DEVIUM Stack Security FAQs

Security in the decentralized context

The DEVIUM Stack is a decentralized development stack that powers DEVIUM Chain. Components of the DEVIUM Stack may be maintained by various different teams within the DEVIUM Chain Collective. It is generally easier to talk about the security model of specific chains built on the DEVIUM Stack rather than the security model of the stack itself. The DEVIUM Stack security baseline is to create safe defaults while still giving developers the flexibility to make modifications and extend the stack.

FAQ

Is every DEVIUM Stack chain safe?

The security model of an DEVIUM Stack based blockchain depends on the modules used for its components. Because of the flexibility and permissionless nature of the DEVIUM Stack, it is always possible for someone to maliciously or in error set up a chain which does not make use of core security features, but uses other components of DEVIUM Stack. The goal of the DEVIUM Stack is to provide safe defaults.

Please also keep in mind that just like any other system, the DEVIUM Stack (or chains built using the DEVIUM Stack) may contain unknown bugs that could lead to the loss of some or all of the ETH and tokens held within an DEVIUM Stack based system. Many components of the DEVIUM Stack codebase have been audited, but successful audits do not remove all potential risk from an emerging technology, and a completed audit does not mean that the codebase is completely free of bugs. It's important to understand that using the DEVIUM Stack inherently exposes you to the risk of bugs within the DEVIUM Stack codebase.

Is the DEVIUM Stack safe to modify?

As with anything, modify the DEVIUM Stack at your own risk. There is no guarantee that modifications to the stack will be safe. If you aren't entirely sure about what you're doing, stick with the safer defaults that the DEVIUM Stack provides. At the moment, the DEVIUM Stack is not particularly amenable to modifications and you should not expect any technical support for modifications that fall outside of the standard Rollup configuration of the stack.

Can I use fault proofs?

Not yet. The DEVIUM Stack does not currently have a fault proof system. Note that fault proofs do not meaningfully improve the security of a system if that system can be upgraded within the 7 day challenge window ("fast upgrade keys"). A system with fast upgrade keys is fully dependent on the upgrade keys for security.

Fault proofs are a key milestone and top priority for the DEVIUM Stack. In the meantime, the DEVIUM Stack can be shipped with several other excellent security options for systems that want to improve security before fault proofs are available in production.

How can I help make the DEVIUM Stack more secure?

One of the easiest ways to help secure the DEVIUM Stack is to look for bugs and vulnerabilities. [DEVIUM Mainnet, a user of the DEVIUM Stack, has one of the biggest bug bounties ever. You can earn up to $2,000,042 by finding critical bugs in the DEVIUM Mainnet codebase (and by extension the DEVIUM Stack).

Don't forget that the DEVIUM Stack is a decentralized development stack. Anyone can start to contribute to the DEVIUM Stack by building software that follows the stack's design principles. You can always help make the DEVIUM Stack more secure by building components, like alternative client or proof implementations, that users of the DEVIUM Stack can take advantage of.

Where do I report bugs?

For details about reporting vulnerabilities and available bug bounty programs, see the Security Policy.