Q: Is the MC² Finance platform susceptible to front-running transactions, sandwich attacks, or MEV?
Front-running, sandwich attacks or MEV are all practices where traders or miners exploit their advance knowledge of pending transactions in the mempool (memory pool) to the detriment of other market participants.
The MC² platform has been architected to withstand these attack vectors and protect the interests of investors transacting on the platform.
The MC² platform is a marketplace for cryptocurrency trading strategies. Each strategy is a product that is created by a group of professional traders called “Experts” and consumed or bought by a group of retail investors called “Investors”
A strategy is constructed inside the Experts wallet and that wallet is then productised through tokens which are then listed for investment on the platform. The actual trades to construct a strategy will be initially routed through third-party partners and later natively on the platform. Only the trader who owns the wallet and the MC² platform - to which the wallet is connected - will have access to pending transactions in the memory pool for each trade of the strategy.
Since transaction information is not public on the platform. Traders do not have advance knowledge of the pending transactions of other market participants - investors or strategy creators.
This prevents malicious actors from accessing vital information that they need to front-run transactions.
Q: How do you ensure that user data and sensitive information are handled securely?
A: We are a smart contract provider, and don’t handle sensitive personal data. We employ industry-standard encryption, access controls, and secure storage practices to safeguard user data, and strictly adhere to privacy policies and regulations.
Q: What steps are taken to mitigate risks stemming from market manipulation or pump-and-dump schemes?
A: We are committed to protecting the safety and security of investors on the platform. We have implemented a reputation system that includes parameters from both off-platform and in-platform trading a social activity. Audits for expert profiles and strategies are additional safeguards to prevent malicious activity.
Lastly, experts commit to certain guarantees when creating and launching strategies. These guarantees are publicly displayed and are a commitment from the Expert to an investor. The platform enforces this commitment and any trading signals found in violation of this guarantee are automatically dropped. We always recommend Experts to activate the right Guarantees, and for followers to check in details what guarantees are activated on the platform.
Lastly, we will build robust token and risk monitoring, to show transparently what risk backers will take with a strategy.
Q: How do you safeguard against potential bugs or vulnerabilities in smart contract code?
A: The smart contract development process is rigorous and involves cycles of testing and validation. The development process involves the following steps:
- Code Review and Audit: We thoroughly review the smart contract code, and regularly get our code audited by a professional blockchain security firm before the main launch.
- Use Verified Contracts: Whenever possible, we use contracts that have been verified on platforms like Etherscan or Binance Smart Chain's BSCScan. Verified contracts have their source code matched to the bytecode on the blockchain, providing additional assurance.
- Follow Best Practices: We adhere to best practices for secure smart contract development. Some of these key practices include:
- Avoiding unnecessary complexity.
- Using well-established design patterns.
- Minimizing the use of external dependencies.
- Being cautious with external calls and ensuring proper validation of inputs and permissions.
- Bug Bounty Programs: Once we go live, we will activate a bug bounty program to incentivize external developers and security researchers to review and test our smart contracts for vulnerabilities.
- Emergency Kill Switch: We have implemented a mechanism that allows us to pause or upgrade the contract in case of vulnerabilities or other emergencies. We are prepared for emergencies and exigent circumstances.
- Regular Updates: We regularly monitor updates in the underlying blockchain to update our contracts as needed to incorporate the latest security improvements.
- Community Involvement: Peer review can be a valuable source of input and validation and we regularly engage with our community and seek feedback from experienced developers.
Q: How do you handle regulatory uncertainty and potential changes in cryptocurrency regulations?
A: We closely monitor global regulatory developments, maintain open communication with regulatory authorities, and adjust our operations and compliance policies accordingly to stay compliant with evolving regulations.
Q: What steps are taken to ensure that the platform is resistant to Distributed Denial of Service (DDoS) attacks?
A: We closely monitor the network and traffic to surface and respond to sudden spikes. We employ DDoS protection via Cloudflare services and continuously update our defences to mitigate potential attacks and maintain platform accessibility during high-traffic periods.
Q: How does the platform ensure the reliability and security of oracles providing external data to smart contracts?
A: We use reputable oracle providers with strong security measures, multiple data sources, and cryptographic verification to ensure the accuracy and reliability of data fed into smart contracts. oracles are used for pricing indicators on our website and partners. On-chain only on-chain Realtime pricing information is used.
Q. Do you support Yield and Staking token?
We currently support the governance tokens for Yield and Staking protocols. However, building out the functionality to support yield and staking tokens is a part of our product road-map and will be available to users soon!