unFederalReserve and The First Key: Safety
A fundamental part of the Reserve Lending® product development
How we are meeting the moment:
- Our leadership and commitment to transparent communication
- Minting protocols and leadership wallets moved to multi-signature accounts
- Custody partner for company cryptocurrencies
- Chainlink® integration
- KYC Chain® KYC/AML partnership
- Chief Compliance Officer search
- Smart contract and platform insurance
- Smart contract auditing
- Engagement with security researchers and PEN testing consultants on any major releases
- Pursuit of top tier exchange listing
- Reserve Lending® platform CeFI integration plan
- Chainalysis® engagement
Howard first became aware of the Disney® four keys on a tour of the Magic Kingdom®. It was there that the cast-member described how all employees are trained to view every situation through the lens of these keys:
Safety, Courtesy, Show, and Efficiency
In September of last year, Disney added Inclusion. The establishment of a mission, vision and values statement was a priority for unFederalReserve’s leadership in order to form a similar type of framework within which all matters would be decided. As an eRSDL holder you are part of that framework, akin to having interest in a General Partnership.
For this blogpost we explore how unFederalReserve is rising to the challenge of meeting our first and foremost principle, Safety.
U.S. regulatory compliance is both a requirement for institutional adoption and the greatest way to de-risk the product. We will adopt the procedures necessary and work towards complete U.S. regulatory compliance. Certain aspects of our platform may have to move off-shore or near-shore in order to allow us time to firm up the often costly and more difficult regulatory elements.
Why safety/security is important to Ryan as CTO
In the past, I have built and managed large teams; building, PKI and cryptography-based products. I have spent countless hours with our on-staff Security Researcher, attended the amazing https://www.defcon.org/ main event every year, and implemented SSDLC (Secure Software Development LifeCycle) process for my teams.
Attending DefCon was very eye opening, hackers are very creative, persistent, and smart. You need to make sure you do your best to secure all areas, as well as manage the human element. Core company data and systems that have human interface must be secured in order to reduce risk of loss for our customers.
This work is very detail oriented, and sometimes it can feel like you’re slowing down fast paced development. There would be real consequences for our users were there to be a successful attack.
As always, in DeFi, please understand there are always risks of hackers and loss of funds. But we are hoping this article shows we are taking every action possible to mitigate those risks.
We will not be taking shortcuts or saving money to trade for better security. Our SAFETY key is our most important key. This importance is why we are starting with this key in our series!
We welcome all eRSDL holder, security researchers and hackers to help us in this task. Safety is really a community effort, but we will do everything we can as a company to do the right thing; namely, securing our products and operational processes on a best efforts’ basis.
Please email us at info@unfederalreserve.com if you are a security researcher, and would like to review more detailed internal security related information.
Sincerely,
~ Ryan Medlin & Howard Krieger
Top Security risks in the DeFi/CeFi space
- Technology failure — hacks or manipulation of the software
- Economic hacking — hacks involving gaming the DeFi ecosystem to extract value from protocols
- Fraud and theft — individuals or corporations posing as others
- Country-specific risk — local regulatory and compliance challenges
- Liquidity risk — lack of activity on the DeFI platform causing inability to liquidate
- Financial risk — the underlying business (e.g. Residual Token, Inc.) failing
- Rugpulls and bad actors (PAID, a recent example)
- Key person risk — what happens if a prominent member of the team is incapacitated
- Regulatory/Legal Risk (Copyright/Open source licenses/following AML laws in U.S.)
10 Ways Reserve Lending® is Addressing Safety
1. Minting Protocols and Leadership Wallets
We recently published our Management Token Policy, which was designed to make very public our intentions regarding the token. It will the be the basis for future, community driven policies additions and amendments going forward. The utility of eRSDL comes from your participation in the development of the platform.
2. New Company Wallet Processes
The policy included discussions around ways we operate and secure the wallets. Varying amounts of operational funds will be moved from this account once a month per monthly budget estimates.
3. Chainlink Integration
From Chainlink’s website: It is a, “… decentralized oracle network provides reliable, tamper-proof inputs and outputs for complex smart contracts on any blockchain.”
The project must qualify to partner with Chainlink. The remaining qualification is a listing with a large exchange. We are actively addressing that requirement.
Since eRSDL will not have a Chainlink integration until we are on at least two Tier1 exchanges, our price feed is pulling data from the healthiest exchange. By far the healthiest exchange based on our research, and thought leadership from the eRSDL holder community, is Uniswap. The volume and liquidity numbers for Uniswap prevent anyone but the most dedicated and resource heavy attackers from manipulating outcomes. We intend to closely monitoring behaviour via our operational dashboards accordingly.
4. KYC-Chain® KYC/AML Partnership
KYC-Chain is a provider of KYC and AML services to a number of financial institutions. While their purpose is more generally associated with the commercial platform, they are able to provide benefits to the community today. Please read more about this relationship here.
With respect to AML we engaged Chainalysis® to support unknown source SARs reports. Conversations have been started with AML Resources, a provider of KYC/AML services to BlockFi, Gemini, Coinbase(according to their sales lead).
5. Chief Compliance Officer and Risk Management
In advance of business requirement gathering, design and development of the Reserve B2B Lending® product, we will seek to onboard on a consultancy basis (at first) a compliance official tasked with creating, managing and executing a regulatory framework designed to meet the standards set by the various regulatory bodies. This includes developing a roadmap to complete the 5 pillars of KYC and AML.
Our risk management advisor will separately identify and scope out for development the various KPIs regarding individual and overall transactions or trends. This data will support potential Bank Secrecy Act reporting needs.
6. Operational Security of Reserve Lending
We have put into place a 3 of 4 signature requirement for all core smart contracts used in our Reserve Lending® platform.
Nota that a more recent hack was due to not having this 3 of 4 multisig in place:
https://thedefiant.io/compound-finance-fork-easyfi-loses-over-60m-in-admin-key-hack/
An attacker would have to compromise 3 out of the 4 computers on different networks and in different global locations also backed by hardware wallets in order to gain this level of access.
Gnosis Safe® has been created and OpenZeppelin Defender® has been set up. These provide easy to use and fully auditable histories of all interactions both with our funds wallets and for the smart contract deployer accounts.
We are working on adding various OpenZeppelin Sentinels and Autotasks accordingly around various parameters we feel we need to closely watch. The following metrics are being closely monitored as well as others:
- Flash loan attacks
- Whale detection
- High rewards harvesting or pending potential for yield farmers who are not project supporters dumping
- Large supply txn volume
- Price change of eRSDL or others
- Large volume of eRSDL or others
- Top X accounts of eRSDL whale SELL behaviour during launch period
- Liquidation calls and accounts calling them
Example show gnosis multi-sig wallet configuration:
Upgrading comptroller address screen for better controlled multisig updates. All major updates are needed to be approved by 3 company signatures in order to execute:
7. Smart Contract Auditing and Overall Systems Security of Reserve Lending
We engaged two companies for security audits of our smart contracts and will keep this as policy moving forward.
The SAFETY of our community is of utmost importance for all of our products. We will not launch until audits come back and any critical security bugs discovered during Alpha Testing are fixed.
Existing Audits (Smart Contract and economic security):
https://compound.finance/docs/security#audits
https://github.com/trailofbits/publications/blob/master/reviews/compound-3.pdf
Compound has been in production since late 2019. This means there has been a very big incentive to attempt various hacks of Compound because of its DeFi leadership position as measured by TVL being held in the smart contracts. We looked at existing hacks to estimate if there are any concerns or actions needed. Based on the minimal attacks on actual smart contract code we deemed there is no action to take right now except good monitoring and analytics to show potential Economic Attack anomalies.
Some security audits recommended some mid level fixes. We checked the commit history of Compound fork to see if they fixed the issue at a later date than our fork. This would indicate its importance and we should also address it. There were very minimal amount of these cases found so far.
We are relying on the previous Economic audit provided to Compound. Since we are a fork the same Economic attack vectors would be apparent in our platform as well.
https://compound.finance/docs/security#economic-security
We are adding operational monitoring metrics around some of the critical findings here to closely monitor these potential vectors.
Existing hacks on DeFi (and Compound) Reviewed:
https://hacken.io/researches-and-investigations/biggest-defi-hacks-of-2020-report/
Compound was not found on this list of top hacks.
Related potential hacks in 2021:
This was an Ironbank based attack. NOT users funds. Because we are not integrated with IronBank (yet) we are not vulnerable.
https://www.coindesk.com/everything-you-ever-wanted-to-know-about-the-defi-flash-loan-attack
This outlines the importance of proper trading markets and the integration of Chain Link Oracles to our platform.
We have an operational dashboard monitoring all prices, however, and have implemented RunBooks to deal with certain situations when we notice large price changes happening in short periods of time (especially around eRSDL). We also are setting up monitoring of flash loan based txns coming through our system.
https://hackingdistributed.com/2020/03/11/flash-loans/
Great information on the style of Flash Loan attacks and is greatly helping understand the shape of these large sets of transactions across DeFi protocols so we can better monitor/observe.
Audit companies:
Coinspect.com - Compound fork smart contract audit
https://drive.google.com/file/d/1DJnQgOSJ4ZUTQ97sa0PmUM77Opygxcvh/view?usp=sharing
Main issues found -
UFR-001 — _setCompAddress missing 0 address check
Solution (Fix): https://github.com/UnFederalReserve/unfederalreserve-protocol/commit/6c22aea875f33cb3283a3824afb27a0ddd78499a
UFR-002 — Outdated Solidity version — The 0.5.16 version requirement is set explicitly by the compound team and there is a risk of getting an unexpected behavior if bumped without a careful refactoring of the whole codebase. Compound decided to stay with this version so so will we.
UFR-003 — SimplePriceOracle missing access controls — We are not using this oracle at all. Nothing to do.
Bramah.systems - Compound fork smart contract audit.
https://docs.google.com/document/d/1-9tsEphZqW0SbbvVBLriBdgs_QvSTekcv-wg_g1r_Sw/edit?usp=sharing
Note that this document has comments that talk through each issues and resolutions. All resolutions were minor that were made and retested in staging environment accordingly.
Hacken - eRSDL Token Audit. For Tier1 exchanges
https://drive.google.com/file/d/1hNf3blLz41j7dT86z3O3q0lIHCyZuK9x/view?usp=sharing
We addressed this initial open issue fomr the audit accordingly and the auditor returned with the following GREEN report.
“https://etherscan.io/token/0x5218E472cFCFE0b64A064F055B43b4cdC9EfD3A6#readContract
see screenshot attached of owner function response for our token.
masteruncharman contract that gives staking rewards just like sushiswap contracts we forked.: https://etherscan.io/address/0xf8377270af0c864d2b3bab73bb16c65b05767549
for txn of assignment of ownership.. took a look at etherscan not sure how to pull that txn from there! is what i send to you above enough though? it should be right the contract owner() function shows the masterunchairman as owner..”
Final report (Passing):
https://drive.google.com/file/d/1hNf3blLz41j7dT86z3O3q0lIHCyZuK9x/view?usp=sharing
Oleksii Misnik - PEN Testing for Web Applications/DApps and backend operational systems. Report due this week and will be sent out in follow up addendum to this report. We only expect minor small configuration changes form this report and a few folks in our community have been running PEN testing tools already sending us issues.
For after launch we have engaged TrailOfBits for later audits in the Fall time frame based on their availability.
8. Smart Contract Platform Insurance of Reserve Lending
We are strongly considering the adoption of smart contract insurance for the platform. Details around the product definition and challenges is summarized in a nice article located here and here. Once our contracts are in production we may apply for these services quickly. Budget for such application is still being determined, and we are relying on eRSDL holder feedback to augment our considerations.
9. Top Tier Exchange Listing
The team is currently in discussions with a handful of the top exchanges. It is required that the exchange be properly licensed to custody and transmit tokens in the United States. A nice-to-have would include extra-jurisdictional authority, as plans to expand outside the United States begin to form.
10. Reserve Lending Platform CeFI integration
Most financial institutions in the United States rely on a finite set of software providers for their back-office, technical infrastructure. These products, which include ones by Oracle®, Jack Henry & Associates®, fiserv®, Avaloq® and q2ebanking®, have been tacitly and/or indirectly approved by U.S. regulators by way of the number of banks, credit unions, thrift institutions and other financial institutions adoption. It is incumbent upon us to make sure that Reserve Lending® integrates with at least one or more of those programs, as we work to integrate our platform into CeFi.
