By William Morriss, TrustToken Security Engineer
At TrustToken, we are committed to using the most advanced security practices to ensure the reliability of each token we issue. We employ many layers of security, a strategy known as defense-in-depth. Some of these layers include:
- Smart contract and mint security
- Enterprise-grade cloud security protecting our application
- Modern information security procedures
- Audits from multiple external security firms
In this article I will discuss each of these in brief and how they ensure the backing of every TrueUSD in circulation as well as the privacy of our customer data.
Smart Contract and Mint Security
A ratification process in the TrueUSD smart contracts protects the system from issuing unauthorized mints. We supplement our automated monitoring and verifications with a team of mint security officers who manually validate that every mint corresponds to a settled incoming wire, that the mint is the correct amount, and that the mint is going to the correct address. The mint lives in a hot wallet, while ratification keys are kept in cold storage, safely disconnected from the Internet.
Several projects in the Ethereum ecosystem have lost tens of thousands or even millions of dollars because of unexpected issues with their smart contracts. We have prioritized taking all necessary precautionary measures to protect TrueUSD holders against smart contract attacks. Our smart contract code has been independently audited by three smart contract security firms: Certik, SlowMist, and Zeppelin. None found any exploitable vulnerabilities. Our SlowMist audit is publicly available here. Though we have great confidence in our blockchain engineers, we will continue seeking audits for new smart contracts in order to mitigate this kind of risk.
Web Security Architecture
We protect our web application with a modern cloud architecture, leveraging the most modern cloud security solutions. Cloudflare’s worldwide CDN mitigates DDoS attacks, and their Web Application Firewall restricts access to our server. Heroku has developed a secure application platform on top of Amazon Web Services. They keep our application secure against new kinds of threats, automatically deploying security updates to patch vulnerabilities. An overview of Heroku’s security practices is available here.
Data Privacy
To protect the privacy of our customers, our client data is encrypted both in-transit and at-rest with AES-256. Further, database access is restricted per-request and per-query to authenticated parties. Our authentications expire, so older codes don’t check out. A client-side Content Security Policy (CSP) restricts code execution to scripts from trusted sources, protecting our customers from XSS attacks that could otherwise steal their data or impersonate them. We also utilize DKIM, SPF, and DMARC to deter email spoofing.
Internal Information Security
We have trained our employees to follow a strict Information Security Policy regulating the handling of company devices, passwords, and facilities. Our devices utilize encrypted storage, and lost devices are remotely wiped. Staff must use different passwords for each service, and staff accounts are decommissioned upon termination. Our policies and training help to mitigate social engineering attacks such as phishing, pretexting, and tailgating.
Continuous Testing and Improvement
We continuously iterate on our practices to mitigate risk. Our security systems and procedures are audited by Coalfire, a leading security firm.
If you believe you have found an issue with our security, please reach out to security@trusttoken.com. We appreciate any communications that may lead to more secure tokenization, and take these reports very seriously.
