Over the last week we’ve conducted several meetings with CertiK, PAW Chain developers, PawKishi, and the Development Team to organize the fastest and most secure pathways to launch PAW Chain Main-Net.
It's important to understand that PAW Chain development has evolved several times on the road to Main-Net to include complete rebuilds of products to increase scalability, interoperability, and security. The original vision was to simply “build a fast, scalable, efficient blockchain that can interconnect every other chain with seamless transfer of assets across all chains”
This started as a L1 - L2 - L3 system, however our development evolution has now architected the L3 to incorporate everything that the L1/L2 does within a single component. As our L3 is not an EVM chain by design, the deployment and management of smart contracts will be executed differently long-term. Our PAW Chain developers are coding a custom contract deployer for the L3, to be released later this year, enabling smart contract deployment, dApp creation, and other utilities to be developed directly on the L3. In the interim, PAW Chain’s EVM-based L1 will be the smart contract deployment mechanism, and uses bi-directional communication flows with the L3 to establish the token data within the L3 triple-ledger system.
In addition to enhanced auditing provided by CertiK, we have elected to subscribe to CertiK’s SkyInsights. These services provide advanced 24/7 security monitoring on our chain. In implementing these monitoring services, withdrawals out from the chain can be subject to a time delay, enabling a validator node to review the activity and potentially reverse the transaction if required.
The time delay only affects transactions that initiate a bridge request manually from within PAW Chain. This will not affect anyone using the Swap that bridges funds in and out automatically.
With the above in mind, the scope for CertiK audit is set to be:
The L1 & L2 no longer require an audit, as the L1 holds no assets/funds and is the interim ledger for smart contract deployment.
On 09 Apr 2024, PAW Chain signed the Service Agreement with CertiK and submitted payment to begin the audit process. We have provided CertiK with prioritized auditing suggestions as we map the Main-Net launch. In this prioritization, we have requested CertiK to begin with the wPAW token contract as this is required for our Migration to PAW Coin strategy detailed here.
But we didn’t stop there! We have a KYC video interview with CertiK scheduled for 16 Apr 2024 to continue in our Organizational KYC process.
As you may already understand or have learned from the above, we have always identified security as one of the core pillars within the PAW Chain Ecosystem. The above strategy and implementation of new services further display our commitment to security as a first priority and continue to adhere to the security measures identified in our Whitepaper.
Continuous Monitoring for Security Threats: We employ Certik's Continuous Monitoring service, which enables us to detect and respond to security threats in real-time. This proactive approach ensures that any potential breaches or malicious activities are promptly identified and mitigated.
Organizational KYC: As part of our commitment to compliance and preventing fraudulent activities, we adhere to a stringent organizational KYC process. This means that we diligently verify the identity of our core team, ensuring that they are genuine and trustworthy participants in the PAW Chain Ecosystem.
NIST for Security: We adhere to the security guidelines set forth by the National Institute of Standards and Technology (NIST). By following these industry best practices, we ensure that our Ecosystem incorporates robust security controls and protocols.
DevSecOps Process: Our development and operations teams follow a DevSecOps process, where security considerations are integrated throughout the entire Software Development Lifecycle (SDL). By incorporating security practices from the initial stages of development, we minimize the risk of vulnerabilities and enhance the overall security posture of PAW Chain’s products and services.