search

Security

ArcusX takes security seriously. This document outlines our security practices, measures, and recommendations for users. πŸ”’

hashtag
Platform Security

hashtag
Authentication Security

We implement multiple layers of authentication security:

  • JWT Tokens: Secure token-based authentication

  • Password Hashing: bcrypt with appropriate salt rounds

  • OAuth Integration: Secure integration with Google and GitHub

  • Session Management: Secure session handling

  • Multi-Factor Authentication: Planned for future implementation

hashtag
Data Encryption

All sensitive data is encrypted:

  • In Transit: TLS/HTTPS for all communications

  • At Rest: Database encryption for sensitive information

  • Password Storage: Hashed passwords, never stored in plain text

  • API Communications: Encrypted API endpoints

hashtag
Infrastructure Security

Our infrastructure follows security best practices:

  • Regular Updates: System and dependency updates

  • Security Monitoring: Continuous monitoring for threats

  • Access Controls: Limited access to production systems

  • Backup Systems: Regular backups and disaster recovery

  • DDoS Protection: Protection against denial-of-service attacks

hashtag
Code Security

We follow secure coding practices:

  • Input Validation: All user inputs are validated

  • SQL Injection Prevention: Prepared statements for all queries

  • XSS Protection: Output sanitization and content security policies

  • Dependency Management: Regular security audits of dependencies

  • Code Reviews: Peer review of security-critical code

hashtag
Blockchain Security

hashtag
Smart Contract Security

Our escrow system uses Trustless Work smart contracts:

  • Audited Contracts: Contracts built on audited Trustless Work platform

  • Automated Execution: Contracts execute exactly as programmed

  • No Modifications: Contracts cannot be modified after deployment

  • Open Source: Contract code is verifiable on blockchain

  • Security Reviews: Regular security reviews and updates

hashtag
Stellar Network Security

We leverage Stellar's proven security:

  • Battle-Tested: Stellar has 8+ years of secure operation

  • Consensus Mechanism: Federated Byzantine Agreement (FBA)

  • Network Resilience: Distributed network with no single point of failure

  • Cryptographic Security: Industry-standard cryptography

  • Regular Audits: Network undergoes regular security audits

hashtag
Transaction Security

All transactions are secured through:

  • Cryptographic Signing: All transactions require cryptographic signatures

  • Non-Repudiation: Signatures prove transaction authorization

  • Immutable Ledger: Transactions cannot be altered after confirmation

  • Fast Finality: 3-5 second transaction confirmation

  • Fee Protection: Network fees prevent spam attacks

hashtag
User Security Responsibilities

hashtag
Wallet Security

Users are responsible for wallet security:

  • Private Key Protection: Never share private keys

  • Secure Storage: Store keys in secure locations

  • Backup: Maintain secure backups of wallet seed phrases

  • Hardware Wallets: Consider hardware wallets for large amounts

  • Wallet Updates: Keep wallet software updated

hashtag
Account Security

Users should protect their accounts:

  • Strong Passwords: Use unique, strong passwords

  • Password Manager: Consider using a password manager

  • Two-Factor Authentication: Enable when available

  • Regular Updates: Update account information regularly

  • Secure Devices: Use secure devices and networks

hashtag
Transaction Security

Before signing transactions:

  • Verify Details: Carefully review transaction details

  • Check Amounts: Verify payment amounts

  • Verify Recipients: Confirm wallet addresses

  • Review Contracts: Understand smart contract terms

  • Network Verification: Confirm correct network (Testnet/Mainnet)

hashtag
Security Best Practices

hashtag
For All Users

  • Use official ArcusX website only

  • Verify wallet connections before transactions

  • Review transaction details before signing

  • Keep software and browsers updated

  • Use secure internet connections

  • Be cautious of phishing attempts

  • Report suspicious activity

hashtag
For Workers

  • Verify escrow funding before starting work

  • Communicate through official platform channels

  • Keep records of work and communications

  • Understand dispute resolution process

  • Protect portfolio and personal information

hashtag
For Clients

  • Verify worker credentials and portfolios

  • Fund escrow only after selecting worker

  • Review work before approval

  • Use dispute system when needed

  • Keep task requirements clear and documented

hashtag
Incident Response

hashtag
Security Incidents

In case of security incidents:

  • We investigate immediately

  • Affected users are notified

  • Remediation measures are implemented

  • Post-incident reviews are conducted

  • Improvements are made based on lessons learned

hashtag
Reporting Security Issues

If you discover a security vulnerability:

  • Report responsibly through official channels

  • Do not disclose publicly until resolved

  • Provide detailed information

  • Allow time for investigation and fix

  • Follow responsible disclosure practices

hashtag
Security Updates

hashtag
Regular Updates

We regularly update:

  • Platform software and dependencies

  • Security patches and fixes

  • Smart contract integrations

  • Infrastructure components

  • Security monitoring tools

hashtag
Communication

Security updates are communicated:

  • Through platform notifications

  • In documentation updates

  • Via official channels

  • In release notes

hashtag
Compliance and Audits

hashtag
Security Audits

We conduct:

  • Regular security audits

  • Code security reviews

  • Infrastructure assessments

  • Smart contract audits

  • Third-party security assessments

hashtag
Compliance

We comply with:

  • Industry security standards

  • Best practice guidelines

  • Regulatory requirements

  • Data protection regulations

hashtag
Known Limitations

hashtag
User Responsibility

Important limitations:

  • Platform cannot recover lost wallets

  • Users control their private keys

  • Blockchain transactions are irreversible

  • Smart contracts execute automatically

  • Platform cannot modify smart contracts

hashtag
Third-Party Dependencies

We depend on:

  • Stellar network security

  • Trustless Work platform security

  • Wallet provider security

  • Infrastructure provider security

While we choose reliable partners, we cannot guarantee third-party security.

hashtag
Security Recommendations

hashtag
General Recommendations

  • Use strong, unique passwords

  • Enable two-factor authentication when available

  • Keep software updated

  • Use hardware wallets for large amounts

  • Verify all transaction details

  • Report suspicious activity

  • Stay informed about security updates

hashtag
Blockchain-Specific

  • Understand blockchain irreversibility

  • Verify wallet addresses carefully

  • Test with small amounts first

  • Keep wallet software updated

  • Understand smart contract terms

  • Monitor transaction status

  • Secure backup seed phrases

hashtag
Contact Security Team

For security-related concerns:

  • Email: [Security contact email]

  • Support: [Support channels]

  • Responsible Disclosure: [Disclosure process]

hashtag
Continuous Improvement

Security is an ongoing process:

  • We continuously monitor threats

  • We update security measures

  • We learn from incidents

  • We adopt new security technologies

  • We improve based on feedback

Security is a shared responsibility. We implement strong security measures, and users must also take appropriate precautions. Together, we can maintain a secure platform.

PreviousPrivacy PolicyNextCompliance

Last updated