Sanctum Security — A UNION Protocol Foundation Center of Excellence

11 min readApr 9, 2021

Sanctum Security (“Sanctum”) is a cybersecurity Center of Excellence (CoE) within the UNION Protocol Foundation. It works actively within the scope of the UNION Protocol Foundation, UNN token ecosystem, and external client engagement to ensure broad application of cutting edge approach and best practice application of infrastructure, operational, data, and smart contract security.

TL;DR:

UNION Protocol Foundation introduces its Sanctum Security (“Sanctum”) Center of Excellence (CoE)
Sanctum runs under joint leadership of UNION’s Infrastructure and Security Officer, Manos Megagiannis, and Project Lead, Michael Beck
Sanctum provides full-service cybersecurity services, tailored for cryptocurrency projects, with specific focus on operational, infrastructure, data, and smart contract security
Sanctum runs independently from UNION project teams, providing parallel work assessments and secure shared services for the UNION Protocol Foundation and ecosystem projects, as well as external clients
Portion of proceeds from external work will be directed back to the UNION Protocol Foundation treasury, which will be directed through Governance when implemented
Sanctum is open for business

Introduction

Distributed applications and protocols enabled by smart contracts on public blockchain networks have fueled decentralized financial innovation in ways that, to this point, have never been possible. Smart contract security, however, is replete with unique challenges and opportunities. Open-source code hosted and executed on permissionless networks, which underscores billions of dollars in daily value transfer, presents a ripe opportunity for malicious actors to scour these new DeFi instruments and probe them for vulnerabilities anonymously — with the potential to abscond with millions and disappear.

What’s more, risks presented to public code echo through their supporting teams, communities, and infrastructure. For someone looking to exploit a project, any vector of approach is as reasonable as any other in seeking success.

The security issues of public blockchain projects, as typified by the public’s current focus on this problem in the scope of DeFi, is no secret. In the case of DeFi, it’s illuminated consistently by the myriad contract hacks of emergent DeFi protocols where base actors exploit bugs in the code to drain liquidity pools, print unfettered amounts of the native token, rug pull funds from token contracts, and much more.

In fact, DeFi contract vulnerabilities have overtaken attacks targeting centralized exchanges as the premier means to steal user funds in the industry.

In 2020, CipherTrace reported that roughly 50% of all thefts occurred via hacks of DeFi protocols, totaling more than $129 million. DeFi exploits were virtually non-existent the prior year and have only accelerated in 2021. The reason for the swelling metrics of DeFi exploits can largely be attributed to the enormous and dynamic attack surface of permissionless code storing billions of dollars in chain-locked value.

Projects are often under pressure to deliver products on compressed timelines, with emphasis on security eschewed for product-market fit and rapid liquidity uptake. Throw in the general dearth of developer talent (where talent focuses on rapid prototyping), and the picture of why hastily compiled code, potentially holding millions of dollars in value, is subject to intense interest from malicious parties begins to crystallize.

DeFi’s distinct risk profile is a byproduct of the nature of decentralized networks. The attack surface is only compounded by the anonymity of users, geographical diversity of teams, a lack of standardized practices, and unforeseen consequences of deploying contracts from testnet to the Dark Forest of the mainnet.

At Sanctum, we believe the chance to secure DeFi’s smart contract risk at both a micro and macro scale is an enormous and unmet calling — one that demands ossifying security standards and providing bespoke solutions to unique challenges. We seek to do this through practical applications of continuous quality control and secure development operations (DevOps) over traditional operational and infrastructure security best practices.

It’s time for the industry’s ballooning TVL to be matched by an ecosystem of robust security practices. We gave a lot of hard thought to this need — especially as we have been developing our smart contract protection solution.

When we looked across the industry, we found, on one hand, a number of smart contract auditors. On the other hand, we found traditional cybersecurity testing and remediation firms. However, no one could integrate the full scope of these approaches to address the full tapestry of crypto project concerns. We concluded that UNION had a burgeoning requirement and was in a unique position to offer a solution.

Crypto needs a security Center of Excellence. Enter Sanctum Security.

What is Continuous Software Quality Control?

The history of software development tells a story of process refinement in the name of getting software “right” for the user, the first time, every time.

Waterfall processes don’t provide enough opportunity for feedback and refinement. The unified process provided an iterative feedback loop, but not enough by way of user validation and customer-valued process artifacts. The agile process sought to break the walls between user and developer, oddly enough transforming the developer into a domain specialist — akin to the programmer-analyst model of mainframe development, where test-driven development provides strong feature-driven development and user validation.

Today’s software development often embraces the ethos of solving outstanding problems today and leaving architecture as an emergent, non-functional requirement. As software evolves, its underpinnings are refactored to adapt to new requirements. If a conceptual framing to meet new requirements can’t be supported by the current emergent architecture, then the software is redesigned or the new requirements are grafted to the existing code until refactoring can occur.

All of what makes software development easy and practical presupposes that software is mutable — that is, subject to change. By definition, smart contracts, the code stored and executed on a blockchain, is IMMUTABLE.

Even with abstractions allowing for ease of maintenance and change of implementation, the software deployed into blockchain environments is brittle at best. Add implications of gas efficiency and references from both dependent applications and other smart contracts, and contemplated changes, even within the realm of possibility, are exceedingly difficult — often relying on original team members and thorough testing to ensure nothing inadvertently breaks along with changes that are required. With this in mind, the nature of open protocols, which are constantly evolving through the ideas and improvements of their teams and communities, creates a situation whereby security verification and proper quality control processes are easily outstripped by the pace and need for change.

As open-source programs on permissionless networks, smart contracts on public blockchains necessitate continuous quality control.

At present, many projects typically obtain an audit from a reputable firm before mainnet launch. These audits typically consist of static analysis of frozen branches of code, examining elevated permissions that can introduce vulnerabilities and changes in sensitive state variables.

Results are presented to teams, and sometimes the public, in the form of a report that details what was found, the severity of impact, and prospective remedy to fix the issue discovered. These audits don’t look at the context in which the code is called — they only seek to ensure that the code is “formally” validated to perform as expressed by the team to the auditors in verbal/written communication and supporting documentation. These audits don’t observe the environment in which the code was produced or the infrastructure where components apart from smart contracts will be hosted. They don’t protect project teams from impersonation, personal hacks, or ransomware/malware attacks that can further expose the project to long-term issues of theft, damage, or viability.

It’s necessary to extend such security assessments beyond the initial launch of a product to the mainnet — eliciting continuous communication, feedback, and analysis from security auditors on an ongoing basis. As attack vectors change and malicious parties grow more sophisticated in their strategies, auditing solutions need to become more fluid as well.

Continuous quality control entails more than boilerplate strategies, too. It means embracing a view of each project and its supporting team and infrastructure as having a path of maturity. A defined maturity model view develops enhanced capabilities through a continuous process — measuring defects, identifying deviation, and reducing variance improves delivery with each iteration of building.

We don’t just focus on defects — we determine the root cause of deficiencies to reduce their future occurrences, resulting in a more secure platform and a well-informed team.

How Does Secure DevOps Apply to Decentralized Projects?

Secure DevOps is the broad application of practices that enhance integrity, availability, and confidentiality of code, work products, infrastructure, and data in the context of development operations. It encompasses auditing access to open-source repositories, assessing the protection of communication channels, and enveloping deployment environments in permission structures that minimize necessity control to critical functions. In cryptocurrency projects, however, these things are often overlooked.

Secure DevOps in decentralized projects is a distinct challenge because of the often geographically dispersed nature of contributors, particularly once products are live on mainnet and anonymous community members can propose upgrades to the governance and parameters of a protocol.

Similar to continuous quality control, decentralized DevOps requires constant assessment of contributors and how the core team interacts with them. Deployment of unsanctioned or vulnerable components can lead to critical flaws that leave user funds vulnerable and erode trust in the team’s ability to defend against sophisticated agents probing for social vulnerabilities via comms channels to gain an upper hand.

As protocols grow in significance and value, they increasingly become targets for malicious actors and simultaneously more appealing for genuine contributions by the community. What was initially a manageable codebase and governance model can quickly spiral into navigating a jungle of inbound requests and suggestions for altering governance parameters that teams don’t have the bandwidth to judge as vulnerable to attack.

Why a Center of Excellence (CoE) for UNION?

The concept of a Center of Excellence (CoE) revolves around pooling together specialists and concentrating their focus on explicit tasks — like audits of smart contract code via variable pairs of eyes with different backgrounds and perspectives on security. However, it’s much more than that and extends to addressing the multi-faceted threats facing crypto projects.

A crypto-oriented security CoE means taking the technical mechanisms of secure auditing practices, ossifying them into practical standards, and rolling over those standards into adaptable strategies that benefit crypto projects continually. These strategies also need to scale with both dynamic changes in attack models and the growth of decentralized communities.

The CoE approach needs to provide technical expertise, supplement those with robust and proven practices, amplify emphasis on addressing emerging threats, and feed those into a streamlined process that creates a positive feedback loop as projects achieve product-market fit. CoE also entails evaluating security from both a macro and micro scale. For example, rather than explicitly focusing on micro-oriented code deficiencies that can lead to downstream disasters, projects need to consider finality risks of layer two applications and how composable protocols can interface with each other in unforeseen ways. As UNION seeks to enhance its platform to support smart contract protection, understanding these risks with layers of granular discipline and expertise becomes even more critical.

At UNION, our experience with our initial audit for our UNION Protocol Governance Token illuminated how first-class input from a security team is not something we wanted as a one-off event. It induced us to explore how quality input more early and often can massively benefit a project’s security profile over the long run. Isolated hiring of contractors to point out weaknesses in product code, DevOps, and other aspects of projects is becoming insufficient to secure user funds against an expanding attack surface and potentially malicious set of users.

Hence, the origination of Sanctum and the CoE approach to security within crypto and DeFi. As the first implementation of Sanctum’s full-spectrum CoE approach, UNION’s C-OP, our collateral optimization instrument for lending protocols and our asset protection platform, will benefit from robust, standardized, and dynamic security methods to ensure that user assets are protected.

Sanctum’s full-spectrum cybersecurity not only helps assess, illuminate, and respond to such issues appropriately but also helps alleviate the resource burden that crypto projects face when it comes to security. In most instances, shorthanded teams are handcuffed in their ability to respond and identify sources of social engineering leaks, economic exploit vulnerabilities, or other attack origins effectively.

Teams’ primary focus on product development and integrating with third-party protocols leaves little mental bandwidth to address security concerns at the same level common in more traditional cybersecurity fields. Sanctum reduces the reactive energy required by crypto projects to identify and resolve issues rapidly. Sanctum is the security arm persistently prowling your code, team permissions, and interaction with other protocols in the background — efficiently communicating issues when they arise. Peace of mind is hard to come by in crypto, but Sanctum’s existence as a CoE for smart contract security is the type of mutual engagement many teams are searching for and have difficulty locating.

Leaning on a full-spectrum provider like Sanctum reduces the burden faced by hyper-growth protocols when it comes to DevOps. Rather than adding quality to the DevOps processes at the beginning of a project’s launch, we scale DevOps security parallel to the project’s growth — offloading the complexity involved in managing decentralized community input and allowing teams to focus on the product and user-facing features.

Quality isn’t something we’re looking to add at the end. We run DevOps analysis in cycles with both external checkpoint reviews and continuous improvement threads with the goal of dampening community input complexity that can lead to more vulnerabilities.

In the case of C-OP, this means evaluating exposures to third-party DeFi apps which will integrate the product (e.g., lending platforms), determining how DevOps between third-party project teams (plus the community) and UNION can defend against unsanctioned permissions access, and continually assessing both macro and micro risks to the product.

By example, Sanctum’s CoE methods for UNION and C-OP can serve as a reference for future security modeling of DeFi projects and form a foundation for building better all-around security for the industry.

In operations, UNION Project Lead, Michael Beck, and Security Officer, Manos Megagiannis, oversee daily operations of a core team of infrastructure, devops, and smart contract security experts. Efforts are focused at developing patterns and best-practice playbooks for the UNION Protocol Foundation and CoE external clients. Work of this group is informed by trusted external advisors from the information security industry.

Crypto is a funny place — enthralled by surging valuations, memes, innovation, and speculation; it truly is the wild west of finance and innovation. However, the market will never reach its full potential if it remains mired in hacks, exploits, and security standards that cannot keep pace with the rapid iteration of new products and communities.

That’s why we’re pleased to present Sanctum — crypto’s Security Center of Excellence for a burgeoning industry of blockchain-based innovation.

About Sanctum Security

Website: https://www.sanctumsecurity.io/

Twitter: https://twitter.com/sanctumsecurity

Telegram: https://t.me/sanctumsecurity

About UNION

UNION is a technology platform that combines bundled protection and a liquid secondary market with a multi-token model. DeFi participants manage their multi-layer risks across smart contracts and protocols in one scalable system. UNION decreases the entry barriers for retail users and lays the foundation for institutional investors. UNION’s full-stack DeFi protection is inclusive, composable, and brings battle-tested capital and pricing models from TradFi to the DeFi ecosystem.

Website: https://www.unn.finance/

Twitter: https://twitter.com/unnfinance

Telegram: https://t.me/UNNFinance

Telegram ANN: https://t.me/UNNFinanceANN