> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kontor.network/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

Kontor contracts execute in a sandboxed WebAssembly runtime with several security properties designed to prevent common attack vectors and ensure deterministic execution.

## Runtime Security

**Gas metering** prevents infinite loops and resource exhaustion—execution halts when gas is consumed, with side effects rolled back. Every operation consumes gas proportional to its computational cost.

**Re-entrancy protection** is enforced at the level of the runtime. Cross-contract calls execute synchronously, and contracts cannot be re-entered during execution.

**Storage isolation** ensures contracts cannot access each other's state except through explicit function calls with defined interfaces. Each contract has its own isolated storage namespace.

## Compile-Time Safety

**Type safety** catches many common errors at compile time—interface mismatches, incorrect storage types, and ABI incompatibilities fail during development rather than on-chain. The WebAssembly Component Model enforces strict typing between contracts.

The Sigil framework leverages Rust's ownership model to prevent memory safety issues. Combined with the WebAssembly sandbox, this provides defense-in-depth against exploitation.

## Determinism

The runtime is configured for strict determinism:

* Threading disabled
* SIMD off
* Floating-point behavior canonicalized

This ensures that all indexers compute identical state from the same transaction history. Non-deterministic behavior would break consensus between indexers.
