Search
K
Comment on page

Socket Infrastructure

Smart Contract & Backend security

Socket Contract Security

We borrow from our extensive experience in the space, learn from previous hacks & consider every smallest detail to ensure there is no room for exploit.
Some important points to note:
  • Our contracts never actually hold funds, they are only responsible for routing user funds. So the surface area of exploits is extremely small
  • Our contracts have been audited. Moreover, additional audits have been scheduled with top audit firms
  • SocketLL contracts are open source & verified on Etherscan
  • No proxies or upgradable contracts. Every bridge is a module which points to the bridge contract. We can never edit this module, or the address this module points to. Owner contract can only ‘rescueFunds’ or ‘pause’ the contracts
  • No Infinite Approvals on Bungee & Widget: Learning from instances where hackers drained user funds because of infinite approvals, we ensure we don’t take infinite approvals on our app/widget
Socket Backend Security
There exist cases where APIs provided by third party providers can return rogue tx-data due to an attack. To ensure you stay protected, we are working on solidity socket-verifier libs that allow you to validate the following:
  • The target address is associated with Socket
  • The tx.input provided has the parameters set according to your request
socket-verifier lib would be accessible on-chain via a view/pure solidity function that would return the params in the tx.input allowing clients to validate the transaction data against the params they provided