> For the complete documentation index, see [llms.txt](https://docs.noon.capital/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.noon.capital/built-for-safety/2.-audited-and-secured-infrastructure/smart-contract-security.md). # Smart contract security ## Role-Based Access Control Our contracts implement a robust role-based access control (RBAC) system using OpenZeppelin's 'AccessControl' pattern. ```markdown Key roles include: - `DEFAULT_ADMIN_ROLE`: Super-admin with the ability to manage other roles - `REBASE_MANAGER_ROLE`: Controls rebase operations - `BLACKLIST_MANAGER_ROLE`: Manages blacklisted addresses - `STAKING_VAULT_ROLE`: Special permissions for staking operations ``` ## Two-Step Ownership Transfer We utilize OpenZeppelin's `Ownable2Step` pattern for secure ownership transfers, requiring the new owner to accept the transfer explicitly: ```solidity function transferOwnership(address newOwner) public virtual override(Ownable2Step, Ownable) onlyOwner { Ownable2Step.transferOwnership(newOwner); } ``` ## Decentralization of Power ### Role Distribution To prevent single points of failure and reduce trust requirements, different roles should be assigned to separate trusted entities: 1. **Admin Role**: System maintenance and emergency functions 2. **Rebase Manager**: Handles rebase operations 3. **Blacklist Manager**: Controls address restrictions 4. **Staking Vault**: Manages staking operations ### Multi-Signature Recommendations Critical operations should be protected by multi-signature wallets: * Treasury management * Protocol parameter updates * Emergency functions ## Data Security ### Storage Safety 1. **Access Controls** * Strict visibility modifiers * Internal function protection * State variable access restrictions ## Monitoring and Alerts ### Critical Events Monitor these events for security: ```solidity event AdminChanged(address indexed oldAdmin, address indexed newAdmin); event Blacklisted(address indexed account); event WithdrawalDemandCreated(address indexed user, uint256 amount, uint256 timestamp); ``` ### Security Checkpoints 1. **Transaction Monitoring** * Large transfers * Ownership changes * Role assignments 2. **Blacklist Operations** * Address additions/removals * Blocked transaction attempts 3. **Withdrawal Operations** * Request creation * Claim attempts * Failed transactions ## Clear Emergency Process * Clear incident response plan * Emergency contact list * Recovery procedures * Revokation protocols ``` This documentation provides a comprehensive overview of the security measures implemented in your smart contract system while offering guidance for secure operations and maintenance. You can further customize it based on your specific needs or add more technical details as required. ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.noon.capital/built-for-safety/2.-audited-and-secured-infrastructure/smart-contract-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.