Security

Multi-signature Threshold Technology

  • The top priority of a decentralised wallet is security. Assure protocol contract authority requires administrator authority to operate involving upgrade and configuration. Assure adopts a multi-signature technology, so multiple private key signature authorizations are required to transfer assets. Users can customize the rules (M-of-N) when creating multi-signatures. M represents the threshold for the signature to take effect, and N represents the total number of participants. Assure adopts multisignature threshold technology with following features:

  • For mechanism, Assure restricted the data in the wallet contract. To be specific, there is a limit on the flow of cross-chain data transfer of the wallet on a daily basis. It is designed to guarantee the security of data to the greatest degree on mechanism level, so the data locked in the entire DWallet protocol have a limited quantity, thus reducing the risk of hacker attacks.

  • For technology, Assure adopts multisig to check each data flow, in the meantime, it ensures the cross-chain data transaction experience. In this way, Assure improves the safety of digital wallets greatly.

  • For consensus, Assure supports several validators signatures. It’s a kind of risk control, because the only effective method to avoid misconduct of one manager is to add more. At the same time, with the DRAND consensus random algorithm, Assure selects the main validator for each transaction and the main validator collects signatures from other validators. The validation efficiency is highly improved. In addition, for safety consideration, the signatures collected by the main validator will be revalidated through resigning. So Assure can reduce the risk of misconduct from the main validator.

  • Currently, over 90% of digital asset trading terminals use ordinary wallet address management. If multi-signature wallet management is used, the security of the wallet will be greatly improved. As shown in the figure above, under normal circumstances, user transaction addresses starting with f1 or f3 are ordinary wallet addresses, while multi-signature transaction addresses starting with f2 are multi-signature wallet addresses.

Self-custody of Transaction

  • For the user's on-chain transaction behaviors, the smart contract design ensures the self-management of transaction settlement, that is, either the transaction conditions are met and the settlement is completed, or the transaction fails, the user's assets are always kept in the wallet under their control.

Delay of the Entry Into Force

  • At the same time, for operations related to user assets, the contract has designed the feature of timelock to take effect in a delayed manner to avoid accidental immediate effect, and administrators can make corrections within the delay period.

Risk Minimization Principle

  • For the trust relationship between users and protocols, Assure follows the principle of minimization. In the first version of Assure's design, users need to trust the verification and settlement logic of the policy contract. All contract codes are open source, and transparent contract verification is completed on the chain, and anyone can audit the content of contract, thus establishing trust based on transparency.

Audit

  • The first round of audits will be completed by a professional security team before the mainnet is launched, and the launch schedule will be arranged based on the conclusions of the audit report. After the mainnet goes online, a second round of security audits will be conducted based on the contracts deployed on the mainnet. Before each contract upgrade, a third-party node audit will be submitted.

Bug Bonus

  • Assure will continue to provide Bug Bounty and encourage the community to submit security risk reports.

Last updated