Skip to main content
Kontor contracts execute in a sandboxed WebAssembly runtime with several security properties designed to prevent common attack vectors and ensure deterministic execution.

Runtime Security

Gas metering prevents infinite loops and resource exhaustion—execution halts when gas is consumed, with side effects rolled back. Every operation consumes gas proportional to its computational cost. Re-entrancy protection is enforced at the level of the runtime. Cross-contract calls execute synchronously, and contracts cannot be re-entered during execution. Storage isolation ensures contracts cannot access each other’s state except through explicit function calls with defined interfaces. Each contract has its own isolated storage namespace.

Compile-Time Safety

Type safety catches many common errors at compile time—interface mismatches, incorrect storage types, and ABI incompatibilities fail during development rather than on-chain. The WebAssembly Component Model enforces strict typing between contracts. The Sigil framework leverages Rust’s ownership model to prevent memory safety issues. Combined with the WebAssembly sandbox, this provides defense-in-depth against exploitation.

Determinism

The runtime is configured for strict determinism:
  • Threading disabled
  • SIMD off
  • Floating-point behavior canonicalized
This ensures that all indexers compute identical state from the same transaction history. Non-deterministic behavior would break consensus between indexers.