π‘οΈSecurity
Security is always our top priority at Krystal. We've implemented comprehensive external and internal security measures to ensure that our users can enjoy using Krystal with complete peace of mind.
External Audit
We recently conducted a thorough audit with Code4rena, involving 1,137 lines of code, 6 security researchers, and 10 days of rigorous analysis. Five medium-severity and five low-severity issues were identified by the researchers and resolved by Krystal team. Below is a summary for medium-severity issues found and actions:
The detailed report can be found in the link below:
Internal Measures
We've implemented four key measures to ensure that even Krystal's developers cannot exploit the system or access user funds.
Access Control
#limit_fee #pause #multi_sig
The Krystal V3 Automation
smart contract is operated and guarded by three distinct roles: Admin
, Withdrawer
, and Operator
. Each role has specific responsibilities and limitations, enhancing the overall safety and integrity of the system.
The
Admin
role has the following capabilities:Assign a wallet to be
Operator
orWithdrawer
Pause the smart contract to halt the executing orders
Set the ceiling fee taken in one execution
This role is maintained by a multi-sig wallet, requiring 5 out of 6 signatures to approve any action.
The
Withdrawer
role has one capability:Withdraw the collected fee in the smart contract
Withdrawers cannot access any of the LP positions. This role is also managed by a multi-sig wallet with a different set of approvals to mitigate risks. Additionally, the Admin role can change the assigned wallets for this role.
The
Operator
role has one capability:Manage usersβ positions on their behalf, including depositing, withdrawing, and collecting fees from the pool
Operators are restricted to a limited set of actions necessary for rebalancing only. All actions are encapsulated in specific transactions (rebalances) to prevent unrestricted access to funds. This role is operated by multiple Externally Owned Accounts (EOA) to handle multiple orders simultaneously. Operators can be added or removed by the Admin role.
Sign & Verify
#verification
The smart contracts only run the settings by the owner; even Krystal devs wonβt be able to change those settings
Since Operator
would deposit, withdraw & collect liquidity assets, and swap according to the userβs intentions on their behalf, Krystal will ask users to sign their order off-chain and then verify this signature once again on the smart contract.
Users will sign their order configurations using EIP-712: Typed structured data hashing and signing. These signatures will be securely stored by Krystal:
When the Operator calls the V3 Automation smart contract to execute a function, it includes the signature and order configuration. The smart contract then verifies that the signer matches the position owner.:
Canceling orders
#cancel
Smart contract settings ensure that users retain full control over their positions and automation, even if Krystalβs servers are inaccessible.
In case of system malfunctions or failures, users can directly interact with the smart contract. By using the cancelOrder
method with the order configuration and signature, users can cancel their orders, preventing the Operator
from executing them.
In any case, the fund is safe on-chain even when our server is down or malfunctioning.
Revoke
#revoke
Users can call the NonfungiblePositionManager
smart contract using the setApprovalForAll(V3 Automation Address, false)
method to revoke permission for V3 Automation. Once revoked, Krystal will no longer be able to execute their orders.
Last updated