Protocol Security

Incident Identification

The Protocol monitors risk on (i) the smart contract level and (ii) the infrastructure and UI level. On the smart contract level, Term Finance utilizes OpenZeppelin Defender Contract Sentinels to monitor any calls to access controlled functions. On the infrastructure and UI level, measures are established to prevent against DDOS attacks, implement DNS security, and detect unwanted front-end modification and intrusion. For more details follow the page links below.

Incident Reporting

Alerts are sent to all members of the team in real-time, though a rotating schedule is in place to designate a single member of the core team as being responsible for monitoring and escalating alerts to an incident report board each day of the week. Incidents added to the board move through the following steps:

  • Discovered

  • Triage Needed

  • Planned

  • Diagnosing

  • Fixing

Isolate and Contain

Once identified, emphasis is placed on isolating and containing an incident from spreading or causing further damage to the Protocol. Responses for common situations described in the table below.

Resolve and/or Restore

Once contained, emphasis turns toward resolving and restoring systems. Resolutions for common situations are detailed in the table below.

Documentation

Lastly, once an incident is contained and resolved, the Protocol will seek to document all actions taken during the incident response process, including timestamps and individuals involved.

Last updated