Network Security
Thorstarter utilizes the existing decentralized security framework of THORChain. Thorstarter utilizes THORChain network validators and nodes to ensure security, including witnessing cross chain transactions. Bonded RUNE works to ensure that network security is maintained, and malicious behavior punished. Smart Contract Security In order to ensure the security of smart contracts, the Thorstarter team will perform frequent security audits in partnership with the THORChain core contributing team. We will also commission multiple paid audits from reputable audit firms.
We will observe a set of general best practices:
Preparing for failure: Our smart contracts will launch with the ability to pause for a short amount of time (a ‘circuit breaker’). This will give us the time to re-deploy new, patched smart contracts, including a way for users to migrate over, should we discover any critical vulnerabilities. We will also launch a bug bounty program, encouraging security experts to find and report vulnerabilities before they are exploited.
Slow rollout and deployment: We will start with local testing when making changes to smart contracts. This will be followed by a period of testing on public testnets, where all community members will be encouraged to test our changes and report any issues. We will launch certain products and features in a closed beta before opening them to the public, in order to test security with real funds but limited risk.
Simple contracts: We aim to keep our smart contracts as simple as possible, and will avoid building future functionality into one large contract. Instead, we will add functionality only when needed, and via separate, interoperable, and equally simple contracts. We rely on a secure and audited base for reusable functionality and libraries (OpenZeppelin).
Code updates: We understand that the crypto landscape evolves fast and our practices and code needs to keep up in order to stay secure. That’s why we are already using the latest version of the Solidity compiler and the latest version of the OpenZeppelin smart contracts and development tools.
Adhering to blockchain properties: All of our math is based on block numbers instead of timestamps in order to avoid timestamp dependence, and because we are cautious of reentrancy bugs arising during state transitions.
Last, we are working closely with the THORChain team and community to audit all contracts, and to improve on the economic model of the Thorstarter network.
Security Audit : Thorstarter will be conducting security audits and will publish the results on Github
Copy link