Security

How we approach security at C0D3R?

At C0D3R, we take security very seriously. Crypto is very fragile. Unfortunately, no provider can give you any guarantees, at least not truthfully. All the big exchanges with multi-billion-dollar market caps have disclaimers for theft and loss. Honesty is the only guarantee we can give, and we will be completely honest: We are no exception. This is simply the nature of the crypto world. But we do our best to protect your hard-earned tokens and investments. We believe that with proper design, attention to detail, and meticulous habits, it is possible to provide industry-leading security.

Here are some of the security countermeasures we have implemented. This is not a comprehensive list because we cannot disclose everything due to security concerns.

  • All validator node private keys are stored on a dedicated server. Private keys are encrypted with a master key, which is stored on an encrypted hard drive. That server has double firewalls (one by infrastructure provider, one by OS), and the combination of them allows NO inbound connections (except for brief amounts of time, and only for maintenance purposes).
  • All (encrypted) private keys are backed up every 30 minutes and stored in encrypted storage. This protects against loss of the keys due to server malfunction.
  • All validator nodes have only the relevant Pocket ports open to the world. Otherwise, they do not have any other open ports (except from extremely limited and specific IP ranges, and only for maintenance purposes). These servers call out when they need something or to send regular heartbeats. This approach is more secure than letting connections in.
  • All validator nodes have different SSH certificates and console passwords. All passwords are strong passwords (sufficiently complex and long). All keys are created with cryptographically secure random number generators.
  • All machines are automatically patched with security updates for OS and Pocket. They are automatically rebooted to allow patches to take effect.
  • All validator nodes are automatically updated within 72 hours with Pocket version upgrades and current configuration recommendations.
  • We offer two forms of two-factor authentication (SMS and authenticator app), and they can be used in parallel. We log sensitive activities (e.g. sign-in events) and audit for suspicious activity.
  • Similarly, we use two-factor authentication ourselves for all external critical services that we consume. We hold ourselves to high-security standards, passing on those benefits to you.
  • Development computers are dedicated for this purpose only, and not used for any other tasks. This is done to minimize the risk of malware infection to the development tools. They are all protected with encrypted hard drives.
  • We have a small development team, enabling us to keep sensitive information in a small circle, in good control.
  • We provide the option to automatically transfer unstaked tokens (e.g. relay rewards) to offline wallets of customers’ choice, minimizing losses if the worst happens. This also helps to keep the earnings together, allowing for more efficient use of them.
  • All code is written in so-called ‘managed’ programming languages, helping prevent common vulnerabilities such as buffer overruns, integer overflows, etc.
  • We do not reuse any virtual machines. They are destroyed after unstaking.
  • We prefer open-source software, services, and tools. When not possible, we use only the industry-wide known and respected hardware, development tools, OS, and infrastructure providers. Even our domain registrars, email providers, payment processors, SMS senders, development computer manufacturers, etc. are all by the top-tier providers. (As much as we want, for security reasons, we cannot disclose the specific names.)
  • We use the latest standard HTTPS protocols and industry-standard TLS protocols and certificates. This is true for validator nodes, servers, and database connections.
  • We use certificate pinning for critical resources, to prevent the so-called man-in-the-middle attacks.