
Security at Stride
Apr 12, 2023
· 2 min read
Appchain and smart contract security is a complex problem. However, if we use careful planning and engineering, we can minimize the chance of attacks occurring, and mitigate any potential damage in a worst-case scenario.
Stride’s top priority is security; it always has been and always will be. Security is particularly important in the interchain, where value flows between interconnected sovereign chains.
Overview
Stride Swap smart contracts on the Cosmos Hub are audited by best in the industry, and build off Uniswap V3, the most battle tested modern AMM in existence.
Stride’s L1, where liquid staked tokens are issued, is a secure minimalist blockchain. The Stride codebase has been fully audited by numerous security firms, and receives continuous auditing from Informal Systems, a leading expert on the Cosmos SDK and IBC. And the Stride blockchain is protected by IBC rate-limiting.
Stride security is powered by a combination of:
1. Minimalistic design at its core: small attack surface, fewer moving parts means fewer edge cases to consider.
For Stride Swap, the meat and bones are similar to Uniswap V3 with minimal changes. Advanced trading features are compartmentalized to separate scope and minimize risk.
On the L1, no features that aren’t core to liquid staking. Rather, do liquid staking simply and safely, do it right.
2. True decentralization.
Stride L1 uses decentralized proof-of-stake Tendermint consensus.
3. On-chain fail safes that monitor and mitigate malicious behavior
On Stride Swap, pool balances and deposits are actively monitored.
On Stride L1, if the protocol detects any anomalies with a host zone, it will prevent transfers of those tokens off of Stride, and disable liquid staking until protocol governance can verify nothing harmful occurred. Per-transaction protection against infinite mint bugs. Unbonding cancellation failsafe for malicious unbondings
4. IBC rate limiting limits how much can be IBC transferred over a time period.
On Stride Swap: We built the IBC rate limiting module the Cosmos Hub uses, protecting Stride Swap deposits.
On Stride L1: In the event of an attack (e.g. an infinite mint), this limits the total funds lost to a small percentage of staked assets.
5. Rigorous point-in-time audits on Stride L1: Informal Systems (5x), Oak, Certik
6. Ongoing quarterly Stride Swap audits from Informal Systems
7. Incredibly rigorous SDK testing processes
Deployment integration tests
Unit tests across the codebase
Custom firehose testing framework simulates thousands of users
Full state verification and local simulation for software upgrades: (1) Test local chain with the software upgrade (2) Use “localstride” to run the software upgrade on mainnet state (3) Use custom infrastructure to compare state before and after an upgrade, and independently verify that only state that we expect is changing
8. Novel interchain testing suite
IBC and ICA mocking tests
Four-step multichain testing pipeline before onboarding new zones: (1) Local <> Local (2) Local <> Testnet (3) Local <> Mainnet (4) Mainnet <> Mainnet
9. Extensive mainnet monitoring and alerting stack to track protocol logic (delegations, reinvestment etc.)
Caveat
While Stride's top goal will always be security, there are risks with any DeFi protocol. Like any piece of software, Stride could get hacked or have unexpected bugs that could result in a loss of funds or other unexpected behavior. Nothing in this document should be considered legal advice.