Skip to main content

๐Ÿ”„ WaaS Security Mechanism Update 2024-08-19

I. WaaS Transaction Support for Transaction Review in Web Console In the [Web - Rule Engine - Vault Policy] module, switch to the WaaS vault view, and you can observe that the newly created vault has the transaction review function enabled by default.

During the period when the review function is enabled, specific transactions initiated through the WaaS API must be manually reviewed in the [Web - Workflow - Transaction Approval] process. These specific transactions include the following interfaces:

/v1/waas/mpc/transaction/create_transfer
/v1/waas/mpc/transaction/create_transaction
/v1/waas/mpc/brc20/inscribe-deploy
/v1/waas/mpc/brc20/inscribe_mint
/v1/waas/mpc/brc20/inscribe_transfer_by_id
/v1/waas/mpc/brc20/one_stop_transfer
/v1/waas/mpc/runes/transfer

The assignment of reviewers is determined by the settings of the vault policy, and is usually reviewed by the Owner; users can manually add approval steps or set t-n approval rules on a single node.

For vaults that do not require an approval process, this feature can be turned off by accessing the [Web - Rule Engine - Vault Policy] page and making the appropriate settings. In addition, to disable the transaction review function, the approval process must be completed in [Web - Workflow - OpenAPI] before it can take effect; the determination of reviewers follows the global policy settings, with the default being the Owner for review.

II. In the WaaS vault, the activation of the transfer protection function (formerly the risk control - whitelist function) must go through the approval process of the workflow before it can officially take effect.

The path setting remains at: [Web - WaaS Wallet - Select a Specific Vault - Risk Control]; after editing the transfer protection switch, it must be reviewed in [Web - Workflow - Transfer Protection] to take effect.

The reviewer setting for the transfer protection switch is based on the configuration of the global policy, with the default reviewer being the Owner.

III. In the WaaS vault, the editing of the whitelist address must go through the approval process of the workflow before it can officially take effect; the selection of reviewers is based on the settings of the vault policy.