Payment processor

Attacks and solutions

  • Components and wanted features
  • Simplified architecture
  • Main attack vectors
  • Possible solutions
  • The role of private distributed ledger
  • The importance of "hot wallet" and watcher security

Agenda

  • Application - webui and backed which is connected to DBs and expose APIs.
  • Watchers - services which are watching for incoming payments on blockchain.
  • The ledger - place where information about user's funds are stored.
  • Exchange connectors - services which are sending requests to exchange funds.
  • Hot wallet - service which get's requests to send coins to users (withdrawal).
  • Funds dashboard - monitoring service which can show aggregate information about available funds.

Components

Attack vectors

  1. backend: show fake address on invoice
  2. watcher: don't track bc, just return 'received'
  3. ledger: not correct balances
  4. hot wallet: hack withdrawal private keys
  5. hack exchange connector (wrong rate etc.) 

Print money problem

  • Oracle (communication with Ledger)
  • Watchers (fake info about received funds)
  • Exchange connector (reporting fake rates)
  • Ledger (minting not backed tokens)

One way communication

Solutions

Title Text