Introducing Time-Lock: Stader's latest security feature
Security is our #1 priority at Stader. Learn how the introduction of Timelock will make our system even more secure and eliminate the possibility of an exploit due to single signatory.
As we have reiterated time and again, security of user funds is our #1 priority at Stader. In light of the exploit on Ankr’s BNB liquid token aBNBc , By employing multi-sigs all through, we have eliminated the possibility of a similar incident happening.
Ankr's exploit
Ankr’s contract was controlled through an account with only one signatory, Stader BNBx on the other hand already has a 3/5 multi-sig in place (3 external signers, 2 internal signers). This means that the loss of a single private key or the actions of a single bad actor cannot lead to rogue changes being made to the contract. The presence of external signatories also ensure that the Stader team cannot make a unilateral decision to change the contract.
However, we are not stopping there, to further enhance the security we have now added a Time Lock for changes to the contract, so in the unlikely event that there is a breach, we have time to alert our partners and take remedial action
At its core, time lock is a smart contract that delays function calls of another contract for a predetermined amount of time. Stader BNB has added this time lock for making upgrades to its smart contracts, thus adding another layer of security to its multi-sig driven contracts.
How Does it Work?
Previously, for an admin to make upgrades to the contract, they would have to create a proposal and get approval from the multi-sig to execute changes on the target contract as shown below:
With the implementation of timelock, all changes to the smart contract will be governed by the time lock contract. Once an admin proposes a change to upgrade the contract, and the multi-sig approves the change which then flows into the time lock before reaching the target contract. The time lock introduces a delay in execution which acts as a period for all stakeholders to review the changes and take necessary action if found malicious.
At Stader we recognise that ensuring the security of our users is a continuous exercise of improving our platform design and operational processes.With this update, we are confident that we are the safest liquid staking solution on BNB.