232 lines
5.8 KiB
Markdown
232 lines
5.8 KiB
Markdown
|
|
# Security Best Practices Guide
|
||
|
|
|
||
|
|
## Overview
|
||
|
|
|
||
|
|
This document outlines security best practices for using the admin panel, especially when managing critical smart contracts like MainnetTether and TransactionMirror.
|
||
|
|
|
||
|
|
## Multi-Signature Wallets
|
||
|
|
|
||
|
|
### Why Use Multi-Sig?
|
||
|
|
|
||
|
|
- **Enhanced Security**: Requires multiple approvals for critical operations
|
||
|
|
- **Key Redundancy**: No single point of failure
|
||
|
|
- **Audit Trail**: All approvals are logged and traceable
|
||
|
|
- **Best Practice**: Industry standard for managing high-value contracts
|
||
|
|
|
||
|
|
### Recommended Setup
|
||
|
|
|
||
|
|
1. **Use Gnosis Safe** for admin wallet
|
||
|
|
- Deploy a Safe wallet with 3-5 owners
|
||
|
|
- Set threshold to 2-3 (requires majority approval)
|
||
|
|
- Use hardware wallets as owners when possible
|
||
|
|
|
||
|
|
2. **Hardware Wallet Integration**
|
||
|
|
- Connect Ledger or Trezor as Safe owner
|
||
|
|
- Provides physical security for keys
|
||
|
|
- Required confirmation on device for all transactions
|
||
|
|
|
||
|
|
3. **Owner Distribution**
|
||
|
|
- Distribute owners across different individuals/devices
|
||
|
|
- Avoid all owners on same network/system
|
||
|
|
- Use time-locked actions for critical changes
|
||
|
|
|
||
|
|
## Key Management
|
||
|
|
|
||
|
|
### Private Keys
|
||
|
|
|
||
|
|
- **Never Share**: Private keys should never be shared or stored in plain text
|
||
|
|
- **Hardware Wallets**: Use hardware wallets for admin accounts
|
||
|
|
- **Backup**: Store hardware wallet seed phrases securely offline
|
||
|
|
- **Rotation**: Rotate keys periodically (every 6-12 months)
|
||
|
|
|
||
|
|
### Encryption
|
||
|
|
|
||
|
|
- Use the built-in `SecureStorage` for sensitive data
|
||
|
|
- Encrypt backups before storing
|
||
|
|
- Use strong, unique passwords for encryption
|
||
|
|
- Store encryption keys separately from encrypted data
|
||
|
|
|
||
|
|
## Access Control
|
||
|
|
|
||
|
|
### Role-Based Access
|
||
|
|
|
||
|
|
1. **Super Admin**: Full access (1-2 people max)
|
||
|
|
2. **Operator**: Can execute pause/unpause (trusted team members)
|
||
|
|
3. **Viewer**: Read-only access (analysts, auditors)
|
||
|
|
|
||
|
|
### Permission Management
|
||
|
|
|
||
|
|
- Review permissions regularly
|
||
|
|
- Remove access immediately when team members leave
|
||
|
|
- Use function-level permissions for fine-grained control
|
||
|
|
- Audit permission changes
|
||
|
|
|
||
|
|
## Transaction Security
|
||
|
|
|
||
|
|
### Before Executing
|
||
|
|
|
||
|
|
1. **Preview First**: Always use Transaction Preview before executing
|
||
|
|
2. **Verify Parameters**: Double-check all function arguments
|
||
|
|
3. **Gas Optimization**: Use Gas Optimizer to avoid overpaying
|
||
|
|
4. **Confirm Addresses**: Verify contract addresses are correct
|
||
|
|
|
||
|
|
### Multi-Sig Workflow
|
||
|
|
|
||
|
|
1. Create proposal with clear description
|
||
|
|
2. Wait for required approvals
|
||
|
|
3. Review all approvals before execution
|
||
|
|
4. Execute only after threshold reached
|
||
|
|
5. Monitor transaction on Etherscan
|
||
|
|
|
||
|
|
### Time-Locked Actions
|
||
|
|
|
||
|
|
- Use time-locked actions for critical changes (admin transfer, threshold changes)
|
||
|
|
- Provides time for review and cancellation if needed
|
||
|
|
- Recommended minimum: 24-48 hours
|
||
|
|
|
||
|
|
## Emergency Procedures
|
||
|
|
|
||
|
|
### Emergency Pause
|
||
|
|
|
||
|
|
1. **When to Use**:
|
||
|
|
- Suspected security breach
|
||
|
|
- Critical bug discovered
|
||
|
|
- Unusual activity detected
|
||
|
|
|
||
|
|
2. **How to Execute**:
|
||
|
|
- Use Emergency Controls tab
|
||
|
|
- Verify emergency is legitimate
|
||
|
|
- Execute pause immediately
|
||
|
|
- Notify team members
|
||
|
|
- Investigate cause
|
||
|
|
|
||
|
|
### Recovery
|
||
|
|
|
||
|
|
1. **Investigate**: Identify root cause
|
||
|
|
2. **Fix**: Resolve the issue
|
||
|
|
3. **Test**: Test fix thoroughly
|
||
|
|
4. **Unpause**: Resume operations after verification
|
||
|
|
5. **Document**: Update documentation with lessons learned
|
||
|
|
|
||
|
|
## Audit Logging
|
||
|
|
|
||
|
|
### Best Practices
|
||
|
|
|
||
|
|
- Review audit logs regularly (weekly)
|
||
|
|
- Export logs for long-term storage
|
||
|
|
- Monitor for suspicious activity
|
||
|
|
- Alert on unusual patterns
|
||
|
|
|
||
|
|
### What Gets Logged
|
||
|
|
|
||
|
|
- All admin actions (create, update, execute)
|
||
|
|
- Permission changes
|
||
|
|
- Multi-sig approvals
|
||
|
|
- Hardware wallet connections
|
||
|
|
- Emergency actions
|
||
|
|
|
||
|
|
## Network Security
|
||
|
|
|
||
|
|
### Network Access
|
||
|
|
|
||
|
|
- Use secure networks (avoid public WiFi)
|
||
|
|
- Consider VPN for remote access
|
||
|
|
- Limit admin panel access to authorized IPs (if possible)
|
||
|
|
- Use firewall rules to restrict access
|
||
|
|
|
||
|
|
### Browser Security
|
||
|
|
|
||
|
|
- Keep browsers updated
|
||
|
|
- Use browser extensions sparingly
|
||
|
|
- Clear cache/sessions regularly
|
||
|
|
- Use incognito mode for sensitive operations (optional)
|
||
|
|
|
||
|
|
## Contract Interaction Security
|
||
|
|
|
||
|
|
### Verification
|
||
|
|
|
||
|
|
- Always verify contract addresses before interaction
|
||
|
|
- Use verified contracts on Etherscan
|
||
|
|
- Check contract source code matches expected behavior
|
||
|
|
- Verify ABI matches deployed contract
|
||
|
|
|
||
|
|
### Gas Optimization
|
||
|
|
|
||
|
|
- Use recommended gas prices from Gas Optimizer
|
||
|
|
- Avoid transactions during network congestion
|
||
|
|
- Set appropriate gas limits
|
||
|
|
- Monitor gas costs
|
||
|
|
|
||
|
|
## Incident Response
|
||
|
|
|
||
|
|
### If Compromise Suspected
|
||
|
|
|
||
|
|
1. **Immediate Actions**:
|
||
|
|
- Pause all contracts (Emergency Controls)
|
||
|
|
- Disconnect all wallet connections
|
||
|
|
- Change all passwords/keys
|
||
|
|
- Notify team immediately
|
||
|
|
|
||
|
|
2. **Investigation**:
|
||
|
|
- Review audit logs
|
||
|
|
- Check transaction history
|
||
|
|
- Identify attack vector
|
||
|
|
- Document findings
|
||
|
|
|
||
|
|
3. **Recovery**:
|
||
|
|
- Secure all accounts
|
||
|
|
- Deploy fixes if needed
|
||
|
|
- Update security measures
|
||
|
|
- Resume operations after verification
|
||
|
|
|
||
|
|
## Regular Security Audits
|
||
|
|
|
||
|
|
### Monthly
|
||
|
|
|
||
|
|
- Review audit logs
|
||
|
|
- Check for unusual activity
|
||
|
|
- Update dependencies
|
||
|
|
- Review permissions
|
||
|
|
|
||
|
|
### Quarterly
|
||
|
|
|
||
|
|
- Security audit of codebase
|
||
|
|
- Penetration testing (if applicable)
|
||
|
|
- Review and update security policies
|
||
|
|
- Rotate keys if needed
|
||
|
|
|
||
|
|
### Annually
|
||
|
|
|
||
|
|
- Comprehensive security review
|
||
|
|
- Third-party security audit
|
||
|
|
- Update all dependencies
|
||
|
|
- Review and update all documentation
|
||
|
|
|
||
|
|
## Additional Recommendations
|
||
|
|
|
||
|
|
### Monitoring
|
||
|
|
|
||
|
|
- Set up alerts for critical operations
|
||
|
|
- Monitor contract states continuously
|
||
|
|
- Use real-time monitoring features
|
||
|
|
- Track gas prices and network conditions
|
||
|
|
|
||
|
|
### Documentation
|
||
|
|
|
||
|
|
- Keep security procedures documented
|
||
|
|
- Update runbooks regularly
|
||
|
|
- Document all security incidents
|
||
|
|
- Share learnings with team
|
||
|
|
|
||
|
|
### Training
|
||
|
|
|
||
|
|
- Train team members on security best practices
|
||
|
|
- Conduct security drills
|
||
|
|
- Keep security knowledge up to date
|
||
|
|
- Review incidents as learning opportunities
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
**Last Updated**: 2025-01-22
|
||
|
|
**Priority**: Critical reading before production use
|