Push the Button On Security with Octane Integration

Button integrated Octane’s AI-powered security platform directly into its CI/CD pipeline to identify issues early, make secure design decisions, and ship faster. In the first analyses, Octane uncovered bugs that were undetected in prior reviews and delivered intelligence that changed how the team builds secure Bitcoin finance products from day one.

Get new posts & updates straight to your inbox

Thank you for subscribing!

Oops! Something went wrong while submitting the form.

Screenshot of the UI of the Octane platform

Analyze your code

Push the Button On Security with Octane Integration

Proactive Security

When Button set out to bring Bitcoin’s capital efficiency onchain, they wanted to move fast while integrating proactive security from day one. As a lean team using AI to scale their company, they needed a solution that could match development velocity and uncover real issues before they became expensive redesigns later in the build process.

With a small, experienced team building sophisticated products for a multi-billion-dollar asset class, every design choice for Button carries weight. But traditional audits alone don’t fit this proactive model. Waiting weeks to get on audit calendars means they’re completed too late, when architecture decisions have already been made.

That’s where Octane’s AI-powered security comes in. Integrated directly into development workflows, Octane gives Button something audits cannot: real-time security intelligence as design decisions are being made. The decision to integrate Octane aligns perfectly with Button’s philosophy of using AI to scale.

After seeing the issues Octane surfaced, the Button team realized how earlier feedback could have changed entire design paths.

Meet Button

Button is Bitcoin’s onchain prime broker, an infrastructure layer that connects credit, yield, and trading in one unified system. Built for the next generation of Bitcoin-native finance, Button enables users to borrow, trade, and earn with BTC while maintaining full self-custody. Built on Hyperliquid, Button combines Bitcoin’s strength with Hyperliquid’s execution-grade infrastructure to power real financial primitives onchain.

Developing this kind of infrastructure requires precision and speed, because even small design choices can ripple through complex onchain systems. To combine this speed with proactive security, Button turned to Octane for continuous, AI-powered code analysis that runs alongside development.

Early Results for Button

When Button integrated Octane’s AI-powered security platform, the impact was immediate. The first few analyses showed how proactive security, embedded directly into development, can change the way teams design secure protocols from day one.

Pending-withdrawal accounting in `BasisTradeVault` misprices deposits (Severity: High)

During the first analysis, this finding showed the value of integrating security early and how it can shape secure design decisions. Octane uncovered a flaw in how deposits were priced when withdrawals were queued, a subtle but impactful accounting bug that could have led to holder dilution and mispriced vault equity.

Bug: When withdrawals are queued, the vault locks a fixed asset amount (after withdrawal fee) but does not subtract this from `totalAssets`, while the corresponding escrowed shares remain in `totalSupply` until processing. Deposits are priced at `A/S` instead of the fair variable-equity price `(A - L)/(S - s0)`. With a non-zero withdrawal fee, this underprices new deposits and over-mints shares to new entrants, diluting remaining holders.

Fix: Octane recommended liability-aware accounting: adjusting for `totalPendingWithdrawals` and `totalEscrowedShares` in the deposit preview logic to ensure accurate, fair-value pricing.

Result: The team redesigned its vault accounting model to handle withdrawal queues precisely, eliminating dilution and preserving the integrity of deposit pricing for all holders.