Web3 Security Code of Conduct

Our general security code of conduct is a series or recommendations for protecting issuers and users (e.g., investors) form unwarranted access to protocol controls and assets.

Web3 Security Code of Conduct

The Web3 Security Code of Conduct for external parties is a comprehensive guideline that outlines best practices and measures to ensure the safety and integrity of blockchain projects for non-blockchain developers, business personnel, partners, and clients. This code of conduct focuses on secure data management, responsible collaboration processes, awareness of social engineering risks, and continuous improvement through engagement with all stakeholders. By adhering to these guidelines, external parties can contribute to the minimization of vulnerabilities, protection of valuable assets, security of users, and maintenance of trust in the projects they work on.

Security

  • Multi-signature wallets with hardware wallets are used for critical dapp operations.

  • Ledger (or similar) seed phrases are securely recorded offline ( i.e, cold storage).

  • Multi-signature wallets have a population of at least four participants. 3/N signature minimum but N/N signatures are not allowed (For example 4/4).

  • Bitwarden (or similar) is used for password management.

  • Bitwarden (or similar) uses randomized, unique passwords with a minimum of 8 characters.

  • A list of all project contracts, multi-signature wallets and EOA (externally owned accounts) wallets and who owns them (with email or contact info) exists.

  • Server keys that sign messages for user transactions are not stored publicly or are accessible to people who don't need it in the organization.

Best Practices

  1. A signed transaction always signifies full responsibility, as if the transaction was created by the signer.

  2. Never share private keys. If you wish to change a parameter (e.g., a wallet addres) or are compromised, please consult with your security team, transfer ownership onchain, or utilize another safe, documented mechanism.

  3. Exercise caution when discussing blockchain work, project details, and finances in public.

  4. Refrain from claiming ownership of any wallet - “I only work for the project, our security department handles blockchain operations”.

  5. Use Bitwarden (or similar) for password management to keep passwords secure and organized.

  6. Create randomized, unique passwords with Bitwarden (or similar), with a minimum of 8 characters, to increase password strength. This will reduce the likelihood of successful brute-force attacks.

  7. Ensure adherence to the code of conduct and update it regularly. These are recommended best practices, they can serve as a framework for the Dapp-specific policies.

Last updated