Security Approach

Security First Approach

Layers of Security

Through the implementation of a layered security approach, Cloudax ensures that funds deposited from all users (yield farms and pools alike) are safe when entered into the Cloudax platform.

These layers include:

  1. Code

  2. Internal testing / alpha testing

  3. Design of pool market (ie isolated pools and a “closed” system, )

  4. 3rd party audits & Bug bounties

1. Code

As a native L2 protocol built on Arbitrum, we have purpose built our code to optimize the features on Cloudax for maximized platform usage, while implementing several measures in code to prevent known attack vectors such as:

  • Admin actions are protected behind a delay/timelock and multisig, no hot/cold wallet with admin access

  • Cloudax implements support for ERC-4626 vaults to ensure industry standards of security and structure are met

  • All public methods disallow re-entrancy to prevent this common security vulnerability

  • Strategies and core logic can be updated in order to respond to changing external factors or security issues

  • In the future, critical functions such as approving new pools and farms can be delegated to token holders / DAO

These measures, along with lessons learned from other protocol exploits, help Cloudax to prevent malicious actors from compromising funds stored on the platform.

2. Internal Testing/Alpha Testing

The Cloudax team has an extensive internal testing process that involves both manual and automated testing, including rigorous unit testing, as well as alpha testing with a select group of users.

Before any platform features are released for public use, they undergo thorough testing in a controlled environment, stress tested for exploits.

3. Design of Market/Pools/Vaults system

Cloudax Finance utilizes a variation on the “isolated market” structure. All assets are kept and controlled within the Cloudax ecosystem and only allowed to interact with whitelisted contracts, so while not “isolated” in the traditional sense of the term, in effect the pools are “isolated”.

4. Third Party Audits & Bug Bounties

Cloudax employs third-party auditors to review their code and protocols on a regular basis. While audits are not perfect, this helps to ensure that potential vulnerabilities are identified and addressed before they can be exploited.

Cloudax will engage in multiple Audits as the protocol grows to ensure secure scaling of product offerings. Additionally Cloudax, is maintaining a long term relationship with Auditors for ongoing exploit reviews in between Formal Audits.

To further enhance security measures, Cloudax offers a bug bounty program. This encourages researchers and developers to report any potential vulnerabilities they discover, and rewards them with a financial incentive.

An official bug bounty will be released with all the information related to the program in our Public GitHub; more information to be released on this in the coming future

PreviousRoadmapNextContracts

Last updated