Security
How is Stader secure?
Stader is a secure liquid staking solution
Continuous review and testing of all code
Regular audits of smart contract
Use of Multi-sig admin accounts for changing smart contract parameters.
What are the risks of staking with Stader?
There exist a number of potential risks when staking MATIC using liquid staking protocols.
Smart contract risk:
Although the Stader code is thoroughly vetted and audited there exists a possibility of malicious users exploiting a vulnerability or a bug in the contract or the Polygon platform
Wallet and downstream apps Wallets and third party apps may have to be used to access staking, users should evaluate the security of the wallets and other third party apps independently, Stader does not hold any responsibility for the security of the wallets or third party applications used in staking.platform
The Stader team is committed to delivering the best and more secure staking experience for users.
Does Stader have smart contract audits?
The Polygon smart contracts developed by Stader have been audited by Immunebytes and Halborn
- Here is the link to the Audit completed by Halborn
- Here is the link to the Audit completed by Immunebytes What does the Stader contract admin control?
Stader's contracts for MaticX are controlled by a multi-sig account (0x91B4139A2FAeaCD4CdbFc3F7B1663F91a54be237) managed by the following parties. The confirmation count is 3 out of 5 signatures required Key 1 - Stader (Dheeraj) Key 2 - Stader (Sid) Key 3 - Community (DefiDad) Key 4 - Accel Partners Key 5 .- Polygon Foundation (Aishwary) Stader also maintains a similar structure across its other liquid staking products because this structure ensures a good midway between effective but slow community based governance and quick but centralized EOA holder(s). The responsibilities of the above multi-sig are as follows: - setBotRoleAdmin (Admin for off-chain bots to update the exchange rate of MaticX periodically) - setFeePercent (Set the Stader's commission of the staking rewards. Set to 10% currently) - setInstantPoolOwner (Set to Stader's instant pool owner to offer MaticX at a cheaper gas fee) - setValidatorRegistry (set the address to point to the contract wrapper for validator operations) - setFxStateRootTunnel (set the Polygon root tunnel used for communication of exchange rate of MaticX <> Matic from Ethereum onto Polygon) - setVersion (used for marking a version of code) - PauseContract (pause deposits, withdrawals, claims. Only meant to be used in critical situations) - Upgrade Contracts (Only meant to be used in critical bug fixes)
Last updated