Security Best Practices

1.1 Key Management

Never store private keys in source code, environment variables on shared systems, or unencrypted files. Use the Asentum CLI's encrypted keystore (~/.asentum/keystore), hardware wallets for high-value accounts, and HSMs for validator signing keys in production.

Back up your recovery phrase offline. Write it on paper and store it securely. Digital backups are attack vectors.

1.2 Smart Contract Security

Input validation: Always validate parameters with assert(). Access control: Check msg.sender for privileged operations. Integer overflow: Use BigInt for all financial math — JavaScript numbers lose precision above 2^53. Reentrancy: Update state before making external calls.

1.3 Validator Node Security

Run your validator behind a firewall. Only expose the P2P port (default 30303) and optionally the RPC port (8545) to trusted IPs. Keep Node.js and the Asentum client updated. Use a dedicated signing key separate from your staking wallet. Enable automatic updates for security patches.

1.4 Common Vulnerabilities

Front-running: Transactions in the mempool are visible. Use commit-reveal schemes for sensitive operations. Price oracle manipulation: Use time-weighted averages, not spot prices. Flash loan attacks: Validate state consistency within single transactions. Denial of service: Set gas limits on external calls to prevent griefing.

1.5 Audit Checklist

Before deploying to mainnet: write comprehensive tests (100% branch coverage for critical paths), have at least one independent code review, test on testnet with real usage patterns, verify gas costs under load, check all access control paths, and confirm upgrade procedures work correctly. Consider a professional audit for contracts handling significant value.