Security Considerations

Security Design & Considerations

Overview

The XZK Staking contracts are designed with security as a top priority. This document outlines the key security features, design principles, and considerations that ensure the safety of user funds and the integrity of the staking system.

Core Security Features

1. Immutable Configuration

  • Fixed Reward Structure: The total reward amount (50 million tokens) and duration (3 years) are immutable constants

  • No Backdoor Parameters: Critical parameters like TOTAL_REWARD, TOTAL_DURATION_SECONDS, and TOTAL_FACTOR are set at deployment and cannot be modified

  • Transparent Rewards: The reward calculation uses a deterministic exponential decay function that is publicly verifiable

2. Reentrancy Protection

  • ReentrancyGuard: All critical functions (stake, unstake, claim) are protected against reentrancy attacks

  • SafeERC20: Uses OpenZeppelin's SafeERC20 library for secure token transfers

  • State Changes First: All state modifications occur before external calls to prevent reentrancy vulnerabilities

3. Access Control & Permissions

Limited Admin Functions

The contract has minimal admin privileges, all of which are time-locked and require DAO governance:

  • Pause/Unpause Staking: Can only pause staking operations, cannot affect existing stakes

  • Claim to DAO: Limited to withdrawing rewards to the DAO treasury

  • No Fund Extraction: Admins cannot directly withdraw user staked tokens

Role-Based Access Control

  • ExpandZK Access: Only the official ExpandZK DAO can execute admin functions

  • Pause Admin: Separate role for pausing individual user claims (for security incidents)

  • No Super Admin: No single address has unlimited control over the contract

4. Time-Based Security

Staking Period Enforcement

  • Minimum Staking Period: Users must stake for the full duration before unstaking

  • Nonce-Based Verification: Unstaking requires proof of staking history through nonce verification

  • Claim Delay: 1-day delay between unstaking and claiming to prevent rapid withdrawals

Start Time Protection

  • 5-Day Start Delay: Contract cannot start immediately, preventing rushed deployments

  • Immutable Start Time: Once set, the start time cannot be changed

5. Token Security

Non-Transferable Staking Tokens

  • Disabled Transfers: Staking tokens (sXZK) cannot be transferred between addresses

  • Vote Token Integration: Staking tokens integrate with governance voting while remaining non-transferable

  • Prevents Token Manipulation: Users cannot trade or manipulate staking token balances

Underlying Token Safety

  • Standard ERC20: Uses well-audited OpenZeppelin ERC20 implementation

  • Safe Transfer Patterns: All token operations use safe transfer methods

  • Balance Verification: All operations verify sufficient balances before execution

6. Mathematical Security

Reward Calculation

  • Deterministic Algorithm: Rewards are calculated using a fixed exponential decay function

  • Taylor Series Approximation: Uses mathematically sound approximation for exponential calculations

  • Overflow Protection: All calculations use SafeMath patterns (Solidity 0.8.26+)

  • Precision Handling: Fixed-point arithmetic with 18 decimal precision

Exchange Rate Protection

  • Share-Based System: Uses a share-based exchange rate that prevents manipulation

  • Total Supply Tracking: Accurate tracking of total staking token supply

  • Reward Distribution: Fair distribution based on staking duration and amount

7. Record-Keeping & Auditability

Comprehensive Logging

  • Staking Records: Complete history of all staking operations with timestamps

  • Unstaking Records: Detailed tracking of unstaking operations and claim eligibility

  • Event Emissions: All critical operations emit events for off-chain monitoring

  • Nonce System: Sequential nonce tracking prevents replay attacks

Transparent State

  • Public Variables: All important state variables are publicly readable

  • View Functions: Multiple view functions for users to verify their positions

  • APR Calculations: Real-time APR calculations for transparency

Security Considerations

1. No Backdoors

  • No Emergency Withdraw: No function allows admins to withdraw user funds

  • No Parameter Changes: Critical parameters are immutable after deployment

  • No Upgrade Mechanism: Contract is not upgradeable, preventing malicious upgrades

2. Economic Security

  • No Inflation: Staking tokens cannot be minted beyond the reward schedule

  • No Deflation: Staking tokens cannot be burned except through legitimate unstaking

  • Fair Distribution: Rewards are distributed proportionally to staking amounts and duration

3. Operational Security

  • Pause Mechanism: Emergency pause functionality for security incidents

  • Individual Claim Pause: Ability to pause specific user claims if needed

  • DAO Governance: All admin actions require DAO approval

4. Code Quality

  • OpenZeppelin Standards: Uses battle-tested OpenZeppelin contracts

  • Comprehensive Testing: Extensive test coverage for all functions

  • Formal Verification: Mathematical functions are formally verified

  • Audit-Ready: Code follows security best practices and is audit-ready

Risk Mitigation

1. Smart Contract Risks

  • Reentrancy: Protected by ReentrancyGuard

  • Overflow/Underflow: Protected by Solidity 0.8.26+ built-in checks

  • Access Control: Role-based access with minimal privileges

2. Economic Risks

  • Impermanent Loss: Not applicable (single token staking)

  • Liquidity Risk: Users can unstake after the lock period

  • Reward Dilution: Fixed reward schedule prevents dilution

3. Operational Risks

  • Oracle Dependencies: No external oracle dependencies

  • Upgrade Risks: No upgrade mechanism (immutable contract)

  • Governance Risks: Limited to DAO-approved actions only

Trust Indicators

1. Transparency

  • Open Source: All code is publicly available and auditable

  • Immutable Logic: Core logic cannot be changed after deployment

  • Public Events: All operations emit events for transparency

2. Governance

  • DAO-Controlled: Only the ExpandZK DAO can perform admin functions

  • Time-Locked: All admin actions require DAO governance process

  • Limited Scope: Admin functions are limited to pause/unpause operations

3. User Protection

  • No Fund Access: Admins cannot access user staked tokens

  • Fair Rewards: Deterministic reward distribution

  • Clear Terms: Staking period and conditions are transparent

Conclusion

The XZK Staking contracts are designed with security as the foundation. The combination of immutable parameters, limited admin privileges, comprehensive access controls, and mathematical soundness provides users with confidence that their funds are safe and the system operates fairly. The contract architecture prioritizes user protection while maintaining the flexibility needed for legitimate operational requirements.

All security measures are implemented using industry-standard practices and battle-tested libraries, ensuring the highest level of protection for user funds and system integrity.

Last updated