Security Considerations

Overview

Wafra implements a comprehensive, multi-layer security framework that combines traditional cybersecurity best practices with cutting-edge blockchain security measures. The system provides bank-grade security through hardware-backed authentication, multi-signature wallets, and robust smart contract protections.

Security Architecture

Defense-in-Depth Strategy

Wafra employs a defense-in-depth security strategy with multiple layers of protection:

Application Layer Security

Input validation and sanitization for all user inputs
Rate limiting to prevent abuse and DDoS attacks
Secure session management with automatic expiration
Comprehensive error handling without information leakage

Authentication Layer Security

WebAuthn passkeys with hardware-backed storage
Biometric verification that never leaves the user’s device
Multi-device management with cryptographic approval workflows
JWT tokens with short expiration and automatic refresh

Wallet Security Layer

Gnosis Safe multisig wallets for enhanced fund protection
Hardware-backed private keys stored in secure enclaves
Transaction validation with multi-signature requirements
Encrypted backup keys for recovery scenarios

Smart Contract Layer Security

Role-based access control with granular permissions
Reentrancy protection and state validation
Emergency pause functionality for critical situations
Audited contracts with upgrade safety mechanisms

Infrastructure Layer Security

TLS 1.3 encryption for all data in transit
DDoS protection through Cloudflare
Network monitoring and intrusion detection
Secure environment variable management

Zero-Trust Architecture

Wafra operates on zero-trust security principles:

Never Trust, Always Verify: Every request is authenticated and authorized regardless of source
Least Privilege Access: Each component and user receives minimal permissions necessary for operation
Assume Breach: Systems are designed to contain and mitigate attacks even if perimeter defenses are compromised
Continuous Monitoring: Real-time threat detection and response across all system components

Authentication & Identity Security

WebAuthn Passkey Implementation

Wafra uses WebAuthn passkeys for hardware-backed authentication, providing security superior to traditional passwords or SMS-based 2FA.

Hardware-Backed Security Features:

Private keys are stored in TPM (Trusted Platform Module) or Secure Enclave hardware
Keys have tamper-resistance and cannot be extracted from the device
Hardware random number generator ensures cryptographic strength
ECDSA P-256 cryptographic algorithm with hardware-generated signatures

Biometric Verification Process:

Fingerprint, Face ID, or Touch ID verification
Biometric data is processed locally and never transmitted to servers
Device PIN or password serves as fallback authentication method
User verification is required for all sensitive operations

Passkey Registration Security: When users register a new passkey, the system creates a hardware-backed public-private key pair. The private key never leaves the user’s device, while the public key is stored on Wafra’s servers for signature verification. The registration process includes attestation verification to ensure the authenticator meets security requirements.

Multi-Device Security Management

Wafra supports secure access across multiple devices through a cryptographic approval system:

Device Approval Process:

New devices must be approved by an existing trusted device
Approval requires cryptographic proof of ownership
24-hour approval window prevents unauthorized access
Each device maintains its own passkey and session

Device Revocation Capabilities:

Users can instantly remove compromised or lost devices
Revocation propagates across all services in real-time
Backup devices enable recovery without losing access
Emergency recovery procedures available through support

Session Management Security:

5-day session duration with automatic refresh
Per-device session termination capabilities
Session age validation for sensitive operations
Comprehensive audit logging for all authentication events

Transaction Security

Multi-Signature Protection

Gnosis Safe Integration:

2-of-3 signature requirement for all transactions
User passkey signature (hardware-backed)
Server controller signature (automated)
Backup key signature (encrypted, for recovery)

Transaction Validation:

Server-side hash verification prevents tampering
Nonce management prevents replay attacks
Signature validation using WebAuthn standards
On-chain execution ensures finality

Gas Estimation & Management

Security in Gas Operations:

Always estimate gas before transaction submission
Store gas estimates and actual usage for analytics
Implement gas price strategies (slow, medium, fast)
Handle gas estimation failures gracefully

Gas Cost Monitoring:

Track gas costs in both ETH and USD
Monitor for unusual gas patterns
Alert on high gas costs or failed transactions
Optimize transaction patterns for cost efficiency

Data Protection & Privacy

User Data Security

Personal Information Protection:

All sensitive data encrypted at rest
Database connections use TLS encryption
User passwords hashed with bcrypt (10 rounds)
Session data stored securely with expiration

KYC Data Handling:

KYC data processed according to compliance requirements
User consent required for data sharing
Audit logging for all KYC operations
Data retention policies enforced

Financial Data Security

Transaction Data Protection:

All financial calculations use BigInt for precision
Transaction hashes stored for audit trail
Gas costs tracked for analytics
Balance updates validated server-side

Currency Handling:

ISO 4217 currency codes enforced
Exchange rates validated and timestamped
Currency conversion with proper rate validation
Audit trail for all financial operations

API Security

Endpoint Protection

Authentication Requirements:

All sensitive endpoints require valid JWT
Session validation on every request
Rate limiting to prevent abuse
Input validation using Zod schemas

Error Handling:

Generic error messages prevent information leakage
Comprehensive logging for security events
No internal error details exposed to users
Proper HTTP status codes for all responses

tRPC Security

Type Safety:

End-to-end type safety prevents injection attacks
Runtime validation with Zod schemas
Compile-time error detection
Secure serialization of all data

Procedure Protection:

protectedProcedure for authenticated endpoints
publicProcedure for open endpoints only
Session context available in all protected procedures
Automatic session validation

Development Security

Development Authentication

Development JWT System:

Environment Gated: Only available when NODE_ENV=development
First User Authentication: Automatically authenticates as first user in database
Script Generation: node apps/server/scripts/generate-dev-jwt.js

⚠️

Development JWT completely bypasses all security measures and should NEVER be used in production.

Code Security

Best Practices:

All dependencies regularly updated
Security audits performed regularly
Code reviews required for all changes
Automated security scanning in CI/CD

Input Validation:

All user inputs validated with Zod schemas
SQL injection prevention through Prisma ORM
XSS protection through proper encoding
CSRF protection implemented

Monitoring & Alerting

Security Monitoring

Real-Time Monitoring:

Authentication success/failure rates
Device approval/rejection patterns
Transaction success/failure tracking
Gas cost and transaction time monitoring

Alerting System:

Unusual authentication patterns
High gas costs or failed transactions
Device approval anomalies
Security event notifications

Audit Logging

Comprehensive Logging:

All authentication events logged
Device management operations tracked
Transaction signing events recorded
Security incidents documented

Log Analysis:

Automated log analysis for patterns
Security event correlation
Performance monitoring
Compliance reporting

Compliance & Regulatory

Regulatory Compliance

KYC/AML Requirements:

Identity verification through approved providers
Transaction monitoring for suspicious activity
Regulatory reporting capabilities
Audit trail maintenance

Data Protection:

GDPR compliance for EU users
Data retention policies
User consent management
Right to deletion support

Financial Regulations

Transaction Reporting:

All transactions logged for regulatory reporting
Gas costs tracked for tax purposes
Balance changes monitored
Compliance with financial regulations

Incident Response

Security Incident Handling

Response Procedures:

Immediate incident assessment
Containment of security threats
User notification when required
Post-incident analysis and improvement

Recovery Procedures:

Backup and recovery procedures
Service restoration protocols
User account recovery processes
Emergency contact procedures

Business Continuity

Disaster Recovery:

Automated backup systems
Multi-region deployment capabilities
Service redundancy
Emergency response procedures

Security Best Practices

For Developers

Never commit sensitive data to version control
Use environment variables for all secrets
Validate all inputs with proper schemas
Follow OWASP guidelines for web security
Regular security audits of code and dependencies

For Users

Use strong, unique passwords for initial setup
Enable biometric authentication on all devices
Regularly review device list and remove unused devices
Report suspicious activity immediately
Keep devices updated with latest security patches

For Operations

Monitor security metrics continuously
Regular penetration testing of systems
Update dependencies promptly
Train staff on security procedures
Maintain incident response procedures

This comprehensive security framework ensures that Wafra maintains bank-grade security while providing the simplicity and convenience users expect from modern financial applications.