Centaur Emergency Withdraw: The Use of Timelock and Multi-signatures
Cybercriminals are increasingly targeting cryptocurrency platforms and dApps with various technical and economic attacks. Centaur Swap employs a dual-pronged strategy using both multi-signature addresses (multisig) and timelock to defend our platform against such attacks while increasing transparency across the board.
In the event of an attack or liquidity crisis, Centaur Swap has deployed an emergency withdraw function that allows the team to withdraw all liquidity in the pools and farms. In line with our CeDeFi approach, centralisation functions serve as a failsafe layer and we can withdraw the liquidity if the platform gets compromised and return it afterwards. It could also be utilised in the event of an unforeseen technical or calculation error that locks up liquidity (as is the case in some recent platforms). However, during our economic audit, this mechanism was flagged as posing a very high risk of a rug pull, in which the liquidity provider pulls all liquidity. In its current form, the contract owner address could instantly withdraw everything.
After discussions with blockchain cybersecurity experts Halborn, we decided to amend the structure to a timelock + multisig approach.
A multisignature address is a smart contract requiring more than one private key to authorize transactions. They are less susceptible to fraud since it would require stealing multiple signatures to execute any transaction. Account configurations differ with m keys out of a total n keys required to execute a transaction on the blockchain. A 2-of-2 multisig address requires signatures from both signatories whereas a 2-of-3 address requires 2 of 3 keys to sign to validate the transaction.
A timelock is meant to provide users with a ‘lead time’ as the timelock countdown must be called in advance. Furthermore, since these transactions are made on the blockchain, their implementation is public and transparent.
If an attacker were to attempt to pull liquidity from the platform, liquidity providers would be able to withdraw their money during the timelock and the team can also take steps to fix the issue and put out warnings.
Centaur Timelock + Multisig Withdrawal
In the case of an emergency withdraw situation at Centaur, a timelock of 24 hours and multisig with 6-of-6 approval (co-founders + technical leads) would be required to initiate the withdrawal.
The timelock contract would require the emergency withdraw function to have a 24-hour lead time (as opposed to the instant activation in its current iteration). Since this function must be called on-chain, it is transparent in nature and independent developers can subscribe to it for alerts. If the platform is compromised, users have a 24-hour window to withdraw liquidity, which in itself would discourage liquidity runs.
As an additional layer of security, a multisig with six individuals is required to approve the transaction to start the 24-hour countdown and again for the withdrawal after the timelock. The multisig uses Gnosis, a well-established and trusted industry leader in digital asset management. The timelock contract will be audited prior to deployment.
By combining the best elements of decentralised finance with measured regulatory control, Centaur is bridging DeFi and traditional finance. For more information, please visit our website, join our Telegram community discussion group and announcement channel.