Overview

This page serves as an overview of the Obol Network from a security point of view.

This page is updated quarterly. The last update was on 2025-December-05.

View the operational status of Obol's supporting infrastructure at https://status.obol.org/. Your distributed validator does not require any centrally managed software to operate (if you run your own relay).

Table of Contents

• Overview

  • Table of Contents

  • Official Domains and Channels

  • List of Security Audits and Assessments

  • Security focused documents

  • Bug Bounty

Domain names and official channels

The Obol network and affiliated teams may use the following domain names and social media accounts;

• obol.org

• obol.tech

• obol.dev

• dvlabs.tech

• @obol_collective on x.com

• @dv_labs on x.com

Be wary of any communication presenting as related to Obol from other domains or social media accounts. Use good judgement and caution even when interacting with trusted domains and channels, as domain names, emails, and social media accounts can be compromised or impersonated.

List of Security Audits and Assessments

The completed audits reports are linked here.

• A review of Obol Labs development processes by Ethereal Ventures.

• A security assessment of Charon by Sigma Prime resulting in version v0.16.0.

• A second assessment of Charon by QuantStamp resulting in version v0.19.1.

• A solidity audit of the Obol Splits contracts by Zach Obront.

• A penetration testing certificate of the Obol DV Launchpad by Sayfer.

• A second and third solidity audit by Nethermind Security.

Security focused documents

• A threat model for a DV middleware client like Charon.

Bug Bounty

Information related to disclosing bugs and vulnerabilities to Obol can be found on the next page.