Skip to content
Pybara Docs

Security Overview

Trustless Architecture

Section titled “Trustless Architecture”

No Custody

Section titled “No Custody”

Pybara never holds funds. Payments transfer directly from customer to merchant on-chain — no intermediary, no escrow.

Blackhole Canister

Section titled “Blackhole Canister”

Payment verification runs in a blackhole canister whose controller is set to the NNS root canister, making it permanently immutable. The code cannot be upgraded or modified by anyone, including Pybara.

Publicly Verifiable

Section titled “Publicly Verifiable”

All payment transactions are recorded on the Internet Computer’s public ledgers and can be independently verified using the canister ID and block indices returned with every payment.

Internet Computer Security

Section titled “Internet Computer Security”

Blockchain Verification

Section titled “Blockchain Verification”

Every payment is verified on the Internet Computer blockchain. No centralised server can fake or modify confirmed transactions.

Subnet Consensus

Section titled “Subnet Consensus”

Transactions require consensus from multiple independent nodes — no single point of failure or compromise.

Certified Responses

Section titled “Certified Responses”

Data served from IC canisters is cryptographically certified by the subnet’s BLS signature, making responses tamper-evident.

Wallet Security

Section titled “Wallet Security”

Internet Identity

Section titled “Internet Identity”

Authentication uses Internet Identity — a decentralised, passwordless system supporting:

  • Biometric authentication (Face ID, Touch ID, Windows Hello)
  • Hardware security keys (FIDO2/WebAuthn)
  • No passwords to steal or leak

Non-Custodial

Section titled “Non-Custodial”

Wallet keys are derived from the user’s Internet Identity. Pybara has no access to user funds and cannot initiate transfers on a user’s behalf.

Session Controls

Section titled “Session Controls”

Users can configure idle timeout and maximum session duration in Settings, limiting exposure if a device is left unattended.

Code Review

Section titled “Code Review”

Pybara’s canister code is reviewed against DFINITY’s official security best practices and implemented using DFINITY Agent Skills — vetted implementation patterns for IC development covering access control, stable memory, inter-canister call safety, and upgrade hygiene.

Code is reviewed by the Pybara team and AI-assisted tooling (Caffeine AI, Claude). No independent third-party audit has been completed yet.

Responsible Disclosure

Section titled “Responsible Disclosure”

Found a security issue? See the Responsible Disclosure Policy or email security@pybara.com.