Skip to content

Security: devOnyx-01/Stellar-Save

Security

docs/SECURITY.md

Stellar-Save Security Best Practices

For Users

1. Wallet Security (Critical)

✅ Use hardware wallet (Ledger/Trezor) for mainnet
✅ Enable 2FA on wallet apps
✅ Never share seed phrase/private keys
✅ Use separate wallet for testnet experimentation
❌ Avoid browser extensions for large amounts
❌ Never enter seed on websites

Stellar-Specific:

  • Freighter/Ledger Live: Hardware signing
  • Use Stellar Laboratory for contract inspection
  • Verify contract ID before interacting

2. Group Creation Best Practices

✅ Min 3-5 trusted members (start small)
✅ Contribution ≤1% monthly income per member
✅ 7-30 day cycles (avoid too short/long)
✅ Max members ≤20 (gas limits)
✅ Share Group ID publicly, but verify members

Scam Prevention:

❌ Don't join groups with unrealistic returns
❌ Verify creator reputation
❌ Check `get_group()` details before joining
❌ Use `get_missed_contributions()` to monitor activity

3. Contribution Discipline

⏰ Deadlines auto-calculated: `get_contribution_deadline(group_id, cycle)`
⚠️  Miss → Payout delayed for ALL
💰 Exact amount required: `validate_contribution_amount()`
📊 Track via `get_missed_contributions()` and `is_cycle_complete()`

Penalties (Social):

  • Missed contributions → No group payout that cycle
  • Persistent missers → Emergency withdrawal possible after 2×cycle_duration inactivity
  • Track via get_member_total_contributions()

4. Emergency Recovery

1️⃣ Check `emergency_withdraw()` eligibility:
   - Group inactive 2+ cycles
   - Haven't received payout
   
2️⃣ `get_member_total_contributions()` → Pro-rata refund
   
3️⃣ Admin pause protection: `pause_contract()` stops all ops

For Developers/Integrators

Contract Security Features

🔒 Reentrancy guard in `transfer_payout()`
🔐 Admin-only config/pause
⏱️  Rate limiting (5min group create, 2min joins)
💾 Atomic storage updates
🧾 Comprehensive events for monitoring

Audit Checklist

✅ [ ] Review `StorageKeyBuilder` patterns
✅ [ ] Test all `StellarSaveError` paths
✅ [ ] Verify pause/unpause works
✅ [ ] Gas limits for large groups (`get_group_members(offset, limit)`)
✅ [ ] Pagination bounds checking

Monitoring

events().subscribe("PayoutExecuted", group_id)
events().subscribe("ContractPaused")
client.get_contract_balance()
client.get_group_balance(group_id)

Risk Mitigation

Risk Mitigation
Front-running Client-side validation first
Oracle failure Ledger timestamp only
Storage exhaustion Pagination + limits
Emergency funds emergency_withdraw() after inactivity
Contract pause Admin monitored multi-sig

Recovery Procedures

Lost Access

1. Import wallet to new device
2. Check `has_received_payout(group_id, your_address)`
3. `emergency_withdraw()` if eligible

Group Stalls

1. `get_missed_contributions(group_id, current_cycle)`
2. Contact missers
3. Creator: `emergency_withdraw()` after 2 cycles inactivity

Contract Issues

1. Monitor `ContractPaused` events
2. Check [Soroban Explorer](https://soroban.stellar.org)
3. Funds safe during pause

Compliance Notes

  • Not financial advice - Peer-to-peer savings only
  • Testnet first - Always verify testnet before mainnet
  • Audit recommended for production deploys

Security first - Verify everything!

Last updated from contract analysis

There aren’t any published security advisories