Why Hermetica is Security First

Hermetica
4 min readSep 18, 2024

--

Crypto has created incredible innovations like Bitcoin, DeFi, and stablecoins. But, it is also littered with a long list of security exploits like the DAO hack, Mt. Gox, and smart contract hacks.

At Hermetica, we’re aware of what is at stake. There is no margin for error when building financial infrastructure that handles large sums of capital.

We know that we can build cutting-edge technology that pushes the limits of what’s possible. But what good is innovation if it is not sustainable and secure? What good is a technology that leads to loss rather than freedom and prosperity?

This is why Hermetica Labs is Security First.

Security is ingrained in our culture and DNA. Half of our team has worked at Kraken, where they adopted the security-first mindset and rigorous operational security practices used by one of the most secure and long-lasting crypto companies.

Security is the primary lens we use to make product decisions.

Beyond operational security, we focus our security efforts on two key areas: custody and smart contracts.

1. Custody

Hermetica’s USDh protocol holds all protocol assets in institutional-grade custodians like Copper and Ceffu. According to data from Into The Block, there is a ~4% annual risk of total fund loss when holding assets in smart contracts. Institutional-grade custodians, on the other hand, have not suffered any hacks or loss of customer funds since their inception.

These custodians use Multi-Party Computation (MPC) to securely store the assets in wallets with no single point of failure, with Hermetica Labs, the custodian, and a third party all participating in a 2-of-3 multi-signer setup. Additionally, Hermetica’s key is safeguarded with a 4-of-8 multi-approver schema.

The protocol needs to access the perpetual futures liquidity on centralized exchanges. To mitigate the risk of exchange failures, we use Copper and Ceffu’s off-exchange settlement (OES) networks. These OES solutions allow us to trade on centralized exchanges while keeping our assets in the custodian and off the exchanges’ balance sheets. In the event of an exchange failure, our assets remain bankruptcy remote (held in a separate legal entity) and will not be subject to liquidation claims.

To mitigate the exposure to the custodian’s balance sheet, our assets in Copper are held in Hermetica Labs’ name in an English Trust structure.

The bankruptcy of any exchange or custodian does not negatively impact the BTC in the protocol.

Overall process of USDh

2. Smart contracts

Since our smart contracts don’t hold any assets, the on-chain attack surface is significantly reduced. While a smart contract exploit cannot lead to a loss of BTC in the protocol, the contracts are still susceptible to some types of exploits.

Clarity, the smart contracting language for Stacks, is a security-first smart contracting language. It eliminates many common exploits seen in the Ethereum ecosystem on the language level. Clarity is decidable and not Turing complete, meaning all execution paths are known, which simplifies static analysis and testing. And since Clarity is an interpreted language, the source code of every Stacks smart contract is open-source by default and can be read on-chain. Additionally, Clarity removes some language patterns like re-entrancy to categorically eliminate common Solidity exploits.

When it comes to smart contracts, the key is to get multiple experienced eyes on the code and work with experienced security researchers. Luckily Clarity has some of the best in the industry.

Clarity Alliance is a group of security researchers that has found some of the major exploits in Ethereum DeFi protocols. The team has audited the Stacks core blockchain contracts and has worked with most protocols in the Stacks ecosystem (Bitflow, Stacking DAO, Zest, Velar). Clarity Alliance conducted a comprehensive audit of the USDh protocol, and all security issues identified have been resolved. The audit report can be found here.

StrataLabs, a team of security and core Stacks engineers with deep expertise in the Clarity smart contract language, also audited the protocol. All security issues found during the audit have all been resolved. Their audit report is available here.

Security is not static; security needs to be practiced continuously. At Hermetica, we’re committed to maintaining the security-first approach that is core to everything we do.

--

--

Hermetica

The first Bitcoin-backed, yield-bearing synthetic dollar. Earn up to 25% APY without leaving Bitcoin.