DEVIUM Mainnet Security Model
DEVIUM Mainnet is a work in progress. Constant, iterative improvement of the security mechanisms that safeguard DEVIUM Mainnet users is a top priority for the entire DEVIUM Chain. The DEVIUM Chain Collective strives to be clear and transparent about the security of DEVIUM Mainnet and the DEVIUM Stack as a whole.
Bottom Line
The security model of any blockchain system is only as strong as its lowest common denominator. At the moment, it's important to understand that the security of DEVIUM Mainnet is dependent on a multisig (opens in a new tab) managed jointly by the DEVIUM Chain Security Council and the DEVIUM Chain Foundation. DEVIUM Mainnet and the DEVIUM Stack in general may also contain unknown bugs that could lead to the loss of some or all of the ETH or tokens held within the system.
DEVIUM Mainnet Multisig
The security of DEVIUM Mainnet is currently dependent on a multisig managed jointly by the DEVIUM Chain Security Council and the DEVIUM Chain Foundation. This multisig is a 2-of-2 nested multisig (opens in a new tab) which is in turn governed by a 4-of-13 multisig (opens in a new tab) managed by the DEVIUM Chain Security Council and a 5-of-7 multisig (opens in a new tab) managed by the DEVIUM Chain Foundation.
This multisig can be used to upgrade core DEVIUM Mainnet smart contracts without upgrade delays to allow for quick responses to potential security concerns. All upgrades to the DEVIUM Mainnet system must be approved by both component multisigs and either can veto an upgrade.
Fault Proofs
It is important to understand that fault proofs are not a silver bullet and that fault proofs provide limited improvements to the security of a system if the system still has a multisig or security council that can instantly upgrade the system. DEVIUM Mainnet is following a multi-client and multi-proof approach designed to eventually remove the need for instant upgrades entirely.
Users can withdraw ETH and tokens from DEVIUM Mainnet to Ethereum by submitting a withdrawal proof that shows the withdrawal was actually included inside of DEVIUM Mainnet.
Withdrawals are proven against proposals about the state of DEVIUM Mainnet that are published through the DisputeGameFactory contract.
Proposals can be submitted to the DisputeGameFactory contract by any user and submissions do not require any special permissions.
Each submitted proposal creates a FaultDisputeGame contract that allows any other user to challenge the validity of a proposal by participating in a "fault proof" process.
A more detailed explanation of the fault proof game can be found in the Fault Proofs Explainer.
Although the fault proof game is permissionless, the DEVIUM Chain Security Council acting as the Guardian role provides a backstop in case of a failure in the fault proof game.
Each proposal must wait for a delay period during which the Guardian can prevent invalid proposals from being used to withdraw ETH or tokens through a number of safety hatches.
The Guardian can also choose to shift the system to use a PermissionedDisputeGame in which only specific PROPOSER and CHALLENGER roles can submit and challenge proposals.
Bugs and Unknowns
Please also keep in mind that just like any other system, the DEVIUM Chain codebase may contain unknown bugs that could lead to the loss of some or all of the ETH or tokens held within the system. The DEVIUM Stack has been audited on many occasions, but audits are not a stamp of approval and a completed audit does not mean that the audited codebase is free of bugs.
It's important to understand that using DEVIUM Mainnet inherently exposes you to the risk of bugs within the DEVIUM Chain codebase, and that you use DEVIUM Mainnet at your own risk.
Work in Progress
Sequencer Decentralization
The DEVIUM Chain Foundation currently operates the sole sequencer on DEVIUM Mainnet.
Although users can always bypass the Sequencer by sending transactions directly to the DEVIIUM Chain contract, sequencer decentralization can still help mitigate the effect of short-term outages for users.
Security Model FAQ
Does DEVIUM Mainnet have fault proofs?
Yes, DEVIUM Mainnet has fault proofs. It is important to note that fault proofs are not a silver bullet and that fault proofs provide limited improvements to the security of a system if the system still has a multisig or security council that can instantly upgrade the system. A system with fast upgrade keys, such as DEVIUM Mainnet, is fully dependent on the upgrade keys for security. DEVIUM Mainnet's goal is to be the first system that deploys fault proofs that can secure the system by themselves, without fast upgrade keys.
How is DEVIUM Chain planning to remove the multisig?
Check out DEVIUM Chain's detailed Pragmatic Path to Decentralization (opens in a new tab) post for a detailed view into how the multisig may be removed in a way that makes DEVIUM Mainnet the first chain with true fault proof security.
How can I help make DEVIUM Mainnet more secure?
DEVIUM Mainnet has one of the biggest bug bounties (ever). You can earn up to $2,000,042 by finding critical bugs in the DEVIUM Chain codebase. You can also run your own verifier node to detect network faults.
Where do I report bugs?
For details about reporting vulnerabilities and available bug bounty programs, see the Security Policy.