As of December 2023, this page is still in a working draft.
We are committed to taking a holistic security outlook, which includes all things operational security and more, beyond βjustβ contract security. We are fully aware of the painful exploit event we suffered due to improper operational security on August 2023.
As of December 2023, Steadefi is in a working engagement with LedgerWorks, a DeFi-focused, holistic security firm.
We will look to be documenting the various plans, risk assessments and security enhancement actions and mitigations in this space over time.
Timelock
In order to protect users in case of any unexpected changes in our code, a 24-hour timelock mechanism has been implemented as of September 2023. As the protocol matures to a slower pace of development, this timelock will be upgraded incrementally up to 72 hours.
Multisig with Hardware Wallets
In addition to the timelock, every code upgrade must be approved by 3/3 of Steadefiβs core team and a trusted 3rd party. Each of these multsigners are using hardware wallets.
Restrictive Permissions
We ensure in all internal communications, files, and contracts that only relevant team members or advising parties can access or interact with these data.
Decentralized fund storage
Team or protocol funds are never kept on a centralized exchange or any form of CeDeFi (centralization in decentralized finance).
Wallet and seed phrase protection
Key multisig-related wallets are all hardware with their seed phrases securely stored offline. Additionally, all Steadefi-related wallets must use unique and strong passwords.
Two-factor authentication (2FA)
Strong 2FA is required in all Steadefi systems, both engineering and social.
Basic safe business practices
Team members on every level are trained in avoiding all phishing or fake software/websites, including any crypto-related email files or other suspicious links. Public Wi-Fi will also be avoided, but if absolutely necessary, a VPN is required.