Lead Like A Gardener Part 4:
Security at the Stacks Foundation
This post is part of a series dedicated to articulating the strategies and working models leveraged by the Stacks Foundation as we continue to serve and steward the Stacks ecosystem. The series will provide the latest plain language breakdowns of our focus areas and the rationale behind how we prioritize and execute.
By now, you hopefully have read about our overall approach to our work here at the Stacks Foundation in the first post of the series. This post will provide a closer look at how the Stacks Foundation views the security of the Stacks network as well as our own supportive approaches. We believe security is of utmost importance and treat our work, to support and improve the overall security profile of the chain, as a top-level consideration.
With the recent months of momentum of building on Bitcoin, there has been an increased level of attention on Stacks. This includes action in the market, but more importantly, attention from developers, builders, and the broader industry. Most of this is extremely positive, as we’ve seen app usage grow plus new entrepreneurs and funding enter the ecosystem, along with the feeling of camaraderie and new life in the world of Bitcoin. Along with that attention and growth, however, are also new issues to face. A great example is the Bitcoin MEV issue, where a major Bitcoin miner is censoring other Stacks miners. This was something early contributors posited could happen if Stacks became popular enough and well, that day has come. And while this particular issue is getting addressed in the next upgrade, it’s a good reminder the network is likely to see more attempts to extract value, potentially in nefarious ways, as its profile continues to rise.
Beyond that reality, we must also remember that security is a primary value proposition of the Stacks network. Stacks prioritizes safety for builders and users over other elements and the builders that are here count on that. In other words, Stacks has to do it better (more securely) than your other favorite blockchains.
With that context, let’s take a look at how the Stacks Foundation views the overall security model of Stacks.
With the recent months of momentum of building on Bitcoin, there has been an increased level of attention on Stacks. This includes action in the market, but more importantly, attention from developers, builders, and the broader industry. Most of this is extremely positive, as we’ve seen app usage grow plus new entrepreneurs and funding enter the ecosystem, along with the feeling of camaraderie and new life in the world of Bitcoin. Along with that attention and growth, however, are also new issues to face. A great example is the Bitcoin MEV issue, where a major Bitcoin miner is censoring other Stacks miners. This was something early contributors posited could happen if Stacks became popular enough and well, that day has come. And while this particular issue is getting addressed in the next upgrade, it’s a good reminder the network is likely to see more attempts to extract value, potentially in nefarious ways, as its profile continues to rise.
Beyond that reality, we must also remember that security is a primary value proposition of the Stacks network. Stacks prioritizes safety for builders and users over other elements and the builders that are here count on that. In other words, Stacks has to do it better (more securely) than your other favorite blockchains.
With that context, let’s take a look at how the Stacks Foundation views the overall security model of Stacks.
Security and the Stacks Ecosystem
The Stacks network, much like the ecosystem that supports it, follows a decentralized model with regard to its overall security. Stacks’ security is achieved through a combination of protocol and technology design, programs and processes, community participation, and individual responsibility.
Protocol and Technology Design
At the protocol level, security is baked directly into the design of the Stacks blockchain, employing the proof-of-transfer (PoX) consensus mechanism, which leverages the security of the Bitcoin blockchain as a settlement layer. By anchoring to Bitcoin, the Stacks blockchain benefits from the robustness and immutability of Bitcoin's security. Another great example of security through design, is the Clarity smart contract language, which takes a very different approach (turning incomplete, decidable, interpreted, and predictable) to most smart contract languages as to better protect developers and their users from detrimental smart contract bugs.
Programs and Processes
Another key layer of overall security are the processes by which work happens. An example here: After the launch of Stacks 2.1, core developers learned a lot about where the network had some weaknesses related to release processes and demanded adjustments to these processes. There is now a dedicated Testing and Hardening Working Group taking on these improvements that include more automated testing and increased requirements on code reviews. In terms of programs, there are two we run here at the Stacks Foundation that contributes to overall security: Immunefi Bug Bounties (more below) and our audit program. Our audit program includes prior efforts to train agencies in Clarity, educational efforts teams to get audits, and matchmaking to affordable and qualified audit providers. We’ve also recently struck a deal with a go-to auditor, so if you’re looking for one, please contact security@stacks.org.
Community Participation
No surprise here, the Stacks ecosystem relies on community contributors to enhance security. And, it’s not only technical folks, at times a simple observation of a transaction or strange behavior can help avoid bigger issues. Further, the Stacks ecosystem is open-source, with all code openly available meaning many, many eyes have been over any given repo. Notably, Clarity is a human-readable language, so eagle-eyed community contributors have been able to spot smart contracts that could have spurred unexpected results. Another great aspect of community involvement has been that, historically, community contributors take an active approach not just in the identification of bugs or disclosures, but also in their resolution. They have done this via code commits, but also by simply being available to test and re-test as core developers triage. And, last but not least, contributing entities like Hiro and Trust Machines have made dedicated security hires that have not only contributed to increased security of the tools and apps those organizations support, but have also contributed at the network level.
Individual Responsibility
In crypto, we’d be remiss in not pointing out that individual responsibility is an important aspect of security for any system that deals with user funds, and the same goes for Stacks. Users are responsible for securing their private keys and practicing good security hygiene to protect their digital assets and data. The use of hardware wallets or secure software wallets is encouraged to safeguard private keys.
Overall, the Stacks ecosystem embraces a collaborative approach to security, with a combination of protocol design, community involvement, and individual responsibility working together to maintain the security of the network and its participants.
Protocol and Technology Design
At the protocol level, security is baked directly into the design of the Stacks blockchain, employing the proof-of-transfer (PoX) consensus mechanism, which leverages the security of the Bitcoin blockchain as a settlement layer. By anchoring to Bitcoin, the Stacks blockchain benefits from the robustness and immutability of Bitcoin's security. Another great example of security through design, is the Clarity smart contract language, which takes a very different approach (turning incomplete, decidable, interpreted, and predictable) to most smart contract languages as to better protect developers and their users from detrimental smart contract bugs.
Programs and Processes
Another key layer of overall security are the processes by which work happens. An example here: After the launch of Stacks 2.1, core developers learned a lot about where the network had some weaknesses related to release processes and demanded adjustments to these processes. There is now a dedicated Testing and Hardening Working Group taking on these improvements that include more automated testing and increased requirements on code reviews. In terms of programs, there are two we run here at the Stacks Foundation that contributes to overall security: Immunefi Bug Bounties (more below) and our audit program. Our audit program includes prior efforts to train agencies in Clarity, educational efforts teams to get audits, and matchmaking to affordable and qualified audit providers. We’ve also recently struck a deal with a go-to auditor, so if you’re looking for one, please contact security@stacks.org.
Community Participation
No surprise here, the Stacks ecosystem relies on community contributors to enhance security. And, it’s not only technical folks, at times a simple observation of a transaction or strange behavior can help avoid bigger issues. Further, the Stacks ecosystem is open-source, with all code openly available meaning many, many eyes have been over any given repo. Notably, Clarity is a human-readable language, so eagle-eyed community contributors have been able to spot smart contracts that could have spurred unexpected results. Another great aspect of community involvement has been that, historically, community contributors take an active approach not just in the identification of bugs or disclosures, but also in their resolution. They have done this via code commits, but also by simply being available to test and re-test as core developers triage. And, last but not least, contributing entities like Hiro and Trust Machines have made dedicated security hires that have not only contributed to increased security of the tools and apps those organizations support, but have also contributed at the network level.
Individual Responsibility
In crypto, we’d be remiss in not pointing out that individual responsibility is an important aspect of security for any system that deals with user funds, and the same goes for Stacks. Users are responsible for securing their private keys and practicing good security hygiene to protect their digital assets and data. The use of hardware wallets or secure software wallets is encouraged to safeguard private keys.
Overall, the Stacks ecosystem embraces a collaborative approach to security, with a combination of protocol design, community involvement, and individual responsibility working together to maintain the security of the network and its participants.
How the Foundation Supports Security
You may have an idea from some of the layers of security outlined above, but to put it even more directly, here is a concrete list of the security-related activities we prioritize and the investments we have made or make in an ongoing capacity:
- Immunefi Bug Bounty program: Up to $1 million for critical network bugs. You can learn more about the process this program follows below!
- Audit training and matchmaking: We have ensured that numerous top agencies are trained in Clarity and are available to review not only critical infrastructure code as needed but also support teams that are building apps touching user funds. Get in touch if you need one!
- Communications around blockchain issues and releases: We are typically able to digest information from various channels and provide updates to the community through channels like the forum and @stacksstatus on Twitter. Well-timed updates can help protect developers and users, as well as being thoughtful about when and how to post about especially sensitive bugs when they arise. When priorities allow, we would also like to support a more robust Stacks Status page that includes more automated alerts. Get in touch if you’d like to help!
- SIP stewardship: SIPs are how the Stacks blockchain progresses and the process by which the community can propose, discuss, and decide on the development direction of Stacks. We not only help organize the process with help from our SIP Resident, the one and only Hero Game, we also supplement the process with paid 3rd-party research (recent example) on key proposals when they may have an impact on security and tokenomics. These reports can cost upwards of $10-20k and sometimes more depending on the depth required but are needed for the community to make the best possible decisions.
- Support of Core Developers: This happens in two main ways: 1) we play an active role in helping Core Developers organize and collaborate, including direct support by our EPM and our engineers in the Testing and Hardening Working Group, among other contributions and 2) provide direct review, testing, and feedback on code provided by our very own new (ish) in-house security expert, Mark, and our DevOps lead, Jesse. Learn more about Mark below!
- Audits of major new releases (including sBTC/nakamoto)
- Further investment in fuzz and other automated testing for codebases in Stacks repos through Critical Bounties, expert vendors, and our own direct contributions
Meet Mark, Security Lead for the Foundation
If you were wondering how we get all this done and who has become the primary leader of security efforts from our side, please meet Mark. Also known as "Keewenaw," he is a cybersecurity expert who brings a wealth of experience and knowledge to the Stacks Foundation. With a background that began by cracking his parents' WiFi password as a teenager and expanded with receiving a Master's degree in cybersecurity from Georgetown University, Mark's expertise extends to various domains such as red teaming and penetration testing, threat modeling, security architecture, governance, risk & compliance (GRC), forensics, and investigations into fraud, money laundering, and cybercrime.
As the Foundation's Security Engineering Lead, Mark takes a holistic look at the security of the Stacks blockchain. His role involves conducting thorough security measures, including fuzz testing, code reviews, and penetration testing, to enhance the technical security of Stacks. Mark also oversees cybersecurity-related aspects, such as recommending protection against social engineering attacks, providing guidance on coding best practices, developing security training materials, and handling incident responses. His expertise and assistance is readily available to builders within the Stacks ecosystem.
Mark says, “I’m inspired by the community's strong commitment to security within the Stacks ecosystem. The value placed on security is what attracted me to this ecosystem as well as the opportunity to maintain security at the highest level attainable. I appreciate that the Stacks Foundation team and the broader ecosystem understand its importance and have a willingness to actively defend against threats.”
Mark is excited to foster collaboration and cooperation even more deeply across the ecosystem, recognizing that security cannot thrive in isolation. He encourages open communication and is always ready to help, aiming to strengthen the security of the Stacks blockchain and ensure the community's safety (And honestly, Mark just loves to chat about security, so feel free to nerd out with him anytime, seriously!) Feel free to contact him via email at security@stacks.org, on Telegram (@Keewenaw), or on Discord (@Keewenaw).
As the Foundation's Security Engineering Lead, Mark takes a holistic look at the security of the Stacks blockchain. His role involves conducting thorough security measures, including fuzz testing, code reviews, and penetration testing, to enhance the technical security of Stacks. Mark also oversees cybersecurity-related aspects, such as recommending protection against social engineering attacks, providing guidance on coding best practices, developing security training materials, and handling incident responses. His expertise and assistance is readily available to builders within the Stacks ecosystem.
Mark says, “I’m inspired by the community's strong commitment to security within the Stacks ecosystem. The value placed on security is what attracted me to this ecosystem as well as the opportunity to maintain security at the highest level attainable. I appreciate that the Stacks Foundation team and the broader ecosystem understand its importance and have a willingness to actively defend against threats.”
Mark is excited to foster collaboration and cooperation even more deeply across the ecosystem, recognizing that security cannot thrive in isolation. He encourages open communication and is always ready to help, aiming to strengthen the security of the Stacks blockchain and ensure the community's safety (And honestly, Mark just loves to chat about security, so feel free to nerd out with him anytime, seriously!) Feel free to contact him via email at security@stacks.org, on Telegram (@Keewenaw), or on Discord (@Keewenaw).
Mark aka @Keewenaw
Appendix
The ImmuneFi x Stacks collaboration has led to a robust vulnerability disclosure program that incentivizes security researchers to identify and disclose potential threats, ensuring timely remediation and a safer ecosystem (you can check out an example of a bug report here). The ImmuneFi bounty program follows a structured, best-practice approach to encourage the discovery and responsible disclosure of security vulnerabilities. Here's how it works:
- Determining Scope and Eligibility: The bounty program clearly outlines the projects and components within the Stacks ecosystem that are eligible for rewards. Moreover, it sets criteria for participants' eligibility, making it accessible to the wider public.
- Identifying Vulnerabilities: Security researchers conduct meticulous security testing of the eligible, “in scope” codebases. Their goal is to uncover potential vulnerabilities, scrutinizing the code and infrastructure to ensure the highest level of security.
- Reporting Vulnerabilities: Upon discovering a security vulnerability, participants are required to submit a detailed report through the designated channels provided by the Stacks ImmuneFi program. The report should include comprehensive information about the vulnerability, including its nature, potential impact, and reproducible steps.
- Reviewing, Remediating, and Rewarding: The Stacks security team, in collaboration with ImmuneFi, carefully reviews each vulnerability report, subjecting it to thorough analysis and verification. The severity and potential impact of the vulnerability are assessed based on predefined criteria. Severity levels typically range from “Low” to “Critical”, with corresponding rewards for each level. Participants receive monetary rewards and public accolades for their valuable contributions once the vulnerability is confirmed.
- Complying with Responsible Disclosure Guidelines: Responsible disclosure plays a crucial role in the bug bounty program. Participants are required to abide by responsible disclosure guidelines, allowing the Stacks team sufficient time to address and remediate vulnerabilities before any public disclosure. This ensures that users remain protected while necessary improvements are made.
Check out previous audits on the Stacks blockchain, with upcoming new releases, we will facilitate more in the very near future. Get in touch via security@stacks.org if you need an audit of your own!
We've compiled the most important details and contact information related to our security efforts on one convenient page, please feel free to reference and share this page and be in touch if we can support you in any way.