7.4 Security Considerations

Integer Overflow Protection

All arithmetic operations use checked methods:

// BAD (can overflow)
let result = a + b;

// GOOD (safe, returns error on overflow)
let result = a
    .checked_add(b)
    .ok_or(ErrorCode::MathOverflow)?;

Oracle Collusion Prevention

Economic Security:

Minimum stake requirement (10,000 PATH)
Slashing for incorrect outcomes (10-100%)
Rewards distributed only to majority consensus
Commit-reveal prevents coordination during voting

Technical Security:

Hash commitments prevent front-running
Time-locked commit/reveal windows
Weighted voting by stake (Sybil resistance)

Example Attack Vector:

Scenario: Attacker tries to manipulate $100k market

Attack Cost:
├─> Need 51% oracle stake control
├─> 10 oracles @ 10k PATH each = 100k PATH staked
├─> Attacker needs: 51k PATH
├─> Cost at $0.10/PATH: $5,100
├─> Plus: reputation loss, permanent ban

Expected Gain:
├─> Best case: $100k (if attacker owns entire losing side)
├─> Realistic: $10k-$30k (partial position)
├─> Risk: Other oracles dispute → lose all stake

Net Expected Value: NEGATIVE

Conclusion: Economically irrational to attack

Slippage Protection

All trades enforce user-defined minimum outputs:

pub fn buy_outcome(
    ctx: Context<Trade>,
    outcome_index: u8,
    amount_to_spend: u64,
    min_shares_out: u64,  // REQUIRED
) -> Result<()> {
    let shares_received = calculate_shares_from_cost(...)?;

    require!(
        shares_received >= min_shares_out,
        ErrorCode::SlippageExceeded
    );

    // Continue with trade
}

Platform Veto Mechanism

Anti-Spam:

Veto requires staked PATH (skin in the game)
Frivolous vetoes result in lost gas fees
Successful vetoes may reward vetoers (future enhancement)

Threshold Requirements:

pub fn veto_platform(
    ctx: Context<VetoPlatform>,
) -> Result<()> {
    let platform = &ctx.accounts.platform;
    let veto_account = &ctx.accounts.veto_account;

    // Must be within review period
    let current_time = Clock::get()?.unix_timestamp;
    let review_deadline = platform.registration_time + REVIEW_PERIOD;
    require!(current_time < review_deadline, ErrorCode::ReviewPeriodExpired);

    // Record veto weight
    veto_account.stake_weight = ctx.accounts.user_stake.amount;

    // Calculate total veto weight
    let total_vetoes = calculate_total_veto_weight(platform.key())?;
    let total_staked = get_total_staked_path()?;

    // If >51% veto, reject platform
    if total_vetoes  100 > total_staked  51 {
        platform.status = PlatformStatus::Vetoed;
        // Return stake to platform (minus penalty)
    }

    Ok(())
}

Access Control

Role-Based Permissions:

Action

Required Authority

Create Market

Approved platform

Resolve Market

Oracle (staked)

Dispute Resolution

Any user (with stake)

Claim Creator Fees

Market creator

Claim Platform Fees

Platform authority

Update Protocol Params

Governance multisig

Implementation:

#[derive(Accounts)]
pub struct CreateMarket<'info> {
    #[account(
        constraint = platform.status == PlatformStatus::Approved @ ErrorCode::PlatformNotApproved
    )]
    pub platform: Account<'info, Platform>,

    #[account(
        constraint = platform.authority == authority.key() @ ErrorCode::UnauthorizedPlatform
    )]
    pub authority: Signer<'info>,

    // ... other accounts
}

Previous7.3 State Machines Next7.5 Compute Optimization

Last updated 1 month ago

Good night

hashtagInteger Overflow Protection

hashtagOracle Collusion Prevention

hashtagSlippage Protection

hashtagPlatform Veto Mechanism

hashtagAccess Control

Integer Overflow Protection

Oracle Collusion Prevention

Slippage Protection

Platform Veto Mechanism

Access Control