YOP Security Update: Hacken and BTBlock Security Audits
A message that we have constantly reiterated when we talk about YOP and Pluto is how seriously we take security to protect ourselves and the community. Excuses after the horse has bolted will help no one. We must take all reasonable precautions and act with responsibility at every step of the journey. To this end we have multiple tools in our arsenal to protect YOP and in turn, the YOP community.
Prior to the Private release you would have noticed we had all our smart contracts audited. We used two audit companies to give us double the protection, and a strong vetting process was carried out to ensure we used the best auditors available. We were very happy with the results of both our auditors, Hacken and BTBlock, and we will continue working with them as we further develop the YOP ecosystem. Such was the level of comfort and security we have received from Hacken and BTBlock, we have also forged an official partnership with both of them. You can read more details on the partnership and audits here:
Hacken: Hacken Audit
BTBlock: BTBlock and Pluto Partnership
In addition to the audits, we want to ensure all parts of the process prior to YOP tokens entering the smart contracts and the community are securely controlled. In order to keep all YOP tokens yet to be put into circulation secure, these tokens are stored in wallets controlled with multi-authentication in Fireblocks. Using Fireblocks ensures that all YOP tokens moved from a Fireblocks hosted YOP wallet, go through a multi-authentication process prior to being sent anywhere. It doesn’t matter if this is YOP tokens being used for marketing, or YOP tokens that are part of the community emission schedule, all YOP tokens entering circulation need approval from at least two YOP team members before they are sent anywhere. Ensuring this “4-eyes” check on all YOP tokens being put into circulation, protects us from miss-keyed figures and malicious actors. Again, based on the confidence we have in using Fireblocks, we are in the process of creating a YOP/Pluto x Fireblocks case study and formalising a partnership with them.
Another multi-auth/multi-sig feature that YOP uses is Gnosis Safe, the most trusted platform to manage digital assets. Gnosis Safe is a multi-sig wallet backed by smart contracts to manage funds, execute transactions on our contracts, and handle gas refunds to signers in a secure and trustable manner. Gnosis Safe requires a minimum number of core members to approve a transaction before it can occur (M of N). YOP have created multiple multi-sig wallets that are mapped directly to our YOP ecosystem roles, to provide a flexible and extendable approach on areas such as a minimum number of approvals (M of N) and contract permissions. You can read more about our use of Gnosis Safe in our YOP Multi-Sig Wallets blog post here.
So, as you can see, we take security VERY seriously. We want you to feel comfortable and safe when using the YOP ecosystem, and we will do all we can to make this happen!