search

Security

Katana Perps is designed from the ground up with security as a core principle. The platform combines non-custodial fund management, cryptographic trade authorization, and multiple layers of operational security to protect user assets.

hashtag
Non-Custodial Architecture

Katana Perps never takes custody of user funds. All assets are held in a smart contract on the Katana blockchain. The smart contract enforces that:

  • Only you can authorize trades — Every order must be cryptographically signed by your wallet using EIP-712 typed data signatures. The smart contract verifies these signatures on-chain.

  • Only you can receive withdrawals — Funds can only be withdrawn to the wallet that deposited them. There is no mechanism for the exchange or any third party to redirect funds.

  • You can always exit — The wallet exit function allows you to reclaim your funds directly from the smart contract at any time, even if the off-chain exchange infrastructure is unavailable.

hashtag
Smart Contract Security

The Katana Perps smart contracts are the foundation of the platform's security model. They handle fund custody, balance tracking, trade settlement, and withdrawal processing.

  • Minimal attack surface — The contract is designed with minimal additional logic beyond custody and settlement, reducing the potential for vulnerabilities.

  • On-chain validation — All trades are validated on-chain, ensuring that both parties authorized the transaction and that balances are updated correctly.

  • Index price verification — Oracle price data from Pyth Network is cryptographically verified on-chain. Internal fallback prices are signed in hardware at collection and also verified by the contract.

hashtag
Operational Security

  • Data center location — Katana Perps infrastructure is hosted in AWS Asia Pacific (Tokyo) ap-northeast-1 region.

  • Session keys — The exchange uses scoped, time-limited session keys for trading actions so that your primary wallet key is never exposed during normal trading. See the Session Keysarrow-up-right page for details.

  • API key scoping — API keys support granular permission scoping (read-only, trade, withdraw) so that integrations can be given only the access they need.

hashtag
Responsible Disclosure

If you believe you have found a security vulnerability in the Katana Perps platform, smart contracts, or API, please contact the team through the appropriate security channels. Please do not disclose vulnerabilities publicly before they have been addressed.

PreviousLiquidation Partner ProgramNextFAQ