Protocol Security
1. Smart Contract Security
In addition to external code audits conducted by professional security firms, we have meticulously designed and rigorously controlled multiple aspects of our smart contracts, including business logic, fund access permissions, and code security.
Secure Business Logic Design for Smart Contracts:
Our smart contract business logic is designed with security at its core, implemented in two key phases. During the internal testing phase, contracts are designed to be upgradeable, with upgrade permissions tightly controlled by a multi-signature (multi-sig) address, requiring multiple parties to approve any changes. After the testing phase, contracts transition to a non-upgradeable state, significantly reducing potential upgrade-related risks and enhancing both stability and security.
Strict Fund Access Restrictions:
From the outset, our smart contracts are designed with the strictest limitations on fund access. Only users can withdraw funds to their own addresses. No other entity or individual, including non-whitelisted addresses, can transfer funds to their own addresses or unauthorized destinations (e.g., only whitelisted DeFi protocols like Aave or Compound are permitted). This ensures the absolute security of user funds.
Foundry-Based Contract Development and Testing:
Our smart contracts are built using Foundry, a powerful development framework. Foundry offers robust testing capabilities, including fuzzing tests, property-based testing, and extensive cheatcodes, significantly improving testing depth and efficiency. Additionally, Foundry’s built-in debugging and tracing tools greatly facilitate contract development and issue resolution.
Internal Code Audits:
Before deployment and submission for external audits, we conduct comprehensive internal code scans using automated security tools like MythX and Slither. These tools proactively identify and mitigate common vulnerabilities, ensuring the robustness of our codebase.
Multi-Sig Solution:
We leverage Safe Wallet, an industry-leading multi-sig service, paired with an automated Agent that analyzes and reports on every multi-sig transaction. This ensures that all transactions signed by the multi-sig wallet are secure and thoroughly vetted.
2. Frontend and User Interaction Security
As the primary interface for user interactions with our smart contracts, the frontend’s security is critical to safeguarding user assets. We have implemented the following measures to minimize risks and ensure secure user interactions:
Comprehensive Protection Against Web Application Vulnerabilities:
We employ stringent measures to prevent common web application vulnerabilities, such as cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection, and insecure API key management. These safeguards protect the frontend application from malicious exploits and ensure its integrity.
Phishing Awareness and Secure DApp Deployment:
We continuously educate users on the importance of avoiding phishing websites and fraudulent DApps. Our official DApp is deployed exclusively on secure, trusted domains and uses HTTPS encryption throughout to prevent man-in-the-middle attacks and ensure the confidentiality and integrity of data transmission.
Transparent Transaction Confirmation Process:
Before users sign any on-chain transactions, we present a clear and intuitive breakdown of all critical transaction details. This includes the specific smart contract function being called, the token amounts involved, and other relevant information. This transparency ensures users fully understand and authorize every action, minimizing the risk of errors due to misinformation.
Rigorous Dependency Management and Regular Updates:
We maintain a strict process for managing frontend libraries and dependencies. All third-party libraries and dependencies undergo regular security audits and updates to patch known vulnerabilities promptly, reducing risks associated with outdated or compromised components.
3. Continuous Monitoring and Incident Response
Protocol security is a dynamic, ongoing process that requires constant vigilance and rapid response to potential threats. To this end, we will keep building and delivering robust monitoring and incident response mechanisms:
Real-Time On-Chain Monitoring:
We deploy automated monitoring systems to continuously track and analyze on-chain activities of our smart contracts. These systems monitor transaction volumes, detect anomalous behavior (e.g., large or unusual transfers, repetitive transactions), and identify potential attack patterns. Any deviation from normal activity triggers immediate alerts for investigation.
Incentivized Bug Bounty Program:
We actively maintain a bug bounty program to encourage security researchers and white-hat hackers worldwide to identify and report potential vulnerabilities in our DApp or smart contracts. This crowdsourced approach allows us to address issues before they can be exploited, further strengthening protocol security.
Incident Response Framework:
We have developed a detailed and actionable incident response plan that covers the entire process, from vulnerability discovery to resolution. This includes clear internal communication protocols, step-by-step vulnerability mitigation procedures (e.g., pausing affected functions, deploying patches), and mechanisms for promptly and transparently notifying users when necessary. This ensures efficient, organized handling of security incidents, minimizing potential damage.
Last updated