Payment processor
Attacks and solutions
- Components and wanted features
- Simplified architecture
- Main attack vectors
- Possible solutions
- The role of private distributed ledger
- The importance of "hot wallet" and watcher security
Agenda
- Application - webui and backed which is connected to DBs and expose APIs.
- Watchers - services which are watching for incoming payments on blockchain.
- The ledger - place where information about user's funds are stored.
- Exchange connectors - services which are sending requests to exchange funds.
- Hot wallet - service which get's requests to send coins to users (withdrawal).
- Funds dashboard - monitoring service which can show aggregate information about available funds.
Components
Attack vectors
- backend: show fake address on invoice
- watcher: don't track bc, just return 'received'
- ledger: not correct balances
- hot wallet: hack withdrawal private keys
- hack exchange connector (wrong rate etc.)
Print money problem
- Oracle (communication with Ledger)
- Watchers (fake info about received funds)
- Exchange connector (reporting fake rates)
- Ledger (minting not backed tokens)