How secure will your platform be? For the type of service you provide, this is very important.
Hello, yes you are right!
The Level01 platform servers are secured with multiple layers of firewall and server security solutions to safeguard the system from different types of attacks. The firewalls are continuously monitored and configured to identify malicious activity and eliminate current and potential attacks while ensuring a stable service.
Authentication is necessary for all access points to the servers. The authentication method is through OAuth2 framework. The tokens are 256 bit encrypted and are invalidated after 3600s.
While maintaining vigil over serverside security, the blockchain element introduces another dimension of performance and security that Level01 has to monitor to prevent or mitigate issues. Certain issues that are common to other trading platforms are mitigated by the
Level01 hybrid platform design.
Interestingly, I did not hear everything I wanted, but thanks! I think your platform will be very secure.
What exactly do you want to know?
How will your trading processes be protected from intruders?
Cancel Contract FloodingAn attacker could potentially flood the system by creating and cancelling trading intents en masse. Level01 mitigates this type of attack by limiting the amount of trading intents that can be cancelled by any user per hour. As trade matching is
performed off-chain, cancelled contracts can be delisted from the platform with minimal repercussions, unlike if trade matching was conducted on the blockchain, delisting a trading contract will be subject to latency and cost issues however would still affect the platform adversely for an attacker that can afford the time and cost. Cancellation of a contract once it is trade matched and sealed on the blockchain is not supported.
Contract HeistsHeists are not possible in the Level01 platform as tokens are not held or controlled by the system. All tokens in trade are held by the LIST smart contract with the source code publicly visible and auditable for the public. The smart contract will not relinquish the tokens held for trade contracts under any circumstances, until trade settlement occurs and the benefiting counterparty is determined. It will then perform its automated duty and transfer the profit tokens to the benefiting party.
Trading Intent/Settlement Redirection Any tokens/fund transfers needs to have signatures from both counterparties of the contract (initial issuer and matcher) so no party including the platform can redirect transfers anywhere else as it is impossible to falsify users’ signatures.
I hope I answered your question!