Reviewing blockchain designs to determine confidence in custodiability

Tl;dr: Safety of customer funds is a top priority at Coinbase. Before adding a native blockchain asset to our centralized exchange, Coinbase’s Security team reviews blockchain network designs to identify and mitigate custodiability risk. 

By The Coinbase Digital Asset & Protocol Security Team

Engineering

, November 29, 2022

reviewingblockchaindesigns

The Blockchain Security’s Digital Asset and Protocol Security (DAPS) team is responsible for reviewing and reporting on security risks for prospective Coinbase digital assets and new blockchain networks. Our top priority here at Coinbase is the safekeeping of digital assets for institutions and individuals. To that end, the DAPS team performs thousands of security reviews inspecting smart contracts, protocol layers, and execution environments for digital asset theft and loss risks. We review digital assets protocols so you don’t have to.

The security review process determines confidence in custodiability: the ability to safely receive, store and send original or accrued balances of a particular asset on a particular address. Unlike tokens on Ethereum, blockchain networks come with a broader set of technical security risks. 

We consider five risk categories through which blockchain protocols are analyzed and explain how we work with asset issuers to apply and verify risk mitigations.

Digital Asset Security Assessment Framework

The DAPS team uses the Digital Asset Security Assessment Framework (DASAF) to review the design of a blockchain network and make recommendations on the asset’s eligibility for listing. The DASAF framework continuously evolves to ensure the current blockchain security best practices are evaluated. The current framework has five review categories with various risks which are considered within each category. Refer below for a summary of each category: 

Screenshot 2022-11-29 at 9.52.40 AM

We classify two distinct categories of blockchain design risks: critical and non-critical

Critical risks are immediately blocked: a single such risk will fail the whole review, as it threatens our confidence in custodiability. An example of a critical risk is network centralization. When a single actor can unilaterally change a blockchain’s history users' funds are put at significant risk since transaction finality and balance certainty are subject to the discretion of the privileged actor.  

Non-critical risks, while concerning, will not individually fail a review. A combination of non-critical risks will present a higher risk score, and threaten an asset’s eligibility for listing. Non-critical risks can range from weak developer support to vague governance privileges.

As with token reviews, most risks can be mitigated. Refer to the below details on how we outline paths to mitigations for asset issuers and help them further secure their protocol against custodiability risks.

Mitigating Blockchain Design Risks

Each risk within our DASAF review has a defined set of mitigations that can provide a path forward to increase our confidence in custodiability. Security collaborates with listings partners and asset issuers to communicate review results and detail mitigation recommendations.

Below is an example of a blockchain design risk defined within our framework and the corresponding mitigation which promotes a more secure Web3 ecosystem:

Screenshot 2022-11-29 at 9.55.26 AM

As noted in the example above, during a security review Coinbase leveraged both developer documentation (e.g. whitepapers) and on-chain evidence to cross-check/verify that the intended design agrees with the on-chain implementation. Although security reviews are performed at a point in time, Coinbase maintains a robust intel/monitoring capability to ensure knowledge of upcoming changes to supported asset profiles. When material changes occur that impact the asset’s overall risk profile, the blockchain will be re-reviewed to redetermine our confidence in custodiability. 

Crypto Forward Security Practices

Blockchain protocols are complex and there are various known and unknown risk vectors. The Blockchain Security team at Coinbase remains at the forefront of digital asset risks and works directly with partner research teams to ensure that our review frameworks remain up-to-date and crypto-forward.  

A blockchain design review is one of many reviews that the Digital Asset & Protocol security team performs to determine confidence in custodiability.  To provide recommendations on native digital assets, the Security team also reviews blockchain components such as the smart contract platform, language, or the native token representation. 

Coinbase is committed to being the most trusted and secure Web3 exchange platform and will continue to identify risks and recommend mitigations to promote a more secure crypto ecosystem. 

Coinbase logo

Take control of your money. Start your portfolio today and get crypto.

Sign up for a Coinbase account today and see what the world of decentralized finance can do for you.