| Smart Contracts |
Security audits |
High |
✅ |
|
|
Access key management |
High |
✅ |
Access control log |
| Access controlles calls Miro board |
|
|
|
|
|
Emergency shutdown and pause control documentation |
High |
✅ |
|
|
Timelock |
- |
- |
This function is not needed |
|
Formal verification |
Medium |
- |
|
|
Bug bounty |
Medium |
- |
Is planning to be launched after the Liquid Farming (Lending) roll-out. |
|
Testing and documentation |
Informational |
⌛ |
|
|
Smart-contract documentation including: addresses, ownership information, admin control information, immutable/upgradeable labels. |
Informational |
✅ |
|
| Frontend |
Access key management |
Medium |
✅ |
|
|
Ddos/XSS/CSRF/CSP protection |
High |
✅ |
Cloudflare Buisness WAF |
|
Domain name protection |
High |
✅ |
Ultimate domain name protection is activated |
| 2FA is activated |
|
|
|
|
|
Github account protection |
Medium |
✅ |
2FA is activated |
|
Access policies |
Informational |
|
|
| Price Oracles |
The price-base price feed oracle for nASTR insted of the collateral-base. |
High |
⌛ |
Additional liquidity is needed for the ASTR/nASTR pool on Arthswap |
|
Multi price feed oracle |
- |
⌛ |
|
|
Monitoring and emergency shutdown procedures |
Medium |
- |
|
|
Price oracle documentation |
Informational |
⌛ |
|
| Algem specific risks |
Risk of the full liquidation of the full Sio2 position |
Low |
⌛ |
|
| Internal practices |
Product design workflow |
Informational |
✅ |
|
|
Development workflow |
Informational |
✅ |
|
|
Pre-audit procedures and check list |
Informational |
✅ |
|
|
Deployment stages |
Informational |
✅ |
|
|
Post-deployment checks and procedures |
Informational |
✅ |
|
|
CM terms and rules |
Informational |
⌛ |
|
|
Incident and emergency response plan |
Informational |
⌛ |
Good case study |
| Yearn Finance Emergency Procedures guide |
|
|
|
|
| User-side security |
Multisig and hard wallets support |
|
|
|
|
Astar Safe integration |
|
|
|
| Other |
nASTR liquidity depth |
High |
⌛ |
|
|
nASTR collateral risk monitoring dashboard |
Informational |
|
|
|
Digital asset custody services integration |
|
research |
https://www.fireblocks.com/ |
|
Real time threats monitoring tool integration |
|
research |
https://forta.org/ |
|
User education and awareness |
Informational |
✅ |
The security tips rubric was launched in our blog. Information about risks was added to the docs. |
|
Insurance against smart contracts vulnerabilities |
Medium |
|
|
|
Security module implementation |
|
research |
|
|
Github account structure and updates |
Informational |
⌛ |
|
|
Social networks accounts protection |
Informational |
⌛ |
|
| Governance |
|
|
|
Not relevant for now |