Smart Contract and Technology risk refers to potential vulnerabilities or failures within the smart contracts that underpin Endaoment’s blockchain ecosystem. These risks include, but are not limited to, code bugs, faulty logic, and exploitable attack vectors that can be used to steal funds. Such vulnerabilities can lead to exploits by malicious parties, resulting in the loss of value or assets. Additionally, this risk encompasses challenges associated with operating in a rapidly evolving technological landscape, where changes to the tech stack can impact operations. Effective management of smart contract risks is essential to maintaining the security and integrity of our blockchain operations, ensuring compliance, and upholding the trust of our stakeholders and donors.
Endaoment is dedicated to protecting customer onchain assets and account data from smart contract and technological errors or bugs. We manage these risks through regular smart contract audits, technological evaluations, and rigorous assessments of our third-party partners’ security protocols. Compliance with this policy is mandatory for all employees, contractors, board members, and representatives acting on behalf of Endaoment.
Maintain a comprehensive inventory of all smart contracts in use, categorizing them based on their criticality, functionality, and potential impact on operations.
Vulnerability Analysis
Identify and evaluate potential vulnerabilities within smart contracts, including code bugs, faulty logic, and exploitable attack vectors.
Employ continuous monitoring systems to oversee the performance and security of smart contracts, detecting and responding to any irregularities or suspicious activities.
Incident Reporting Mechanism
Provide a secure and anonymous system for reporting suspected vulnerabilities, bugs, or unauthorized activities related to smart contracts.
All smart contract risk management policies and procedures are thoroughly documented, with both internal and external-facing components where relevant.
Annual Review
Conduct an annual review of policies, updating them as necessary to reflect current best practices and technological advancements.
Engage reputable third-party firms to conduct comprehensive technical audits of smart contracts, ensuring they meet security and functionality standards.
Permissions Testing
Conduct rigorous testing to ensure that smart contract permissions are correctly configured, preventing unauthorized access and operations.
Multisignature Wallet Use
Utilize multisignature wallets for all significant transactions to enhance security and reduce the risk of unauthorized access or theft.
Feature Testing
Implement a thorough testing protocol for new features before integrating them into smart contracts to ensure their security and functionality.
Bug Bounty Program
Establish and maintain a bug bounty program to incentivize external security researchers to identify and report vulnerabilities.
Implement stringent controls and regular reviews of vendor relationships to ensure compliance with Endaoment’s smart contract and technological security standards.
Ensure that critical smart contract procedures and systems have segregated duties to prevent any single individual from having full control over any process without oversight.
Approval Processes
Maintain segregated claim diligence and approval processes to uphold checks and balances.