Security Considerations
Security Design & Considerations
Overview
The XZK Staking contracts are designed with security as a top priority. This document outlines the key security features, design principles, and considerations that ensure the safety of user funds and the integrity of the staking system.
Core Security Features
1. Immutable Configuration
Fixed Reward Structure: The total reward amount (50 million tokens) and duration (3 years) are immutable constants
No Backdoor Parameters: Critical parameters like
TOTAL_REWARD
,TOTAL_DURATION_SECONDS
, andTOTAL_FACTOR
are set at deployment and cannot be modifiedTransparent Rewards: The reward calculation uses a deterministic exponential decay function that is publicly verifiable
2. Reentrancy Protection
ReentrancyGuard: All critical functions (
stake
,unstake
,claim
) are protected against reentrancy attacksSafeERC20: Uses OpenZeppelin's SafeERC20 library for secure token transfers
State Changes First: All state modifications occur before external calls to prevent reentrancy vulnerabilities
3. Access Control & Permissions
Limited Admin Functions
The contract has minimal admin privileges, all of which are time-locked and require DAO governance:
Pause/Unpause Staking: Can only pause staking operations, cannot affect existing stakes
Claim to DAO: Limited to withdrawing rewards to the DAO treasury
No Fund Extraction: Admins cannot directly withdraw user staked tokens
Role-Based Access Control
ExpandZK Access: Only the official ExpandZK DAO can execute admin functions
Pause Admin: Separate role for pausing individual user claims (for security incidents)
No Super Admin: No single address has unlimited control over the contract
4. Time-Based Security
Staking Period Enforcement
Minimum Staking Period: Users must stake for the full duration before unstaking
Nonce-Based Verification: Unstaking requires proof of staking history through nonce verification
Claim Delay: 1-day delay between unstaking and claiming to prevent rapid withdrawals
Start Time Protection
5-Day Start Delay: Contract cannot start immediately, preventing rushed deployments
Immutable Start Time: Once set, the start time cannot be changed
5. Token Security
Non-Transferable Staking Tokens
Disabled Transfers: Staking tokens (
sXZK
) cannot be transferred between addressesVote Token Integration: Staking tokens integrate with governance voting while remaining non-transferable
Prevents Token Manipulation: Users cannot trade or manipulate staking token balances
Underlying Token Safety
Standard ERC20: Uses well-audited OpenZeppelin ERC20 implementation
Safe Transfer Patterns: All token operations use safe transfer methods
Balance Verification: All operations verify sufficient balances before execution
6. Mathematical Security
Reward Calculation
Deterministic Algorithm: Rewards are calculated using a fixed exponential decay function
Taylor Series Approximation: Uses mathematically sound approximation for exponential calculations
Overflow Protection: All calculations use SafeMath patterns (Solidity 0.8.26+)
Precision Handling: Fixed-point arithmetic with 18 decimal precision
Exchange Rate Protection
Share-Based System: Uses a share-based exchange rate that prevents manipulation
Total Supply Tracking: Accurate tracking of total staking token supply
Reward Distribution: Fair distribution based on staking duration and amount
7. Record-Keeping & Auditability
Comprehensive Logging
Staking Records: Complete history of all staking operations with timestamps
Unstaking Records: Detailed tracking of unstaking operations and claim eligibility
Event Emissions: All critical operations emit events for off-chain monitoring
Nonce System: Sequential nonce tracking prevents replay attacks
Transparent State
Public Variables: All important state variables are publicly readable
View Functions: Multiple view functions for users to verify their positions
APR Calculations: Real-time APR calculations for transparency
Security Considerations
1. No Backdoors
No Emergency Withdraw: No function allows admins to withdraw user funds
No Parameter Changes: Critical parameters are immutable after deployment
No Upgrade Mechanism: Contract is not upgradeable, preventing malicious upgrades
2. Economic Security
No Inflation: Staking tokens cannot be minted beyond the reward schedule
No Deflation: Staking tokens cannot be burned except through legitimate unstaking
Fair Distribution: Rewards are distributed proportionally to staking amounts and duration
3. Operational Security
Pause Mechanism: Emergency pause functionality for security incidents
Individual Claim Pause: Ability to pause specific user claims if needed
DAO Governance: All admin actions require DAO approval
4. Code Quality
OpenZeppelin Standards: Uses battle-tested OpenZeppelin contracts
Comprehensive Testing: Extensive test coverage for all functions
Formal Verification: Mathematical functions are formally verified
Audit-Ready: Code follows security best practices and is audit-ready
Risk Mitigation
1. Smart Contract Risks
Reentrancy: Protected by ReentrancyGuard
Overflow/Underflow: Protected by Solidity 0.8.26+ built-in checks
Access Control: Role-based access with minimal privileges
2. Economic Risks
Impermanent Loss: Not applicable (single token staking)
Liquidity Risk: Users can unstake after the lock period
Reward Dilution: Fixed reward schedule prevents dilution
3. Operational Risks
Oracle Dependencies: No external oracle dependencies
Upgrade Risks: No upgrade mechanism (immutable contract)
Governance Risks: Limited to DAO-approved actions only
Trust Indicators
1. Transparency
Open Source: All code is publicly available and auditable
Immutable Logic: Core logic cannot be changed after deployment
Public Events: All operations emit events for transparency
2. Governance
DAO-Controlled: Only the ExpandZK DAO can perform admin functions
Time-Locked: All admin actions require DAO governance process
Limited Scope: Admin functions are limited to pause/unpause operations
3. User Protection
No Fund Access: Admins cannot access user staked tokens
Fair Rewards: Deterministic reward distribution
Clear Terms: Staking period and conditions are transparent
Conclusion
The XZK Staking contracts are designed with security as the foundation. The combination of immutable parameters, limited admin privileges, comprehensive access controls, and mathematical soundness provides users with confidence that their funds are safe and the system operates fairly. The contract architecture prioritizes user protection while maintaining the flexibility needed for legitimate operational requirements.
All security measures are implemented using industry-standard practices and battle-tested libraries, ensuring the highest level of protection for user funds and system integrity.
Last updated