Skip to main content

Security Validation Process

· 9 min read
Pay Protocol Dev
Pay Protocol Dev
Pay Protocol Development Team

This document outlines a comprehensive security validation process, covering transaction operations, signature verification, payment flow, and the enhancement of service security and stability, with the goal of ensuring the security of transactions and the high availability of the system.

1. What is the Guardian?

The Guardian (also known as a "Guardian") is a security service component deployed in the backend or on an independent server. It is used to perform secondary validation and permission review for on-chain transfer requests or other critical multi-signature operations originating from the merchant system.

Its core mechanism is:

After the merchant system completes the initial signature, the Guardian independently generates a signature using the same parameters and compares it with the original signature. Only when the content matches and the permissions are valid is the on-chain execution allowed.

This mechanism effectively prevents data tampering, forged signatures, and unauthorized operations.

2. Why Use a Guardian?

In blockchain systems, a signature represents control. Any tampered or misused signature could result in severe asset loss. Introducing a security validation mechanism can:

  • Data Consistency Validation: Detect man-in-the-middle attacks and forged requests.

  • Permission Control Mechanism: Prevent unauthorized or overstepped signatures.

  • Audit and Traceability: Record all signature activities for easy backtracking and evidence collection.

3. Merchant System and Backend System Transfer Operation Flow

  1. Encrypt Transfer Request Information

    When the merchant system sends a transfer request to the backend system, encryption algorithms are used to protect transfer data (such as address, amount, currency, etc.), ensuring the security of the information.

  2. Request Wallet Signature

    The backend system forwards the transfer request to the Web3 wallet plugin, which performs a multi-signature operation and returns the signature.

  3. Signature Verification

    Upon receiving the signature, the backend system submits it to the Guardian web interface. The Guardian generates a signature via the server and verifies that the backend system's signature matches the server's signature.

  4. Execute Transfer via Wallet

    Once the signature is verified successfully by the Guardian web interface, it instructs the Web3 wallet plugin to execute the transfer and place it on the blockchain.

  5. Obtain Transaction Hash

    After the Web3 wallet completes the transaction, it returns the transaction hash, which the Guardian web interface then retrieves and saves.

  6. Callback Transaction Status

    The Guardian web interface updates the transaction hash record by calling the backend system in one of two ways:

    • Direct callback via the web interface to update the status.
    • The Guardian server makes the callback on behalf of the backend system, updating the transaction status based on the hash.

  7. Transaction Status Check

    The backend system checks the status of the transaction hash and updates the transaction status record.

4. Guardian Signature Process

  1. Merchant Data Initialization

    When the backend system approves a merchant, it records merchant information (merchant ID, cold/hot contract addresses, etc.) and provides query and delete interfaces to the Guardian.

  2. Guardian Data Storage

    The Guardian requests the backend's query interface to obtain merchant data, storing it as a JSON file, and requests the deletion of old data.

  3. Scheduled Task for Data Synchronization

    A cron job is used to regularly request the Guardian interface, automatically updating the merchant's initialization data.

5. End-to-End Security

  1. Server Security

    Intrusion detection systems and firewalls are employed to protect the server from external attacks.

  2. Encrypted Communication

    HTTPS and encryption algorithms are used to ensure the security of all data during transmission.

  3. Prevention of Replay Attacks

    Blockchain mechanisms are utilized to prevent replay attacks by incorporating timestamps, nonces, or unique identifiers on the blockchain, ensuring that each transaction request is unique and non-repetitive.

  4. Service Monitoring and Alerts

    The system's health status is periodically checked, and alerts are issued for any anomalies, followed by prompt repairs.

6. Payment Flow

  1. Encrypt Payment Link

    When the merchant system generates a payment link, it uses a signed encryption parameter to ensure the legitimacy and security of the payment link.

  2. Payment Information Verification

    When the user submits payment, the payment information's signature and parameters are verified to ensure the request comes from a legitimate merchant.

  3. Payment Callback Verification

    After payment completion, the merchant system verifies the callback payment data to ensure the accuracy of the payment status.

  4. Payment Interface Control

    IP restrictions and access frequency limits are set to prevent misuse of the interface.

7. Docker Deployment and Web Deployment

  1. Simplify Docker Deployment

    Docker images and configuration files are provided, enabling merchants to easily deploy services using Docker Compose or Kubernetes.

  2. Java Web Support

    Web applications are supported to run on common Java web servers like Tomcat, ensuring compatibility.

  3. Automatic Service Scaling

    Load balancing and automatic scaling are configured to ensure the service can scale and remain stable during peak traffic periods.

8. API Security

  1. Signature Verification

    All API requests require the use of a signature mechanism to ensure the legitimacy of the request.

  2. Encrypted Data Transmission

    All API data transmission is encrypted using HTTPS protocol, ensuring the data is not tampered with.

  3. Access Control

    IP address access is restricted and request frequency limits are set to prevent malicious misuse of the interface.

  4. Log Recording and Auditing

    All API calls are logged and audited regularly to ensure operations are traceable.

9. Real Case: $1.5 Billion Stolen from an Exchange

In February 2025, a leading international exchange suffered a $1.5 billion asset theft due to a lack of isolation and validation mechanisms in its signature process.

Attackers hijacked the signature process using a "masked transaction" technique, separating the displayed address on the frontend from the actual signature data. The cold wallet and multi-signature mechanism failed to detect the forged transaction.

If a Guardian had been deployed, it could have identified parameter tampering and spoofing behaviors before signing, preventing asset loss at the source.

Conclusion

The Guardian is a core component of the Web3 security system, especially suitable for scenarios with the following requirements:

  • Multi-party management and control of digital assets
  • Merchant platforms requiring on-chain transfers
  • Institutions needing to isolate business systems from private keys used for signing

Through signature comparison, permission validation, and auditing mechanisms, the Guardian effectively prevents forgery, unauthorized access, and tampering attacks, making it an essential safeguard for building highly secure digital asset systems.