Astera takes security seriously. This document outlines our security practices, how to report vulnerabilities, and how security auditing is integrated into our development process.
Operational incident handling procedures live in the Disaster Recovery Runbook. Use that runbook for contract exploits, admin key incidents, RPC outages, and other production recovery scenarios.
| Version | Supported |
|---|---|
| Testnet | ✅ |
| Mainnet | ❌ (pending audit) |
Our CI/CD pipeline includes the following automated security checks:
-
cargo-audit - Scans Rust dependencies for known vulnerabilities
- Runs on every PR and push to main
- Checks against RustSec Advisory Database
-
Clippy - Rust linter with security-focused lints
- Enforces
#![no_std]compatibility - Checks for unsafe code patterns
- Runs with
-D warnings(deny all warnings)
- Enforces
-
npm audit - Scans Node.js dependencies
- Fails on high/critical severity vulnerabilities
- Runs for frontend dependencies
The following static analysis tools are used:
| Tool | Purpose | Frequency |
|---|---|---|
| cargo-clippy | Rust linting | Every PR |
| cargo-audit | Dependency scanning | Every PR |
| npm audit | Node.js dependency scanning | Every PR |
| rustfmt | Code formatting enforcement | Every PR |
All smart contracts follow these security practices:
- Authentication: All state-changing operations require
.require_auth()on the caller - No unsafe code: Contracts use
#![no_std]and avoid unsafe blocks - Integer overflow protection: Enabled in release profile
- Error handling: Explicit error messages for all failure cases
- Events: All state changes emit events for transparency
- TTL management: Proper storage TTL handling to prevent data loss
See the full Authorization Matrix for a complete cross-contract call table and auditor checklist.
| Operation | Invoice Contract | Pool Contract | Credit Score |
|---|---|---|---|
| Initialize | Admin | Admin | Admin |
| Create Invoice | Any (authenticated) | - | - |
| Fund Invoice | Pool only | Investors | - |
| Mark Paid | Owner/Pool/Admin | - | - |
| Mark Defaulted | Pool only | - | - |
| Add Token | - | Admin | - |
| Set Oracle | Admin | - | - |
| Record Payment | - | - | Pool only |
If you discover a security vulnerability, please follow these steps:
- Do NOT open a public issue
- Email security details to: [security contact to be added]
- Include:
- Detailed description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will:
- Acknowledge receipt within 48 hours
- Provide a timeline for a fix within 5 business days
- Keep you updated on progress
- Credit you in the advisory (with your permission)
Before any deployment:
- All tests pass
- cargo-audit shows no vulnerabilities
- Clippy shows no warnings
- Code review by at least one maintainer
- Security review for contract changes
- Events emitted for all state changes
- TTL properly configured for all storage
Security audits are scheduled:
- Weekly: Automated dependency scanning (cargo-audit, npm audit)
- Every PR: Static analysis and linting
- Monthly: Manual review of contract changes
- Quarterly: Third-party security audit (planned for mainnet)
- Disaster Recovery Runbook
- RustSec Advisory Database
- Soroban Security Best Practices
- Stellar Security Guidelines
Security issues found in this codebase are subject to responsible disclosure. See our Code of Conduct for details.