ExpoPay is currently deployed on Stellar Testnet. This document outlines implemented and planned security measures.
- Server-side
getUser()on every API route — no route relies solely on client-side auth - Middleware auth gate — unauthenticated requests to
/dashboard/*are redirected to login - Admin RBAC — arbiter/admin routes verified via
ADMIN_EMAILSenv var
- 4-digit transaction PIN — required for all fund-moving actions (send, merchant pay, escrow release/refund, unstake, pool withdraw)
- Duplicate transaction check — 10-second idempotency window prevents double-spends
- On-chain audit trail — every action produces a Stellar
tx_hashverifiable on Stellar Expert
- Inactivity guard — auto-logout after 15 minutes of inactivity; visibility-aware (does not fire while app is backgrounded)
- Supabase session cookies — Supabase handles secure cookie management
-
SUPABASE_SERVICE_ROLE_KEYguard — server refuses to start in production if key is missing - Structured event logging — critical events written to
app_logswith level, route, user_id - Fee Bump privacy — gasless transactions keep user keypairs server-side; fee_source on-chain is platform wallet only
- Hash
app_pinwith bcrypt — currently stored plaintext; migration needed-- After migration: UPDATE profiles SET app_pin_hash = crypt(app_pin, gen_salt('bf')) - Encrypt
stellar_secretat rest — AES-256-GCM withENCRYPTION_KEYenv var planned
- Auth endpoints —
/api/auth/*,/api/expo/claim(target: 10 req/min per IP) - Admin endpoints —
/api/admin/resolve(target: 5 req/min per admin) - Payment endpoints —
/api/payments/send,/api/payments/gasless
- Role-based admin — migrate from
ADMIN_EMAILSenv var toprofiles.roleDB column - Smart contract audit — formal audit of escrow, staking, and pool contracts
- Hardware wallet signing — Ledger/Trezor support for key management
- 2FA — TOTP-based two-factor authentication for admin accounts
- CSP headers — Content-Security-Policy headers via
next.config.ts - Secret rotation — procedure for rotating
PLATFORM_SECRET_KEYwithout downtime
Please report security vulnerabilities by email rather than opening a public GitHub issue.
Contact: [expopay8@gmail.com]
Key security-relevant dependencies:
@supabase/supabase-js— auth and database@stellar/stellar-sdk— blockchain signing and verificationnext— server-side rendering and API routes
All dependencies are kept up to date. Run npm audit regularly.