Security Policies and Protection Measures

Multisig Approval

Multisig approval requires multiple signatures to invoke sensitive admin functions. Similar to multisig wallets, this policy prevents operational errors, human mistakes, and protects against compromised keys scenarios by requiring multiple signatures for the protected functions.

Offchain Approval

Offchain approval requires an off-chain validation signature for predefined transactions, before submitting them on-chain. This policy is safeguarding sensitive processes from operational errors and human mistakes. This use case of multi step approval is aimed at specifically validating the transaction data and behavior.

Privileged Access Management

Privilege Access Management (PAM) controls access to critical/sensitive functions by privileged users. It reduces the risk of unauthorized access or misuse by enforcing strict policies, tracking activities, and ensuring that only authorized individuals have the necessary permissions to perform sensitive tasks.

Rate Limits / Volume Thresholds

Rate limits set a volume threshold, limiting the amount of funds that can be transferred within a given time frame. They can detect large or abnormal transfers, serving as an essential damage control tool.

Compliance / Whitelist / Blacklist

Whitelists and blacklists control the access to your dApp. A whitelist allows only approved entities to access or perform certain actions, while a blacklist blocks specific entities from access, helping to prevent unauthorized or harmful activities.

Reentrancy Guard

spherex reentrancy guard eanbles an automatic and reconfigurable reentrancy guard integration, with no more need in manually inserting nonReentrant modifier.

spherex can also protect against a multi-contract reentrancy, by using a global flag. This prevent reentrancy attacks that do not necessarily reentered the same contract (which is covered by OpenZeppelin's reentrancy guard), but to other contracts of the same projects.

Moreover,

Invariance Protection and Health Checks

Invariance protection ensures that certain conditions or properties remain unchanged throughout the contract's execution. This is crucial for maintaining the integrity and security of the contract, as it prevents unintended state changes due to vulnerabilities or exploits.

Virtual Patching

Virtual patches provide protection by closing vulnerabilities exposures in the underlying smart contracts without modifying the actual source code. They work by intercepting and analyzing transaction data or behavior to block potential exploits, acting as a temporary safeguard until an official patch is released.