User Security Measures

Overview

Several measures have been taken to ensure the integrity and resilience of the deployed smart contracts. These measures are designed principally to ensure the safety of protocol assets, but also to ensure reasonable governance occurs.

Below is a list of some, but not all, of the user security measures CAMP has implemented across the deployed smart contracts.

Measures

Only whitelisted user wallet addresses are able to successfully mint & redeem USDca. This seeks to ensure that only non-malicious actors are able to call the aforementioned functions.
Provided backing assets are only able to be sent from the CAMP Minting contract to whitelisted wallet addresses of our OES provider partners. This ensures protocol backing is not able to be diverted to improper wallets and protocol funds enjoy the legal and governance protections without interruption.
- Updating the whitelisted addresses in the CAMP Minting contract requires a multi-sig transaction by members of both CAMP & external responsible parties.
Mint/Redeem Smart contract keys are generated in an air-gapped secure manner whereby a single person is not able to access these keys.
A small proportion of the protocol's total assets are kept in EOA wallets. Secure multi-sig approval process is required for major fund transfers.
Internal pricing sourced from multiple centralized exchanges is constantly validated with external sources such as Pyth and Redstone to ensure integrity.
Numerous are performed throughout the system + workflow to ensure the integrity of the system.
Separate GATEKEEPER_ROLE roles across the smart contract exist to detect unusual mint/redeem transactions and immediately disable the mint/redeem functionality upon unexpected behavior.
The DEFAULT_ADMIN_ROLE and owner smart contract roles are all multi-sig keys and are securely stored in cold wallets.

Security Measure

Action Taken by CAMP

Purpose & Benefit

Handling of Mint/Redeem Keys

CAMP securely generated mint/redeem keys are stored safely in AWS secrets manager. Exist on production machines upon deployment only which has critically restricted access.

Ensures no unauthorized access, safeguarding users and the protocol from potential mint/redeem key compromises.

Address Validity

Only whitelisted addresses can receive backing assets. Withdrawals restricted to whitelisted custodian addresses.

Minimises risk of sending funds to incorrect addresses, ensuring targeted and secure end to end mint/redeem flows.

On-Chain Fund Management

Avoid keeping large sums in EOA wallets. Secure multi-sig approval process for major fund transfers.

Safeguards protocol assets and protects from unintended fund movements.

Ensuring Correct Pricing

Validate internal pricing consistently against third-party sources. Real-time checks and balance measures.

Accurate pricing is essential, ensuring users get the best value and protocol remains stable.

Hedging Processes

Robust checks and balances for hedging, including block number validations and system health checks.

Ensures orders are handled correctly and reliably, minimising potential order execution errors.

Protecting against Adverse Selection

Employ a last-look architecture, whitelist market makers, and set tight windows for quote validity.

Priorities giving users the best pricing and protects against potential manipulations or unfair play.

Gas Estimation

Maintain a limited ETH balance for transactions and monitor gas fees to prevent overpayment.

Ensures users are not overcharged due to gas estimation errors, preserving user funds.

Strict Order Submission

Only whitelisted users can submit orders, which must meet CAMP’s validation criteria.

Protects the system against malicious public internet orders, only genuine requests are processed.

Robust Role Management

Distinct gatekeeper roles for monitoring and managing unusual mint/redeem transactions.

Specialised roles allow for targeted oversight and faster response to potential security threats.

Cold Storage of Multi-Sig Keys

Admin and owner multi-sig keys of all contracts are securely stored in cold wallets.

Enhances security by reducing exposure of essential keys to online threats.

PreviousOrder Validity Checks NextMint & Redeem Key Functions

Last updated 8 months ago

Overview

Below is a list of some, but not all, of the user security measures CAMP has implemented across the deployed smart contracts.

Measures

Only whitelisted user wallet addresses are able to successfully mint & redeem USDca. This seeks to ensure that only non-malicious actors are able to call the aforementioned functions.

Provided backing assets are only able to be sent from the CAMP Minting contract to whitelisted wallet addresses of our OES provider partners. This ensures protocol backing is not able to be diverted to improper wallets and protocol funds enjoy the legal and governance protections without interruption.

Updating the whitelisted addresses in the CAMP Minting contract requires a multi-sig transaction by members of both CAMP & external responsible parties.

Mint/Redeem Smart contract keys are generated in an air-gapped secure manner whereby a single person is not able to access these keys.

A small proportion of the protocol's total assets are kept in EOA wallets. Secure multi-sig approval process is required for major fund transfers.

Internal pricing sourced from multiple centralized exchanges is constantly validated with external sources such as Pyth and Redstone to ensure integrity.

Numerous are performed throughout the system + workflow to ensure the integrity of the system.

Separate GATEKEEPER_ROLE roles across the smart contract exist to detect unusual mint/redeem transactions and immediately disable the mint/redeem functionality upon unexpected behavior.

The DEFAULT_ADMIN_ROLE and owner smart contract roles are all multi-sig keys and are securely stored in cold wallets.

Security Measure

Action Taken by CAMP

Purpose & Benefit

Handling of Mint/Redeem Keys

CAMP securely generated mint/redeem keys are stored safely in AWS secrets manager. Exist on production machines upon deployment only which has critically restricted access.

Ensures no unauthorized access, safeguarding users and the protocol from potential mint/redeem key compromises.

Address Validity

Only whitelisted addresses can receive backing assets. Withdrawals restricted to whitelisted custodian addresses.

Minimises risk of sending funds to incorrect addresses, ensuring targeted and secure end to end mint/redeem flows.

On-Chain Fund Management

Avoid keeping large sums in EOA wallets. Secure multi-sig approval process for major fund transfers.

Safeguards protocol assets and protects from unintended fund movements.

Ensuring Correct Pricing

Validate internal pricing consistently against third-party sources. Real-time checks and balance measures.

Accurate pricing is essential, ensuring users get the best value and protocol remains stable.

Hedging Processes

Robust checks and balances for hedging, including block number validations and system health checks.

Ensures orders are handled correctly and reliably, minimising potential order execution errors.

Protecting against Adverse Selection

Employ a last-look architecture, whitelist market makers, and set tight windows for quote validity.

Priorities giving users the best pricing and protects against potential manipulations or unfair play.

Gas Estimation

Maintain a limited ETH balance for transactions and monitor gas fees to prevent overpayment.

Ensures users are not overcharged due to gas estimation errors, preserving user funds.

Strict Order Submission

Only whitelisted users can submit orders, which must meet CAMP’s validation criteria.

Protects the system against malicious public internet orders, only genuine requests are processed.

Robust Role Management

Distinct gatekeeper roles for monitoring and managing unusual mint/redeem transactions.

Specialised roles allow for targeted oversight and faster response to potential security threats.

Cold Storage of Multi-Sig Keys

Admin and owner multi-sig keys of all contracts are securely stored in cold wallets.

Enhances security by reducing exposure of essential keys to online threats.