π‘οΈSecurity Overview
Security is paramount for Eonian. We did multiple research and audits to increase the security level of DeFi and bring it closer to the traditional financial security level.
Last updated
Security is paramount for Eonian. We did multiple research and audits to increase the security level of DeFi and bring it closer to the traditional financial security level.
Last updated
Security is a more complicated topic in DeFi than in traditional finances. We described the basis of the DeFi Protocol Triemma, which prevents the majority of DeFi projects from building safe and reliable protocols.
To solve DeFi security issues, we use many different approaches and strategies, which include:
SecOps and Secure SDLC - We take a security-first approach to ensure that all of our contracts are safe to use. We use enterprise-level software security practices such as SecOps and Secure SDLC, which have already shown great results in the Web2 world but have been overlooked by many Web3 developers.
Continuous Monitoring - We don't stop at the audit of the protocol. Security is not a point where you can stop working. We monitor new breaches and hacks in DeFi to quickly react and fix vulnerabilities where others may be failing. You can see the list of vulnerabilities that we collected and monitor there.
Rigorous Testing - We use code review, automated testing, and code coverage reports. We investigate and will build a solution for automated code analysis for vulnerabilities.
Attack Analysis - We collected more than 40 smart contract vulnerabilities and different hack cases. During development, we are making vector attack analyses using these vulnerabilities to find ways the hackers can attack our protocol.
Attack Simulations - We are working on instruments to test protocol by making possible attack simulations on the blockchain before deploying new changes for the mainnet.
Multi-layer Testing - We test our protocol on three different levels: Preview (On testnet), Development (on mainnet, but only accessible to the main team), and Staging (On Mainnet, but accessible to the team and dedicated alpha testers). You can read about it there.
Insurance Pool - At the current moment, our insurance pool is mainly bootstrapped on foundersβ money. It means that in case of any issue or hack, we will first who lose money as we will be forced to repay users their losses. This way, we want to show how much we trust our solution and how motivated we are to keep the safety of the solution at the highest level. The pool is stored separately from the main protocol. This ensures we will be able to repay usersβ money even if the Eonian protocol is compromised.
Next-generation security system - We are working on protocol monitoring on blockchain. It will monitor not only our protocol but also the protocols in which we move liquidity. At any moment, monitoring will be able to provide the current state of money flow and the health state's overall investment system. It will also use the mempool of the blockchain to monitor future transactions and to understand when there will be possible hacks or issues that can result in money loss. By using such information, we will be able to automatically send withdrawal transactions before bad transactions are committed and save all money from vulnerable protocols.
Third-party Audits - our smart contract protocol is continuously validated by third-party audit companies before each significant change is deployed to the public.
Vertical Audits - We make independent vertical audits of all protocols in which our protocol invests. Unlike standard audits, which primarily focus on code, vertical audits offer a holistic examination. This includes not only the code but also the operational mechanisms, administrative roles, upgrade paths, and, critically, the team behind the protocol. You can see the list of audits there.
Circuit Breakers - If our protocol detects significant losses, it automatically pauses itself and withdraws all money to prevent further damage. You can read about it there.
We place the central place of our development on the security of protocol. You can read more about it on our website. In these documents, you can read additional information and explanations of the different safety systems that we use.
Audits of our protocol by third-party providers:
Audits performed by our team for third-party investment protocols:
The system that prevents excessive losses of assets:
List of audits conducted by our core development team.
The checklist that we use to audit new projects.
List of hacks and resources to fight with them that our core team collected and maintained.
Series "How We Fight DeFi Vulnerabilities"
