Introducing Time-Lock: Stader's latest security feature

As we have reiterated time and again, security of user funds is our #1 priority at Stader. In light of the exploit on Ankr’s BNB liquid token aBNBc , By employing multi-sigs all through, we have eliminated the possibility of a similar incident happening.

Ankr's exploit

Ankr’s contract was controlled through an account with only one signatory, Stader BNBx on the other hand already has a 3/5 multi-sig in place (3 external signers, 2 internal signers). This means that the loss of a single private key or the actions of a single bad actor cannot lead to rogue changes being made to the contract. The presence of external signatories also ensure that the Stader team cannot make a unilateral decision to change the contract.

However, we are not stopping there, to further enhance the security we have now added a Time Lock for changes to the contract, so in the unlikely event that there is a breach, we have time to alert our partners and take remedial action

At its core, time lock is a smart contract that delays function calls of another contract for a predetermined amount of time. Stader BNB has added this time lock for making upgrades to its smart contracts, thus adding another layer of security to its multi-sig driven contracts.

How Does it Work?

Previously, for an admin to make upgrades to the contract, they would have to create a proposal and get approval from the multi-sig to execute changes on the target contract as shown below:

With the implementation of timelock, all changes to the smart contract will be governed by the time lock contract. Once an admin proposes a change to upgrade the contract, and the multi-sig approves the change which then flows into the time lock before reaching the target contract. The time lock introduces a delay in execution which acts as a period for all stakeholders to review the changes and take necessary action if found malicious.

At Stader we recognise that ensuring the security of our users is a continuous exercise of improving our platform design and operational processes.With this update, we are confident that we are the safest liquid staking solution on BNB.