〰️
FlowDex
  • Introduction
    • What is FlowDex?
    • What is $FDX?
    • Key Features
  • Get Started
    • Set Up a Wallet
    • Funding Your Wallet
    • Connecting wallet
  • Overview
    • FlowDex Staking
    • Liquid Staking
    • Delta Neutral
    • Leverage Lending
    • Auto-Compounding
    • Stablecoin Pools
    • Referral Program
  • For Developers
    • Vault Contract
    • Strategy Contract
    • Additional Functions
  • Protection
    • Security
    • Audits
  • LINKS
    • Website
    • Twitter
Powered by GitBook
On this page
  • 🟠 The Problem
  • 🟠 The Solution
  • 🟠 Secure Key Management with HSM
  • 🟠 Remote Signing Mechanism
  • 🟠 Additional Security Measures
  1. Protection

Security

PreviousAdditional FunctionsNextAudits

Last updated 3 months ago

FlowDex ensures maximum security for staking operations through a multi-layered protection system, preventing key leaks, unauthorized access, and other threats related to asset management. The platform employs hardware-based key management, cryptographic security, and remote signing mechanisms to protect validators and users from malicious attacks.

🟠 The Problem

One of the biggest risks for validators and staking participants is the compromise of private keys. If a private key is exposed, it can lead to double-signing penalties (slashing) and financial losses. Even if a validator exits quickly, the unstaking process takes several days, and setting up a new validator can take weeksβ€”resulting in missed staking rewards and lost profits.

🟠 The Solution

FlowDex utilizes advanced security measures, including Hardware Security Modules (HSM) and a remote signing mechanism to protect validator keys and transactions.

🟠 Secure Key Management with HSM

HSM (Hardware Security Module) is a dedicated cryptographic processor designed to secure the lifecycle of private keys and prevent unauthorized access. The HSM ensures that private keys are never exposed, even during transaction signing.

The signing process follows a strict zero-trust model and requires authentication at multiple levels before signing transactions:

from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes

# Generate a secure key (this would be done inside the HSM)
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048
)

# Function to sign transactions securely
def sign_transaction(transaction_data):
    signature = private_key.sign(
        transaction_data.encode(),
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    return signature

This ensures that all transactions are securely signed within the HSM, preventing unauthorized access.

🟠 Remote Signing Mechanism

FlowDex implements a remote signing process that verifies all transaction requests before sending them to the HSM. The system includes:

  • Short-lived tokens for validator authentication when signing blocks.

  • Long-lived tokens for unstaking requests, restricted by IP whitelisting and withdrawal limits.

  • Double-signing detection to prevent slashing events.

def validate_signature(transaction, public_key, signature):
    try:
        public_key.verify(
            signature,
            transaction.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return True
    except Exception as e:
        return False

This ensures that any unauthorized signing attempts are detected and rejected before execution.

🟠 Additional Security Measures

  • Geo-redundant HSM storage to prevent loss due to hardware failures.

  • Majority-based key recovery using secure multi-signature schemes.

  • Automated monitoring and threat detection to prevent malicious transactions.