Security Overview

Our Security-First Approach

Block Street prioritizes the safety of user funds through comprehensive security measures, regular audits, and battle-tested architecture. We believe security is not just a feature but the foundation of trustworthy DeFi.

Smart Contract Audits

Completed Audits

Block Street smart contracts undergo comprehensive security audits by leading firms before deployment. Audit reports are made public for transparency.

Note: Specific audit details will be published upon completion.

Ongoing Security

  • Continuous monitoring via Forta Network

  • Quarterly security reviews

  • Automated vulnerability scanning

  • Community bug reporting program

Bug Bounty Program

We maintain an active bug bounty program to incentivize responsible disclosure of vulnerabilities.

Reward Tiers

Bug bounty rewards are based on severity:

Critical Severity

  • Fund loss vulnerabilities

  • Protocol insolvency risks

  • Oracle manipulation attacks

High Severity

  • Temporary fund lock issues

  • Governance vulnerabilities

  • Access control bypasses

Medium Severity

  • Economic inefficiencies

  • Front-running vulnerabilities

  • Information leakage

Low Severity

  • Code quality issues

  • Gas optimizations

  • UI/UX vulnerabilities

Specific reward amounts vary based on impact and quality of disclosure.

Responsible Disclosure

  1. Report vulnerabilities to security@blockstreet.money

  2. Include detailed reproduction steps

  3. Allow 30 days for resolution before public disclosure

  4. Receive rewards in USDC or protocol tokens

Technical Security Measures

Multi-Layer Oracle System

Block Street uses redundant price feeds to prevent manipulation:

  • Primary: Chainlink decentralized oracles

  • Secondary: Pyth Network high-frequency feeds

  • Fallback: Time-weighted average prices

  • Circuit Breakers: Automatic pause on extreme deviations

Access Controls

Timelock Contract All administrative actions require a 48-hour delay, allowing users time to react to changes.

Multi-Signature Wallet Critical functions require 3 of 5 signatures from geographically distributed key holders.

Role-Based Permissions

  • Owner: Protocol upgrades and parameter changes

  • Guardian: Emergency pause capability

  • Keeper: Routine maintenance operations

Emergency Procedures

Pause Mechanism The protocol can be paused in emergencies to prevent further damage while maintaining user fund safety.

Gradual Rollout New features deploy with conservative limits that increase over time as safety is proven.

Insurance Fund Protocol fees contribute to a reserve fund for potential incident response.

Operational Security

Code Practices

  • All code open-sourced on GitHub

  • Comprehensive test coverage (>95%)

  • Formal verification for critical functions

  • Regular dependency updates

  • Static analysis on every commit

Infrastructure Security

  • Distributed keeper infrastructure

  • Redundant RPC endpoints

  • DDoS protection for web interfaces

  • Regular security training for team

  • Incident response procedures

Third-Party Dependencies

All external contracts and libraries undergo thorough review:

  • OpenZeppelin contracts for standard implementations

  • Chainlink and Pyth for oracle services

  • Audited bridge contracts for cross-chain assets

Risk Mitigation Strategies

Conservative Parameters

We maintain conservative risk parameters compared to other protocols:

  • Lower maximum LTV ratios

  • Higher liquidation incentives

  • Gradual parameter adjustments

  • Supply and borrow caps per asset

Liquidation Safety

Our hybrid liquidation engine reduces cascade risks:

  • Configurable close factor (5-90%) limits per-liquidation impact

  • DEX and OTC paths for execution flexibility

  • Keeper redundancy prevents liquidation delays

  • Dynamic incentives based on market conditions

Market Risk Management

  • Isolated markets for new assets

  • Correlation analysis between assets

  • Stress testing under extreme scenarios

  • Real-time risk monitoring dashboard

Historical Security Record

Since launch, Block Street has maintained a perfect security record:

  • Zero funds lost to exploits

  • 100% uptime for core functions

  • All user funds always accessible

  • Successful handling of market volatility

Security Best Practices for Users

Wallet Security

  • Use hardware wallets for large amounts

  • Enable transaction signing verification

  • Keep private keys offline

  • Use separate wallets for different activities

Transaction Safety

  • Verify contract addresses before interacting

  • Check transaction details before signing

  • Start with small test transactions

  • Monitor your positions regularly

Phishing Protection

  • Only use official Block Street URLs

  • Verify SSL certificates

  • Never share private keys or seed phrases

  • Be suspicious of unsolicited messages

Reporting Security Issues

If you discover a security vulnerability:

  1. Do Not disclose publicly

  2. Email security@blockstreet.money immediately

  3. Include detailed information and steps to reproduce

  4. Encrypt sensitive details using our PGP key

  5. Await confirmation and work with our team

PGP Key Fingerprint: [Available on request]

Insurance Options

While Block Street maintains internal reserves, users can obtain additional coverage:

Protocol Coverage Providers

  • Nexus Mutual

  • InsurAce

  • Unslashed Finance

Coverage typically includes:

  • Smart contract failures

  • Oracle manipulation

  • Governance attacks

  • Protocol insolvency

Compliance and Regulations

Block Street maintains high compliance standards:

  • Regular legal reviews

  • Geographical restrictions where required

  • Anti-money laundering monitoring

  • Transparent governance processes

Stay Informed

Keep up with security updates:

Security is our top priority. If you have any concerns or questions, please contact security@blockstreet.money.

PreviousAuditsNextTeam

Last updated