As of November 2023, this page is still in extremely early draft. We are emphasizing greatly on all things operational security as well as contract security and more, being fully aware of the fact that our past exploit event on operational security. We will look to be documenting the various actions and mitigations we are taking on this page over time. Expect this space to have more information before December 2023.
In order to protect users in case of any unexpected changes in our code, a 24-hour timelock mechanism has been implemented as of September 2023. As the protocol matures to a slower pace of development, this timelock will be upgraded incrementally up to 72 hours.
Multisig with Hardware Wallets
In addition to the timelock, every code upgrade must be approved by 3/3 of Steadefi’s core team and a trusted 3rd party. Each of these multsigners are using hardware wallets.
Restricting Team Access
We ensure in all internal communications, files, and contracts that only relevant team members or advising parties can access or interact with these data.
Decentralized fund storage
Team or protocol funds are never kept on a centralized exchange or any form of CeDeFi (centralization in decentralized finance).
Wallet and seed phrase protection
Key multisig-related wallets are all hardware with their seed phrases securely stored offline. Additionally, all Steadefi-related wallets must use unique and strong passwords.
Two-factor authentication (2FA)
Strong 2FA is required in all Steadefi systems, both engineering and social.
Basic safe business practices
Team members on every level are trained in avoiding all phishing or fake software/websites, including any crypto-related email files or other suspicious links. Public Wi-Fi will also be avoided, but if absolutely necessary, a VPN is required.