In the ever-evolving landscape of blockchain technology and decentralized finance (DeFi), security is not just a priority; it’s the bedrock upon which trust and reliability are built. Algem recognizes that a robust security framework is paramount to its mission. In this article, we embark on a journey through the intricacies of Algem’s security infrastructure. From its foundational principles to the practical implementation of state-of-the-art security measures, we’ll unveil how Algem is committed to providing users with an inherently secure environment for their financial endeavours. Join us as we explore the core of Algem’s security commitment, designed to protect and empower users in an ever-expanding digital frontier.
Overview
Security ranks supreme in Algem’s priorities. We understand security as an ongoing process, constantly refining our defenses to ensure users’ comprehensive protection.
Algem’s security roadmap: A global approach
Our Algem Security Roadmap embodies our strong position. It describes the key parameters we address to establish comprehensive security.
Algem contract documentation: Focus on transparency
For greater transparency, explore Algem’s Contract Documentation. It hosts all contracts deployed, highlighting our dedication to openness.
In short, Algem is relentless in its pursuit of security excellence, setting industry benchmarks and providing a secure space for all.
Contracts information
Security deployment and contract administration
Algem contracts are deployed using GitHub CI and incorporate OpenZeppelin library modules, bolstering protocol dependability.
A majority of these contracts are designed for upgradability. When engaging with such contracts, remember to exclusively employ the Proxy address.
Role-based smart-contact management
Algem employs a role-based system for managing smart contracts. This entails confining vital operations to the multisig wallet, while routine, non-critical actions are permissible via the ordinary wallet. This system encompasses two distinct roles:
- DEFAULT_ADMIN_ROLE
3/4 Gnosis Safe Multisig controlled by the two Algem team members and two Astar Network Core team members.
Multisig address: 0xf1893e221227ff7B28D0dBe4dc367F54AAf9BEBD (Astar Network mainnet).
All the contract changes and grant/revoke role operations could be made only under the DEFAULT_ADMIN_ROLE (via the multi-signature transaction).
- MANAGER
Regular address with Algem development team access.
Manager address: 0xf9B9068276163f47cd5599750496c48BeEba7B44 (Astar Network mainnet).
This role is used for the non-crucial operations which cannot affect the security level of the dApp such as setting the minimal staking amount, etc.
For a comprehensive rundown of operations allocated to each role, please refer to the Miro board provided.
Deployed Smart Contract Addresses
View Algem’s Smart Contracts on Github:
https://github.com/AlgemDeFi/algem-contracts
- Liquid Staking
Contract name: Liquid Staking
Contract address: 0x70d264472327B67898c919809A9dc4759B6c0f27
The contract is upgradeable.
- Liquid Staking Manager
Contract name: LiquidStakingManager
Contract address: 0x6edB3FdA40B8110fc0B820b48B7567E337915ffa
The contract is upgradeable.
- NDistributor
Contract name: NDistributor
Contract address: 0x460FB32070b77eB4Ff8d8f3EF717972F24433C83
The contract is upgradeable.
- NFT Distributor
Contract name: NFTDistributor
Contract address: 0x5167D19e76934D881FBdd77FB97ea36fb4FaE0cf
The contract is upgradeable.
- Adapters Distributor
Contract name: AdaptersDistributor
Contract address: 0x294Bb6b8e692543f373383A84A1f296D3C297aEf
The contract is upgradeable.
- Algem Liquid Staking Discount
Contract name: AlgemLiquidStakingDiscount
Contract address: 0xF0F9238013af5982f97A347D190181F200Ad68CD
The contract is upgradeable.
- Sirius Adapter
Contract name: SiriusAdapter
Contract address: 0x29774f72d921d1F5C591ab68dE532a528A4288B4
The contract is upgradeable.
- Kagla Adapter
Contract name: KaglaAdapter
Contract address: 0x8d4F87A8f688Af04e9E3023C8846c3f6c64f410e
The contract is upgradeable.
- Arthswap Adapter
Contract name: ArthswapAdapter
Contract address: 0x09D5476c1c31eeE81E31dFD6923C314D33E57a4F
The contract is upgradeable.
- Sio2 Adapter
Contract name: Sio2Adapter
Contract address: 0x7dE84319633850Bdabc557A1C61DA9E926cB4fF0
The contract is upgradeable.
- nASTR
Contract name: nASTR
Contract address: 0xE511ED88575C57767BAfb72BfD10775413E3F2b0
The contract is upgradeable.
- Algemantis Nautilus Pass (NFT)
Contract name: AlgemantisNautilusPass
Contract address: 0x170a3768117A9Ae6939EA46c1b4265e94De44534
The contract is immutable.
- Algem Liquid Staking Discount (NFT)
Contract name: AlgemLiquidStakingDiscount
Contract address: 0xF0F9238013af5982f97A347D190181F200Ad68CD
The contract is upgradeable.
- Algem Dojo (NFT)
Contract name: AlgemDojo
Contract address: 0xeBdA851087FF6A75961781987B9f1F7832D9DeB0
The contract is immutable.
Pause Functionality
The pause feature serves to halt contracts temporarily during incident response.
Presently, it’s activated for the following contracts:
- Liquid Staking
- NASTR
- Sio2 Adapter
Pause functionality adheres to the Pausable module standard within the OpenZeppelin library for all these contracts.
Contract.pause()
Pause a contract by setting the paused boolean flag to True.
Contract.unpause()
Unpause a contract that was previously paused, re-enabling exchanges.
Disabling functionality:
- Liquid Staking
All calls to contract functions are blocked.
- NASTR
- transfer()
- transferFrom()
- mint()
- burn()
- Sio2 Adapter
- supply()
- withdraw()
- borrow()
- addSTokens()
- claimRewards()
Timelock
Our contracts operate without a time-lock function, as administrative actions are exclusively managed through the multi-signature wallet’s address. This design guarantees swift execution of administrative decisions, eliminating the necessity for time-based delays, all the while upholding a secure and well-regulated environment.
On-chain threats monitoring system
Presently, the Algem team is actively investigating on-chain monitoring systems, akin to the functionality offered by platforms such as Forta.
Internal practices
Product architecture design workflow
Security is rooted in a sturdy product architecture design. The core principles driving Algem’s research and planning approach are:
- Hacker-Proof Framework: This involves a holistic product security perspective and the integration of features and tools that effectively minimize adverse outcomes.
- Economic Resilience: This encompasses incentivizing positive behavior, establishing robust ALGM tokenomics and mechanics, protecting the interests of Algem stakeholders, and mitigating various economic risks.
- Isolation: Ensuring segregation between dApp products and components.
Guided by these principles, the product architecture design workflow unfolds as follows:
- Problem Identification and Initial Architecture Overview:
Initiate the process by identifying the problem to be solved and outlining the initial architecture overview.
- Information Gathering and Analysis:
Collect data through competitor analysis, user statistics, behavior analysis, community feedback, and relevant research. This information provides valuable insights.
- Internal Review and Discussions:
Engage in internal discussions to evaluate the gathered data and refine the initial architecture overview.
- Update Architecture Overview:
Update the initial product architecture overview based on the insights gained from data and internal discussions.
- Specialist Collaboration:
Collaborate with domain experts such as security specialists and economic researchers to scrutinize and enhance the proposed architecture. Formally document the refined architecture design.
- Community Engagement:
Engage with the community through public discussions, gathering feedback on the proposed architecture. Valid suggestions lead to adjustments in product mechanics.
- Final Architecture Design:
Formalize the final product architecture design based on refined insights, community input, and specialist contributions.
- Transition to Development:
Move from the design phase to the development phase, using the finalized architecture design as the foundation.
- Publication and Documentation:
Once development is completed, publish the product architecture in the documentation. This documentation serves as a reference for stakeholders.
Development workflow
Smart Contract Design:
Plan the architecture, logic, and interfaces of contracts meticulously, incorporating the insights derived from the planning phase.
Contract Implementation:
Begin writing contracts using Solidity, adhering to the established design. Craft clear, concise, and readable code that accurately embodies the intended functionalities. Abide by best practices, emphasizing modularity and efficient data management to ensure maintainability.
Comprehensive Unit Testing:
Develop an extensive suite of unit tests employing frameworks like Mocha or Chai and Foundry. Encompass various scenarios and use cases to validate contract behavior. Rigorous unit testing catches issues early and prevents regressions.
Local Development Testing:
Utilize local blockchain networks such as Ganache and Anvil to deploy and interact with contracts throughout the development process. Test diverse scenarios to confirm contract accuracy and efficiency, all without incurring gas costs.
Security Auditing:
Execute meticulous security audits of smart contracts, combining manual code reviews and automated analysis tools. The goal is to pinpoint vulnerabilities like reentrancy, integer overflows, and access control concerns. Rigorous auditing mitigates security risks post-deployment.
Deployment Process:
Initially deploy contracts to a test network (testnet) to validate behavior in a genuine blockchain setting. Following thorough testing and verification, deploy the finalized contracts to the main network (e.g., Astar network).
Continuous Monitoring and Maintenance:
Maintain a vigilant watch over deployed contracts, detecting any unexpected issues or anomalies that may arise during their active usage.
Documentation:
Provide comprehensive documentation elucidating contract functions and their usage. This resource ensures that users can effectively understand and interact with the deployed contracts.
Pre-Audit Preparations: Ensuring Contract Integrity
A sequence of meticulous pre-audit procedures are in place to guarantee the operational reliability of the contracts. These steps encompass, yet extend beyond:
Thorough Documentation:
Compile comprehensive documentation, featuring UML diagrams that elucidate the architecture. Incorporate Natspec and function header comments to clarify function and contract objectives, alongside their parameters.
Code Alignment with Style Guide:
Align the code with the Solidity Style Guide’s Contract Layout Recommendations, ensuring a coherent and standardized codebase.
Mathematical Formulas Clarity:
Document any utilized mathematical formulas transparently, ensuring their clear comprehension.
Static Analysis Utilization:
Employ static analysis tools like Slither and Mythx.io to unearth and resolve rudimentary issues within the pre-audit codebase.
Comprehensive Testing Regimen:
Implement a multifaceted testing regime, comprising:
- Unit Testing: Thoroughly examine basic functions in isolated units.
- Fuzz Testing: Introduce random data into functions to uncover unexpected outcomes.
- Regression Testing: Stress-test the system by deploying a beta version onto the testnet.
- Integration Testing: Conduct tests to ensure the system functions harmoniously as a whole.
Test Integration into Repository:
Embed the developed tests into the GitHub repository, enhancing transparency and collaborative contribution.
User Interface Integration:
Seamlessly link contracts with the user interface, facilitating live tests to validate real-time functionality.
Community-Driven Pre-Launch Testing:
Collaborate with the community to execute comprehensive pre-launch tests, validating system performance and identifying potential anomalies.
Code Refinement: Prerequisites for Development Progression
To ensure seamless advancement in development, a set of pertinent questions must be addressed for the code:
Appropriate Naming Conventions: Are the naming conventions chosen for the code both descriptive and simplistic? If complexity arises, do they find elucidation in a project glossary?
Uniform Style Consistency: Does the code maintain consistent styling throughout the entire codebase, enhancing readability and comprehension?
Modularity Integration: Is the code used in contracts modular? Have intricate operations been divided into smaller, more comprehensible functions? If core functionalities span multiple libraries or contracts, is encapsulation well-executed, facilitating seamless navigation?
Code Readability and Organization: Is the code organized methodically, grouping operations that share similar behaviors? Is it written in a readable manner, fostering ease of understanding?
Smart-Contract Readiness Checklist: Ensuring Thorough Preparation
Prior to proceeding, cross-check the following points:
- Have all requisite tests been formulated and integrated into the repository containing the contracts?
- Is documentation outlining the test and contract execution process included in the repository?
- Have any necessary mathematical formulas and supplementary data been appropriately documented and appended to the repository?
- Are you aligned with the Solidity Style Guide’s Contract Layout Recommendations?
- Are there no extraneous comments, unused code blocks, or lingering TODOs?
- Have redundant variables and functions been eliminated?
- Have adequate access control settings been instituted?
- Has the code undergone scrutiny via static analysis tools?
- Has another developer reviewed the code for quality assurance?
- Is the Solidity version compatibility verified?
Deployment Stages: Ensuring Contract Success
Contract Creation: Begin by crafting the Solidity smart contract code that embodies the desired functionality.
Compilation: Compile the code to generate bytecode, essential for the subsequent deployment process.
Contract Deployment: Initiate a transaction that includes the bytecode, instigating the formation of a new contract instance within the blockchain.
Testing: Rigorously test the deployed contract’s functionality on the blockchain, exploring various scenarios and use cases.
Interacting with the Contract: Facilitate user interaction by enabling them to invoke functions and engage with the deployed contract.
Upgrades and Maintenance: Consider the future by contemplating potential updates or fresh iterations of the contract to meet evolving needs.
Post-Deployment Checks and Protocols: Ensuring Excellence
Functionality Testing: Rigorously test various functions and interactions within the live contract, confirming their seamless operation on the actual blockchain.
Security Audit: Collaborate with a seasoned security audit firm to scrutinize the contract’s code, pinpointing vulnerabilities, errors, and potential threats.
Gas Usage Optimization: Analyze the gas consumption of contract functions, meticulously optimizing for economical transaction costs.
Access Control Review: Conduct a comprehensive review of access controls, affirming that only authorized users can engage with specific functions and data.
Documentation Review: Reassess and update the contract’s documentation, ensuring its alignment with the deployed functionality.
Monitoring and Event Tracking: Enforce event logs and monitoring tools, effectively tracking contract usage and promptly addressing any unusual occurrences.
User Communication: Promptly notify users about the successful contract deployment, providing lucid instructions for interacting with the contract’s live version.
Incident and emergency response plan
You can access all our security processes and contract information conveniently through our documentation and Algem’s GitHub repository.
Conclusion:
In the realm of blockchain technology, Algem’s commitment to security, reliability, and user-centricity shines through every stage of its product development lifecycle. From meticulous smart contract design and coding to comprehensive testing, expert auditing, and thoughtful deployment, Algem strives for excellence.
Through structured workflows and adherence to best practices, Algem ensures that its platform is fortified against vulnerabilities and threats. By integrating user feedback and collaborating with security experts, the platform prioritizes transparency, robustness, and trustworthiness.
The dedication to a secure architecture, adherence to coding standards, and thorough documentation exemplify Algem’s holistic approach. Its unyielding focus on security not only safeguards user interests but also sets the stage for a cutting-edge experience that is efficient, secure, and user-friendly.
As Algem journeys forward, the commitment to continuous improvement, vigilant monitoring, and proactive communication with users will remain steadfast. This holistic approach positions Algem as a reliable, secure, and innovative platform that empowers users in a rapidly evolving blockchain landscape.
About Algem
Algem is a decentralized application built on the Astar Network and offers two main features: liquid staking and liquid lending. As their names suggest, these two options let ASTR holders keep their assets liquid while putting them to work. Also, the liquid staking and lending solutions let users use Algem’s liquid nASTR tokens across Astar’s Defi ecosystem to earn staking rewards and make more money. In doing so, Algem supports other Defi protocols by providing liquidity and creating a sustainable and cooperative ecosystem on the Astar Network and Polkadot.
How we had been making Algemantis Nautilus Pass NFT
Everything You Need To Know About Liquid Staking On Astar Network
Partnership with Sirius Finance
Introduction in Algem