Security
Security & Controls
Controls are designed for institutional operation: multi-sig governance, audit-friendly state transitions, rate limiting, and deployment hardening.
Source: PROJECT-SUMMARY.md + DEPLOYMENT.md
Section
Monitoring & Observability
-
Prometheus metrics
-
Grafana dashboards
-
Health checks for:
- Blockchain node
- Backend services
- Indexers
-
Structured logging throughout
Section
2. Smart Contract Layer (ink!)
Core Contracts
FTH Stablecoin
- USD-denominated token
- Pausable
- Whitelist / blacklist capable
- Administrative controls for compliance events
stFTH (Receipt Token)
- Rebasing receipt token
- Represents a proportional claim on pooled assets + yield
- Yield distributed via index-based rebase
- No per-user reward claiming (gas efficient, auditable)
RWA Vault
- Accepts stablecoin deposits
- Manages minting/burning of stFTH
- Handles unstake requests with settlement windows
- Enforces fee and reserve logic
Governance Module
- Multi-signature control
- Parameter management (fees, rebase caps, pauses)
- Upgrade authorization
Design Principles
- No user-controlled minting
- No hidden inflation
- Deterministic accounting
- Audit-friendly state transitions
Section
Security Audit
Run before production launch:
# Smart contract audit
npm run audit-contracts
# Dependency audit
npm audit --audit-level=high
# Docker security scan
docker scan fthusd-api
docker scan fthusd-blockchain