Security and Upgrades

Security is essential to’s self-custody. Therefore all our contracts are heavily audited, and have bug bounty programmes (read more on these later in this section). One of the most essential factors in security is the process of upgrading the smart wallets. Balancing self-custody and upgradeability is a difficult task. We want to make sure we are able to keep improving and adding new functionality to without compromising the safety and self-custody of your funds. We therefore use Timelock contracts in order to enact upgrades. We process the works as follows:

  • When we want to do an upgrade we have to propose it to the Timelock contract.

  • This starts a 7-14 day countdown (depending on the chain).

  • During these 7-14 days, members of the community can monitor the upgrade and check that it is safe and audited, and that the upgrade code matches what is expected.

  • If for some reason the code were found to be unsafe, any community members could raise the alarm, allowing users to withdraw before the upgrade completed.

  • Once the countdown completes, the smart wallets upgrade, adding new functionality.

Emergency Withdrawals

The final security measure to ensure complete self-custody on is the emergency withdrawal process. In order to facilitate better user experience on the platform, withdrawals are broadcast under normal circumstances as meta transactions. This means that it would be theoretically possible for users to be blocked from withdrawing funds from the smart wallets if the website were to be turned off or taken down. Emergency withdrawals ensure that, even if the website stopped existing, users can always recover their funds safely and quickly. This mechanism allows you to go directly to the underlying smart contracts and force a withdrawal of your own funds at any time.

Data Availability Committee

Privacy is key to trading. In addition to being slow, existing decentralised exchanges make all trades visible, even though professional traders want to protect their trading activity, and proprietary trading strategies, from competitors and public view. Privacy will be a key requirement for decentralised exchanges to gain traction with this audience moving forward.

In order to achieve privacy, traders' balance data will be moved off-chain, rather than being stored on the blockchain. StarkWare, the provider of's scalability engine, is currently exploring other privacy-achieving methods that could be implemented in the future, without the need for data to be stored purely off-chain by a committee. However, the current approach was chosen as a pragmatic solution following conversations with large customers, and will be improved in the future.

The Data Availability Committee has three main functions:

  • Protect user trading privacy by allowing balance updates and trades to be hidden from other users.

  • Check the state of balances and, if valid, sign to allow the merkel root of the state to be updated on-chain.

  • Publish all balances data if and or StarkWare were ever to go offline, or withhold data.

The initial DAC committee is comprised of a small number of members, who were selected based on the following criteria.

  • Experience with running high-availability infrastructure.

  • Relative independence from each other.

  • Long-standing public reputation.

  • History of supporting new technology and desire to be leaders in demonstrating the potential of a new second-layer scaling solution for Ethereum.

  • Geographically diverse, both in terms of the entities themselves and their server locations.


Founded in 2014 by Ethereum co-founder Joseph Lubin, ConsenSys is a market-leading blockchain technology company.


Infura is an infrastructure provider connecting users to Ethereum and IPFS.


Nethermind builds Ethereum solutions for developers and enterprises. Boosted by a grant from the Ethereum Foundation in August 2018, our team has worked tirelessly to deliver the fastest Ethereum client in the market, optimised to the very last byte.


Iqlusion provides infrastructure for next-generation cryptocurrency technologies which are designed and built to scale to real-world demands.


StarkWare solves the inherent problems of blockchains – scalability and privacy. They develop a full proof-stack, using STARK technology to generate and verify proofs of computational integrity. (previously known as DeversiFi) is the first permissionless exchange allowing traders to execute orders of any size directly from the security of their private wallets. In March 2020 became the first StarkWare-powered exchange, offering deep liquidity as well as high-speed, low-fee and instant settlement.


Cephalopod Equipment is based in Canada, serving the global Cosmos and staking communities. The Cephalopod team has significant experience in data center operations, distributed systems, and cryptocurrency. The team is comprised of long-term contributors to Cosmos including Ethan Buchman, co-founder of the project.

How the DAC works in practice

In the normal course of events, committee members are responsible for:

  • Receiving each state transition and signing a commitment to the new state

  • Keeping a copy of this state private and secure

The exchange’s smart contract does not accept a state transition unless enough committee members have signed on the new state.

The DAC has an important role to play in a meltdown scenario, where both the exchange and StarkWare deny users’ withdrawal requests. In such an event, the exchange’s smart contract freezes the system, and committee members are responsible for making all their stored data publicly available so that users can safely retrieve their funds directly from the exchange’s smart contract. This is what is known as the ‘escape hatch’.

Each member of the DAC runs a specialist piece of software on a dedicated server and is incentivised to ensure maximum uptime and performance via monthly payments from

Examples of logs from a DAC client are below.

For more information on the StarkWare technology, the technicalities of the Data Availability Committee or the escape hatch, see the StarkWare public GitHub repository.

To apply to be a DAC member, contact us via email on

Bug Bounty

Keeping our platform and our users safe is a high priority for us at and we recognise the importance of engaging with security researchers and the community. To incentivise the responsible disclosure of any security issues or vulnerabilities discovered, our bug bounty program exists to provide a framework for rewarding such efforts. uses Immunefi as our bug bounty platform.

Immunefi is the leading bug bounty and security services platform for Web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds.

You can read more about’s bug bounty here.


Engaging in DeFi is not risk free, and the risks of using features of the platform are the same as those of any other contract that has control over users’ funds, notably the risk of hacks.

To minimise these risks, has put rigorous checks in place and we attempt to avoid pushing any unnecessary changes.

Furthermore, Our contract changes are rigorously audited internally prior to release, and receive regular external audits from industry-leading blockchain security experts, such as PeckShield.

You can view our most recent audit here.

Last updated