Stellarcade follows "Security First" principles to protect user assets and ensure platform integrity.
- Access Control: Administrative functions (like upgrading or withdrawing house fees) are protected by ownership checks.
- Arithmetic Safety: We use Soroban's built-in safety features to prevent overflows and underflows.
- Reentrancy Protection: Contracts are designed to avoid reentrancy vulnerabilities.
- Formal Verification: (Goal) We aim to formally verify critical logic using toolsets like
halmos.
- Rate Limiting: Protection against DDoS and brute-force attacks.
- Request Body Limits: JSON and URL-encoded payloads are size-limited before business logic executes.
- Input Sanitization: All user inputs are validated via
express-validator. - JWT Best Practices: Tokens have short TTLs; secrets are rotated regularly.
- Dependency Vetting: Use
npm auditandcargo auditto identify vulnerable packages.
- Default maximum request body size is
100kb. - Environment override:
BODY_SIZE_LIMIT(for example64kb,256kb,1mb). - Oversized payloads are rejected with HTTP
413and a normalized error body:
{
"error": {
"message": "Request payload exceeds the allowed size limit.",
"code": "PAYLOAD_TOO_LARGE",
"status": 413,
"correlationId": "<request-correlation-id>"
}
}- Rationale: this limits memory pressure and abuse risk while preserving predictable client-facing error handling.
- Encryption at Rest: All production databases are encrypted.
- Least Privilege: The API connects using a database role with only necessary permissions.
- No Hardcoded Secrets: All credentials are managed via environment variables and secrets managers.
- Server-Side Signatures: Backend signing keys are stored in secure Vaults (e.g., AWS KMS, HashiCorp Vault).
- User Keys: Stellarcade never stores or sees a user's private key. Signing happens client-side via Freighter or other Stellar wallets.
Before any major release, ensure:
- All functions have comprehensive unit tests.
- No TODOs remain in production-bound code.
- Contracts have been run through an automated analyzer.
- Backend endpoints have 100% integration test coverage.