Security — Decentralization — Precog Finance
To some, decentralization is a means of democratizing a protocol; to others, it is a security measure that eliminates a central point of failure — to many, it is both. In an industry riddled with security issues, scams, and lack of transparency, it only makes sense for projects of the highest caliber to be sufficiently decentralized on every level possible.
It is true that to some capacity, the word ‘decentralization’ is often used in marketing efforts to garner the trust and enthusiasm of DeFi users and investors. However, upon taking a step back, we can effortlessly see why this is the case — why decentralization is the standard.
That being said, decentralization isn’t the end-all-be-all; rather, it is one of the various key measures a project must take in order to ensure its protocol is as reliable and as safe as technology can possibly allow. To that end, we’re delighted to share some of the steps we are taking to create an ironclad protocol that adheres to the highest standards of security in the industry.
Multisig Wallets — Everyone, Everything, Everytime
It is a strict, closely-followed internal policy at Precog Finance for every core team member to use a multisig wallet for any project-related matters and assets. When you look at some of the most professional, committed, thorough, and careful projects in the field, you will inevitably come across this security measure being utilized on some level.
For the uninitiated, a multisig wallet is one that requires multiple keys/signatures to sign and approve an action — hence the name ‘multi-sig’. For a motion to pass, it would require the majority of votes made from different wallets (such as 2/3rds or 3/5ths) to ensure the action is intended and not an accident or an attack.
This function can be further enhanced by adding a timelock function whereby an action would require a certain amount of time to pass before allowing the wallets to sign. By doing so, it ensures that even in the worst-case scenario, the team has more than enough time to think and act upon any and all motions.
Precog Finance multisig wallet addresses and their purpose:
- Precog-Token-Deployer: The wallet responsible for deploying the $PCOG token
- Sentient-SmartContract-Deployer: The wallet responsible for deploying Sentient smart contracts
- Sentient-Fees-Treasury: The treasury wallet that will have any fees collected within the Sentient DeFi Protocol
- Sentient-HashrateTokens-Treasury: The treasury wallet that holds all staking Bitcoin mining hashrate tokens
- Precog-SmartContract-Generic-Deployer: The wallet responsible for deploying smart contracts in the Precog ecosystem
- Precog-DAO-Treasury: The Precog DAO Treasury wallet
- Precog-LPTokens-Treasury: The Liquidity Pool tokens treasury wallet
- Precog-Generic-Treasury: A generic treasury wallet
On matters of security and optimization, Mohamed Saleh, the lead Ethereum Developer at Precog Finance said: “We understood the degrees of importance regarding the feedback and report tailored by Certik, and chose to act upon the most pressing matters first, before proceeding to the smaller, less significant matters, where we found more opportunities for improving our code and smart contracts”.
Multisig Application for Token Minting and Deployment
Such a pivotal action demands the utmost caution and strict security measures on all levels. Hence why the Precog Finance team leverages multisig wallets to ensure any and all such actions are fully intended and performed at the right time and place. Additionally, access to these wallets is restricted to a select few to further minimize any unauthorized access. For token minting and deployment, this is the best measure a project can take.
To put it into perspective, consider a scenario where, by some astronomical luck, a hacker manages to gain access to a project’s wallet that holds the rights to mint and/or deploy tokens — it would spell the end of that project. However, assume the right is only granted when 2 out of 3 multisig wallets approve after 48 hours of the request; it would require the hacker to somehow obtain access to another wallet, while at the same time, the team is working on revoking all the rights of the compromised one.
Needless to say, a project cannot be considered secure enough without resolving issues related to centralization, and Precog Finance has tightened all the screws in this area.
We have also had CertiK — one of the leading security audit firms in the blockchain space — analyze and examine our protocol and report any security issues relating to our code or structure. The resulting feedback has served to spot imperfections and reinforce the areas of our product that don’t hold up to the high standards of security that we adhere to.
Transparency is one of the cornerstones of the DeFi movement, and indeed, a fundamental principle of our work. We hold ourselves responsible for how and what we communicate to our users; thus, we will utilize every channel we have to disclose everything we do.
We also plan on transferring as many rights as possible to our future DAO to further decentralize and secure the project. Governance rights will be conveyed with the PCOG token, through which users will be able to express and partake in the development and decision-making of the project. It is our firm and genuine opinion that DAOs are essential for decentralized protocols, and one of our major goals is establishing Precog Finance’s very own Decentralized Autonomous Organization — right up there with the release of Sentient and Cerebral.
To keep up to date with reports, news, and updates taking place at Precog Finance, check out our: