Strategic Enhancements to the Protocol
The integration of native multi-signature functionality within Glue represents a strategic enhancement that addresses fundamental security challenges in the blockchain space. By adopting a 2/4 multi-sig configuration and involving trusted service providers, we offer users a robust, user-friendly, and secure way to manage their assets. This innovation not only strengthens the security of our ecosystem but also paves the way for greater real-world adoption by making blockchain technology more accessible and trustworthy. By maintaining full custody and control for users, while providing an additional layer of security and support, Glue sets a new standard for safety and usability in the blockchain industry.
Native Multi-Signature Integration
While Glueβs implementation of the Substrate framework and its strategic use of Layer 1 and Layer 2 solutions already set Glue apart, we have also introduced critical modifications to the core protocol itself. These changes are designed to enhance security, usability, and overall user experience, addressing some of the fundamental challenges in the blockchain space. One of the most significant additions we have made is the integration of native multi-signature functionality.
The integration of native multi-signature (multi-sig) support within Glue's protocol represents a significant enhancement poised to revolutionise how users engage with the blockchain. Conventional single-key addresses are inherently vulnerable, with the loss or compromise of a single key posing significant risks. To address these concerns, a tech stack level multi-sig system has been meticulously designed to greatly enhance both security and usability.
Multi-Sig Model: 2/4 Configuration
The recommended multi-sig configuration involves the creation of a 2/4 multi-sig address, which provides a robust security framework for all users. The setup is as follows:
Cold Storage Keys: Two keys are securely stored offline (cold storage), reducing the risk of unauthorised access.
Hot Wallet Key: One key is stored in the user's hot wallet, allowing for convenient access and daily transactions.
Service Provider Key: One key is held by a trusted service provider, who acts as an additional layer of security and oversight.
Full Custody and User Control
A key advantage of Glueβs native multi-sig model is that users retain full custody and control over their assets. The service provider cannot unilaterally execute transactions; their role is to provide additional security and verification. Users can always override the service provider's decisions, ensuring that they maintain ultimate authority over their funds. This balance of security and control is crucial for building trust and driving real-world adoption of blockchain technology.
The Role of the Service Provider
The service provider plays a crucial role in this multi-sig model, offering both security and user support on three distinct levels whilst the full custody and ultimately the decision remains with the user.
Automatic Countersigning for Secure Transactions (ACCT): The service provider analyses each transaction submitted by the userβs hot key. For secure and routine transactions, such as depositing stablecoins into the Glue lending protocol, the service provider will automatically countersign the transaction, ensuring a seamless user experience.
Medium Risk Transaction Verification (MRTV): If a transaction appears suspicious or unconventional, such as purchasing a lesser-known token, the service provider can use second-factor authentication to request additional confirmation from the user. This extra step helps prevent scams or accidentally confusing tokens by alerting the user and requesting explicit approval before countersigning.
High Risk Transaction Verification (HRTV): In the event of a highly suspicious transaction, such as transferring all assets to an unknown third-party wallet, the service provider can delay the countersignature for at least 24 hours. This precautionary measure is designed to protect users from potential threats, such as a wrench attack, by providing a buffer period during which the user can verify or cancel the transaction.
Strategic Advantages of Native Multi-Sig Integration
Enhanced Security: Multi-sig addresses significantly reduce the risk of unauthorised access and asset theft. By requiring multiple keys for transaction authorization, the system ensures that a single compromised key does not jeopardise the user's assets.
User Friendly Experience: The involvement of a service provider to automatically countersign routine transactions and verify suspicious ones simplifies the user experience. Users can enjoy the benefits of enhanced security without the complexity often associated with multi-sig setups.
Preventing Fraud and Mistakes: The additional layer of verification provided by the service provider helps prevent fraud and user errors. By flagging potentially risky transactions and providing a cooling-off period for suspicious activities, the system protects users from impulsive decisions and malicious attacks.
Building Trust for Real World Adoption: Enhanced security measures are crucial for attracting mainstream users to the blockchain ecosystem. By addressing common security concerns and offering a user-friendly solution, Glue can drive broader adoption and confidence in decentralised technologies.
Last updated