Approach

Security and Architectural Integrity

Chainspot has undergone multiple security audits conducted by leading blockchain security firms, including:

• HashEx Audit Report

• DeCurity Audit Report

The protocol's architecture is designed to ensure that, regardless of the attack vector, the funds placed in yield protocols remain secure. The process of exchanging and transferring assets at optimal rates between networks is carried out exclusively through verified and reliable liquidity protocols.

To implement this architecture, we adhere to several design principles and utilize various technical approaches within our security policy, covering all components of the Chainspot infrastructure:

• On-chain Component: This includes Chainspot’s smart contracts and the inherited smart contracts from the Asterizm smart contract abstraction for cross-chain messaging, facilitating omnichain LP tokens.

• Off-chain Component: This encompasses liquidity and yield protocol aggregation modules, along with the Asterizm-based client server for cross-chain operations involving omnichain LP tokens.

On-chain Component

Chainspot employs several sets of smart contracts to interact with user funds securely:

1. Liquidity Management Contracts: These contracts are responsible for the exchange and transfer of user funds, facilitating seamless transactions without holding any user assets.

2. Yield Management Contracts: Designed to manage user funds within various yield protocols, these contracts are also responsible for issuing cross-chain native LP tokens derived from DeFi positions.

To enhance security, the yield management contracts are designed as non-upgradable and non-custodian. This structure ensures that user funds cannot be withdrawn without a transaction signed with the user's private key, providing a robust defense mechanism even if the owner address of all Chainspot contracts is compromised.

The liquidity management contracts function exclusively in a proxy manner. They do not store user funds but rather act upon requests that include signed messages from the user's private key, alongside the requested exchange rate for transactions or deposits.

Moreover, the issuance, transfer between networks, and burning of cross-chain native LP tokens from user DeFi positions occur in a decentralized manner. This process leverages the cross-chain messaging infrastructure of Asterizm, which utilizes cryptography and on-chain validation to ensure the integrity and validity of cross-chain transactions.

Off-chain Component

As outlined in the Architecture -> Overview section, the off-chain components of Chainspot are exclusively tasked with analytical functions. This includes optimizing the routing of funds for exchange, assembling callData based on data obtained via API from liquidity protocols, and managing user participation within the loyalty program.

Importantly, the off-chain modules of Chainspot do not have access to user funds, nor do they engage with any proprietary liquidity. This design enhances security and minimizes risks associated with fund handling.

To ensure robust security, all Chainspot servers—including the frontend—have undergone thorough security audits. They are fortified with Cloudflare and anti-DDoS services to protect against attacks. Additionally, to prevent any unauthorized modifications to the source code of off-chain modules, XDR (Extended Detection and Response) tools are employed. This safeguard ensures that even in the event of server breaches, no changes can be made to the frontend or API of the service.