Upgraded NearX: Multi-Layer Security

Hey NEAR fam,

Upgraded NearX: Multi-Layer Security

Hey NEAR fam,

Thank you so much for your patience & support. The aftermath of the NearX incident has been a period of deep reflection and learning for us at Stader.

For Stader, community is paramount & we are reimbursing people in full for the ~165K Near that was drained from the LPs. Here is the detailed reimbursement plan for reference.

Stader is now deploying a multi-layer security program and will leave no stone unturned to bring the most secure liquid staking solution to NEAR. The ugraded NearX will be accompanied by strengthened internal security processes and three new audits to make the protocol stronger & safer than ever before.

Here is a comprehensive coverage of the extensive security measures that will be deployed by Stader going forward:

  • Three New Audits
  • Bug Bounty Programme
  • Enhanced Internal Testing & Review
  • Security upgrades in smart contract
  • Strengthened Monitoring
  • Integrated Faster Responsiveness

Three New Audits

The premier cyber security firm, Otter Security (OSec), has been brought in as the 3rd auditor for the NearX smart contract. With a rich auditing experience within the NEAR ecosystem, OSec comes highly recommended by multiple parties, including the Near Foundation & Proximity Labs.

We have also requested for fresh comprehensive audits by our old security partners, Halborn Security & BlockSec. These are being conducted by an entirely separate set of engineers than before to ensure that the code is reviewed by fresh pair of eyes.

Bug Bounty Programme with Immunefi

The updated NearX smart contract will go live with a bug bounty programme in association with Immunefi. Whitehat hackers & keen eyed users are invited to review the code & bring potential weakness to light. They stand a chance to win sizeable bounties (up to $1Mn) depending upon the severity of the bug identified.

The logistics of the same are already in place. The programme will go live as soon as the audits are completed and the NearX smart contract code will be open sourced.

Enhanced Internal Testing & Review

We have also upgraded our internal testing & review processes. Widespread changes have been brought into the system, primary ones being:

  • A new set of engineers have reviewed & stress tested the NearX specs & incorporated audit fixes.
  • The team has defined and tested all high level workflows and common error flows for each system rigorously
  • Additional unit & integration tests have been incorporated

Security upgrades in smart contract

  • We have incorporated pause functionality through multi-sig in our smart contract to protect user funds in the case of emergency situations.

Strengthened Monitoring

Prometheus, the premier blockchain monitoring system that tracks critical metrics related to liquid tokens, is also being set up. It shall provide real time alerts based on:

  • Exchange rate change on the contracts
  • Market exchange rate on each DEX
  • Volume change in total circulating supply
  • Liquid token price on exchange

Also, public dashboards are being set up to help us monitor movement of metrics conveniently.

Integrated Faster Responsiveness

The Prometheus monitoring & alerting system shall be integrated in the developers’ slack channels to ensure that any concern is noticed instantly & immediately responded to.

Users and community members can further report any NearX related security issues to security@staderlabs.com or reach us at our Twitter