Credix’ layered security model
At Credix, we’re building the future of global credit markets. We build on the most advanced decentralized technologies to achieve this goal, while always taking a security-first approach, both from a technology standpoint as from a development and methodology standpoint. That’s why we’ve introduced several layers of security to the Credix platform as visualized below:
Tests — tests — tests
The test suite runs automatically on every change of the smart contracts, client, and app; ensuring that old features still function as expected when introducing changes.
Upon the release of bigger features (e.g. tranching, secondary market, etc.), we work together with specialized smart contract audit firms. We leveraged Certik’s experience for the first audit back in December 2021. The report can be found 👉 here 👈. In June 2022, we had our V2 audited by Halborn. The report can be found 👉 here 👈.
All stakeholders have to be whitelisted by Credix. On a technical note, we issue a Credix pass on-chain after all legal, compliance and commercial obligations of our stakeholders are met. This Credix pass lists the permissions for the stakeholder; a borrower is only allowed to interact with the borrower-related program instructions, just like an investor is only able to invest and withdraw (after a specific lockup time). Every instruction does a check for this Credix pass, shielding the program from any external actors or attackers.
KYC/KYB’d stakeholders only
Credix is a fully permissioned marketplace; meaning that all stakeholders have to identify themselves. Individuals (e.g. accredited investors) have to go through a KYC (know your customer) process; businesses (e.g. institutional investors) have to go through a KYB (know your business) process. This process only needs to be performed once during onboarding. Once the onboarding is completed; an on-chain proof is issued to the wallet of the individual/business. This proof is needed to interact with the Credix platform.
The Credix platform leverages several tokens to keep track of the investments and accrued yield. The LP token is issued when investing in the liquidity pool of a market. Tranche tokens are issued when investing in junior tranches of specific deals.
Due to regulatory ambiguity, today none of our tokens can be made transferable as a KYB’d/whitelisted investor could transfer its LP tokens to a non-KYB/C’d investor. Therefore, all of our tokens are made non-transferable. This not only makes Credix comply with regulations but also stops hackers from transferring tokens from your wallet in case of a wallet exploit. We are working on an OTC desk and secondary market to make transfers between trusted stakeholders possible.
If you want to learn more about how we tackle security at Credix, I recently did an AMA with Halborn explaining the above and more. Check it out!