π°Cybersecurity
At ReNVEST, ensuring the security of our fractionalized ownership platform for real estate is of utmost importance. We employ a multi-layered approach to safeguard our platform against potential threats, such as contract hacks, account takeovers and unauthorized fund transfers. Our security strategy encompasses three main layers: Smart Contract Security, User Account Security and Backend Security.
Smart Contract Security
Security of the Contract
The backbone of Renvestβs platform is the smart contract, which governs property tokenization. Ensuring the security of these contracts is critical. We rigorously test all contract functions for vulnerabilities before deployment, employing thorough code reviews and utilizing advanced security tools to identify and mitigate potential risks.
Key Management of the Administration of the Contract
Post-deployment, securing the administration rights to the smart contract is vital. We utilize a multi-signature (multi-sig) non-custodial wallet to manage the property creation process. This approach ensures that no single entity holds complete control over the contract, significantly reducing the risk of unauthorized property creation. Access to the private keys used for contract administration is strictly controlled. These keys are crucial as they grant access to property creation and management. By employing a non-custodial approach, we ensure that key material remains secure and under our control, eliminating reliance on third-party Key Management Services (KMS), which may introduce additional security risks.
User Account Security
Access to User Accounts
Protecting individual user accounts is paramount to safeguarding user funds and property tokens. We implement a granular security model that allows users to maintain control over their private keys, ensuring that they are always in control of their funds. This model balances ease of use with robust security measures, providing a seamless yet secure user experience.
Transfer of Tokens to Other Wallets (P2P Transfers)
To prevent unauthorized token transfers, we have implemented a function that restricts token transfers to whitelisted recipients only. This measure ensures that tokens can only be sent to trusted parties, reducing the risk of fraudulent transfers and protecting user assets.
Embedded Wallet Security
For the security of embedded wallets created within the application, we utilize Privy, a trusted solution for managing wallet security. Privy ensures that user private keys are protected, adding an additional layer of security to the user account management process.
Backend Security
Aggregated Data Storage for All Available Properties
Our backend system is designed to securely store and manage aggregated data for all available properties. We implement several security measures to protect this data:
β’ Data Encryption: All data stored in our backend is encrypted both at rest and in transit, ensuring that sensitive information remains protected against unauthorized access.
β’ Access Control: We enforce strict access control policies, limiting data access to authorized personnel only. This reduces the risk of data breaches and unauthorized data manipulation.
β’ Regular Audits: We conduct regular security audits and penetration testing to identify and address potential vulnerabilities in our backend infrastructure.
In summary, ReNVESTβs multi-layered security approach ensures comprehensive protection of our platform, encompassing smart contract security, user account security, and backend security. By implementing rigorous testing, secure key management, granular user controls, and robust backend safeguards, we provide a secure environment for our users to engage in fractionalized real estate ownership.
Last updated