an unknown endpoint a user-side decision.

Compliance

The site is designed to align with GDPR data-minimization principles: we do not collect personal data, do not set cookies, do not run analytics, and only persist functional state in the visitor's own localStorage. See the Privacy Notice for the full breakdown.