🔐Security
A Comprehensive Overview of Our Safeguarding Features
Last updated
A Comprehensive Overview of Our Safeguarding Features
Last updated
The protection and security of customer funds stand at the forefront of our priorities. To ensure this, we have implemented state-of-the-art security measures that permeate every layer of our software development lifecycle and the infrastructure underpinning our application. Our commitment to maintaining the highest standards of safety has led us to engage with independent experts for an unbiased evaluation of our systems.
Our operational procedures and internal controls have been thoroughly reviewed and endorsed by an external advisor who has developed architecture for Jones Dao, a major DeFi protocol and an innovator in the Arbitrum ecosystem. This comprehensive approach to security underscores our dedication to safeguarding our customers' assets with the utmost diligence and care.
At Vaultus we employ advanced methodologies and trusted cloud-based infrastructure services to fortify our frontend security. Our approach integrates cutting-edge DevOps practices and utilizes premier tools such as Sentry for real-time monitoring and instant alerting, ensuring the highest level of operational security. Our Defense-in-Depth strategy serves as a multifaceted safeguard against potential breaches. This layered security approach enhances our resilience, providing an additional line of defense that is crucial for maintaining the integrity of our platform.
Proactive Infrastructure Monitoring
Recognizing the importance of proactive measures, we have developed custom monitoring solutions specifically designed to scrutinize the configurations of our cloud infrastructure, including DNS records and the Content Delivery Network (CDN). This bespoke software enables immediate detection and notification of any unauthorized modifications. Such monitoring ensures that we can swiftly respond to and neutralize threats, potentially taking our website offline to prevent any compromised interactions, thereby safeguarding our users from engaging in unintended or fraudulent transactions.
Mitigating Supply-Chain Risks
In response to the growing concern of software supply-chain attacks, we have implemented rigorous protocols to secure our dependencies. This includes the strategic practice of version pinning, engaging with threat intelligence services for up-to-the-minute security insights, and exercising meticulous judgment on library updates. Each decision regarding our software dependencies is made with careful consideration, balancing the need for innovation with the imperative of security.
Website and infrastructure security reports for our domains can be generated on demand using public auditing tools. Those include, for example: Mozilla Observatory and SSL Labs.
In preparation for our launch, Vaultus Finance instituted a rigorous program of internal audits and verifications to affirm that all team members adhere to our security protocols. This comprehensive review encompassed:
Thorough Inventory and Secure Ownership of Protocol Secrets: Ensuring that all critical protocol secrets are accounted for and securely managed.
Enforcement of Master Passwords and Two-Factor Authentication (2FA): Mandating the use of robust master passwords and 2FA for all essential accounts, including email, social media, and GitHub, to bolster account security.
Controlled Access to Smart Contracts and Multisig Wallets: Regulating access to smart contracts and multisig wallets to prevent unauthorized use.
Safeguarded Ownership and Key Access: Maintaining strict control over the ownership and access rights to sensitive keys.
Secure Transmission of Secrets: Implementing protocols for the safe exchange of secrets and sensitive information among team members, ensuring data integrity.
Vaultus Finance is committed to the highest standards of security, guided by the following non-negotiable policies:
Robust Password Management: Utilizing machine-generated, complex passwords for all services, securely stored within a password manager.
Two-Factor Authentication (2FA) Protection: Extending the use of 2FA to our password manager and all cloud-based services, including project and team social media accounts, to enhance security measures.
Secure Handling of Secrets: Prohibiting the storage of secrets in version control systems or their insecure distribution, to prevent potential breaches.
Rigorous Code Review Process: Enforcing a policy where no code changes are deployed to production without undergoing a thorough internal review to ensure quality and security.
Automated Testing and Deployment: Leveraging automation for testing and deployment processes, with strict policies in place to block merges to the master branch until all code reviews are satisfactorily completed.
Phishing Mitigation Strategies: Reducing the risk of phishing attacks by minimizing email usage, blocking email attachments, and promoting awareness among team members.
Additionally, Vaultus Finance prioritizes ongoing internal training to reinforce security principles, share insights from recent security incidents, and foster a culture of continuous improvement and vigilance. This proactive approach ensures that our team remains at the forefront of security practices, safeguarding our platform and protecting our users' interests.
The initial phase of Vaultus Finance was introduced through an exclusive, invitation-only approach, marking a carefully curated launch to ensure the highest standards of security and functionality. During our initial development phase, Vaultus Finance will have TVL restrictions. In our commitment to transparency and excellence, we have established rigorous criteria before removing said restrictions. These criteria are as follows:
Comprehensive Smart Contract Audits: Our smart contracts are subject to thorough examination by a distinguished auditing firm known for its expertise in blockchain security. This critical step is to ensure that our contracts are robust, secure, and free from vulnerabilities.
In-depth Review and Implementation of Audit Recommendations: Following the audit, our team will review all findings and promptly implement any suggested modifications. This process guarantees that our platform adheres to the best security practices and addresses potential risks proactively.
Publication of Audit Results: Transparency is a cornerstone of our operations. As such, we will make the audit results publicly available in our documentation. This measure is intended to provide our users with peace of mind and confidence in the security and integrity of our platform.
Only upon fulfilling these conditions will we consider removing our TVL restrictions, ensuring that Vaultus Finance operates on a foundation of trust, security, and unwavering commitment to our users' safety.
