PAID Network’s Path to Secure Development
Dear PAID Community,
We wanted to take this opportunity to shed some light on our commitment to security, and break down the industry best practices and steps we’re taking to protect the PAID Network ecosystem and surrounding communities — helping you get a better look at our internal security flow.
At the start of March, we reinspected our procedures and overhauled our internal processes relating to security, testing, and review, to close any gaps, and refocus our efforts on minimizing our attack surface and keeping our users safe.
We use several tools to perform automated checks of all produced contracts. This includes using Sonar Qube, an open-source tool kit used by many security providers, to measure software quality. In addition, all code is reviewed manually by our team and is further subject to external audits by the renowned blockchain security firm Zokyo.
Three Phase Development Process
Our development process can be broken down into three distinct phases as below.
1. Establishing Requirements
In the requirements phase, we follow what is known as the STRIDE framework, a tried-and-tested threat modeling framework developed by Microsoft.
STRIDE focuses on five common threat areas:
- Information Disclosure
- Elevated privileges
The framework helps define both potential vulnerabilities and the effect that these can have on a protocol. Our team also follows best practices such as the Secure Development Workflow — which is a high-level process designed to assist in the creation and monitoring of secure smart contracts.
2. Beginning Development
Once we have defined the requirements we need to meet, we then move on to the development stage. This includes not only the initial PAID Network contract, but all other development of the project moving forward. This is where we focus on the entire software development life cycle — carrying out extensive checks along the way, including code reviews, unit tests, integration tests, and smart contract tooling and automation.
3. Moving to Production
Next up is the production phase. Here, focus on monitoring and reacting to any issues that might flag up. We assess the PAID Network contract using Know Your Transaction (KYT) solutions and other industry tools, and have pre-defined forensics procedures and solutions in place to assess all incidents. In the event of a major incident, we use industry gold-standard practices to resolve the issue before moving forward with development.
Focused on Security
While PAID Network has been security-centric since the beginning, recent events have reinforced the need for constant vigilance. As such, we have redoubled our security efforts and tapped a range of industry experts to review and enhance (where required) our security practices.
In line with this, we have enlisted the support of a range of domain experts to help bolster our security efforts — including the likes of Immunefi, Parsiq, and RSI Security. We have also extended our efforts through a bug bounty program which we have recently launched.
We understand that adverse security events can leave even our most ardent supporters in doubt. With this in mind, we ensure that our ethos of security above all else carries through to our upcoming Ignition launches, Smart Agreement deployments, and product launches — giving both clients and users the peace of mind necessary when participating in the future of business.
PAID Network seeks to redefine the current business contract, litigation, and settlement processes by providing a simple, attorney-free, and cost-friendly DApp for users and businesses to ensure they #GetPAID wherever they are in the world.
PAID technology leverages Plasm to operate on both the Ethereum and Polkadot ecosystems. PAID makes businesses exponentially more efficient by building SMART Agreements through smart contracts in order to execute DeFi transactions and business agreements seamlessly.
PAID streamlines backend legal operations with SMART Agreements, so that projects can focus on making their brand bigger and better.
For any questions about the PAID network, feel free to reach out to us on:
- Website: PAIDNetwork.com
- Telegram: @PaidNetwork
- Twitter: @PAID_Network
- Medium: @PAIDNetwork
Be part of the solution, check out the live PAID Bug Bounty on Immunefi