Comment on page
Socket Infrastructure
Smart Contract & Backend security
We borrow from our extensive experience in the space, learn from previous hacks & consider every smallest detail to ensure there is no room for exploit.
Some important points to note:
- Our contracts never actually hold funds, they are only responsible for routing user funds. So the surface area of exploits is extremely small
- Our contracts have been audited. Moreover, additional audits have been scheduled with top audit firms
- No proxies or upgradable contracts. Every bridge is a module which points to the bridge contract. We can never edit this module, or the address this module points to. Owner contract can only ‘rescueFunds’ or ‘pause’ the contracts
- No Infinite Approvals on Bungee & Widget: Learning from instances where hackers drained user funds because of infinite approvals, we ensure we don’t take infinite approvals on our app/widget
Socket Backend Security
There exist cases where APIs provided by third party providers can return rogue tx-data due to an attack. To ensure you stay protected, we are working on solidity
socket-verifier
libs that allow you to validate the following:- The target address is associated with Socket
- The
tx.input
provided has the parameters set according to your request
socket-verifier
lib would be accessible on-chain via a view/pure solidity function that would return the params in the tx.input
allowing clients to validate the transaction data against the params they providedLast modified 11mo ago