Inside GRVT’s Security Stack

Space Summary

The Twitter Space Inside GRVT’s Security Stack hosted by grvt_io. Inside GRVT's Security Stack Twitter space delved into the innovative blend of traditional and decentralized finance in the financial sector. By focusing on scalability, compliance, and security, GRVT aims to revolutionize financial trading through its hybrid approach. The discussion highlighted the importance of regulatory adherence and the transformative potential of merging CeFi and DeFi principles. Through blockchain technology, GRVT presents a vision for a more accessible and liquid financial marketplace.

For more spaces, visit the Development Agency page.

Space Statistics

For more stats visit the full Live report

Total Listeners: 30

Questions

Q: What is the core focus of GRVT in the financial sector?
A: GRVT concentrates on merging traditional and decentralized finance to create a hybrid ecosystem.

Q: How does GRVT's Security Stack enhance financial transactions?
A: GRVT's Security Stack ensures scalability, compliance, and security in financial dealings.

Q: Why is the marketplace introduced by GRVT considered groundbreaking?
A: The marketplace by GRVT signifies a significant step forward in the evolution of financial trading.

Q: What innovation does GRVT showcase through its approach?
A: GRVT demonstrates innovation by effectively integrating CeFi and DeFi principles.

Q: Why are scalability and security crucial in GRVT's platform?
A: Scalability and security form the foundation of GRVT's financial services.

Q: How can the combination of CeFi and DeFi benefit users on the GRVT platform?
A: The hybrid approach can boost liquidity and accessibility for traders on GRVT.

Q: What role does regulatory compliance play in GRVT's operations?
A: Regulatory compliance is a key focus for GRVT to ensure legal adherence in financial activities.

Q: In what way does GRVT aim to transform financial trading?
A: GRVT seeks to revolutionize financial trading by leveraging blockchain technology.

Q: What advantages does blending CeFi and DeFi bring to GRVT's users?
A: The integration of CeFi and DeFi introduces a new era in financial services for GRVT patrons.

Highlights

Time: 00:15:42
Hybrid Financial Ecosystem Exploring the benefits and challenges of combining traditional and decentralized finance.

Time: 00:25:18
Security and Compliance Emphasis Understanding how GRVT prioritizes scalability, compliance, and security in finance.

Time: 00:35:56
Innovation in Financial Trading Examining GRVT's innovative approach through the fusion of CeFi and DeFi principles.

Time: 00:45:33
Scalability and Security Features Detailing the essential elements of scalability and security in GRVT's platform.

Time: 00:55:21
Hybridity for Liquidity and Accessibility Discussing how the mix of CeFi and DeFi enhances liquidity and access to financial markets.

Time: 01:05:47
Regulatory Compliance Practices Highlighting GRVT's commitment to regulatory compliance in financial operations.

Time: 01:15:29
Blockchain Revolution in Finance Exploring GRVT's vision to transform financial trading through blockchain technology.

Key Takeaways

GRVT focuses on blending traditional and decentralized finance for a hybrid financial ecosystem.
The Security Stack by GRVT aims to offer scalability, compliance, and security in financial transactions.
The marketplace introduced by GRVT represents the next evolution in financial trading.
GRVT's approach shows innovation through the integration of CeFi and DeFi.
Scalability and security are key pillars in GRVT's financial platform.
The blend of CeFi and DeFi can enhance liquidity and accessibility in trading.
Hybrid financial systems can provide a bridge between centralized and decentralized finance for users.
GRVT's Security Stack emphasizes the importance of regulatory compliance in financial operations.
The platform aims to revolutionize financial trading through blockchain technology.
The integration of CeFi and DeFi by GRVT offers a new paradigm in financial services.

Behind the Mic

Introduction and Welcome

Hi, guys. Hi, guys. Thank you for joining. We'll wait about some minutes and we will start our trader space, our weekly space in five minutes. In five to ten minutes. Hi, Chris. Hi, Minh. Can you please test your mic? Yeah, I can hear you. Hello. Hi, everyone. Yeah, I can hear him. Thank you. Hi, guys. Thank you for joining. We are going to start our Twitter space in five minutes, so please stay tuned and you'll let you know when we started.

Starting the Weekly Twitter Space

Okay, I think we are all good to go. So we're going to start our weekly Twitter space right now. So again, hello, everyone, and thank you for joining us today. So, I'm Louie, I'm the global BD at Gravity. So I'll be moderating today's Twitter space. And we're excited to have you with for a deep dive into gravity's vision and gravity's strategy on the security. So we'll be covering why security is core of the gravity's mission and how it drives our product development and the advanced technologies we are using to ensure privacy and safety for our users. So joining me today are key members of Gravity team. So our CTO, Aaron, is here, and our head of security, Chris Thomas, is here. And also our head of Blockchain Minfam, is here. So we are thrilled to have them here to share the your insights. So can you guys please say hi to the audiences here for today?

Introduction of Team Members

Hey, guys, I'm Aaron. I'm the CTO of Groti. Really excited to be chatting with you guys. Hi, everyone. My name is Ming, currently heading the blockchain at GRV. Really excited to join my first real estate here. Likewise. I'm Chris, head of the Tin foil hap brigade and in charge of everything security. I look forward to discussing it with you today. Great. So let's start our weekly space. So, Aaron, as a CTO of gravity, so I want to kick things off with you. And how does security fit into the gravity speed? Could you share your thoughts on how it shapes the company's direction?

Security in Gravity's Vision

Yeah, sure. I mean, so security was always the heart of what gravity was supposed to be about. Like, we felt very much strongly that, you know, in the current DeFi landscape, a lot of, like, security elements are not quite as. How do you say? Well, DeFi has decentralized security, but it lacks out on all the centralized security controls that we've seen evolve, overdose, over many decades in the centralized world. And what we're trying to do in gravity is to bring together the best of both worlds into a single exchange and I think one of the unique things that we're offering is on chain role based access control. We believe very much strongly that security should be at the heart of every institution facing DeFi project, and hence we have taken it very seriously. Access control and security, moving it even on chain. So, yeah, that's a brief overview of how we view it.

Further Insights on Security

Oh, great. Thanks for all the insights and you shared, Chris. Do you want to add anything from your perspective about gravity's for the vision? Yes, certainly. Security is one of the cornerstones of our product, where there's always been a problem within this space with regards to security, even though smart contracts provide some layer of security with regards to immutability and defined processes. As Aaron alluded to, the web two side of things, especially in the DeFi space, has been somewhat lacking. And as such, one of the things we are addressing within this ecosystem is trying to embed security at every single layer within the company. So our vision relates to adopting shift left security methodologies, where we try to embed security as early as possible within the various development, if it's either development or corporate processes or decisions. So we can then identify the potential risks and vulnerabilities, while also then having transparency as a major cornerstone.

Transparency in Security Practices

So our example would be in if were to take things like FTX, which was a centralized web two based exchange, there was a distinct lack of transparency there, which led them to use customers funds for their own purposes, whereas with us, with our custodial security in mind, backed up by the role based access controls, will actually provide a transparent means of ensuring users funds stay safe. Oh, great. Thank you for sharing whole kind of specific things. So, Min, do you want to add something on this? Like how had gravity had a vision regarding the security and how the product and the gravity has developed under the direction of the security, as Aaron or Chris mentioned?

Min's Perspective on Security

Right. Thanks, Louis, for the question. So, I think first and foremost, like we, as Aaron mentions, like, we started with securities as a first principle in mind. So it's built into every corner of the product and not as an afterthought. So, for example, when we are building a smart contract, we try to replicate 100% of all the controls that we have in a normal web through flow. So you have 100% of the robot set control that everyone was mentioning, and you can essentially limit which individual users can do on the account. And also, we have make it very transparent that there are certain invariants, there are certain constraints on your account that only if you have only the ones who have your private keys can actually make trades or attach them into balances.

Importance of Key Management

So essentially, if it's not your key, that is not your money. And we hope, I think, like especially on our smart contract development, we have one of the most comprehensive suite of security features that I've seen in the world. Yeah. Oh, yeah. Thank you. So, as a BDY, I also know gravity is focusing on some security a lot. And we are trying to solve the problems in central exchange field and also other decentralized finance or in the overall finance area. So as a means said, we are trying to make a lot of layers, a lot of steps for the users to protect their assets and not to happen any frauds and other asset balance in the exchange.

Personal Insights on Security Layers

So under that vision, I think we can move on to the next question, to deep dive into gravity. Once we launched our open beta or our theme to the public, we announced a lot about ZK sync and ZK technology. So, Min, can you describe us more like ZK sync parts of the gravitas technology? So gravity uses ZK snarks for privacy efficiency. So can you please help these ZK probes are applied and why they are crucial for gravity platform? All right, thanks, Louis. That's a great question. So, like, essentially it's like ZK sync is like another layer too, that is aiming to solve the scalabilities of ethereums.

Understanding ZK Technology and Its Application

So there are two approaches when people are looking at solving these problems. The first one is the optimistic robot, and the second one is a ZK robot. So now with optimistic rope, then it's more akin to the approach of like, you trust and then verify. So essentially the operators can, like you trust the operators to execute the transactions in the correct manner. And we rely on the communities to do their parts, to call if something's off and there's a period of verification, let's say, I don't remember, it's like maybe ten days, 20 days.

Transaction Integrity

And during that time, you can prove that there are something wrong happening. Someone's trying to steal your money, but you didn't execute that transactions, then the change can be rolled back to a previous state. So that's an inherent delay in this process. On the other hand, like ZK Roop, they relies on cryptography and remove the trust factor on humans, on any human effort to verify on the operator side, as long as you can establish that this is a very robust framework that can prove using mathematics, then you don't have to rely on any process to detect any wrongdoing on chains.

Privacy in ZK Rollups

So for one of the first, like, the biggest benefits of ZK row up is privacy. We don't really review any data on l one s. And your data, like your trade secrets, is always, say, private, and it's safe for us all we have to reveal. It's just what I call a ZK proof, a zero knowledge proof. You don't have to understand what it is, but essentially it's a cryptographical receipt. It's a very short receipt. And with that information, we can prove that these transactions indeed happens on our layer two.

Efficiency of ZK Proofs

And when coming to efficiency, then because of the ZK proof, is very short. You don't actually need to publish all the data on a private chain to a layer one, which can be costly and. Yeah, and it also takes a lot of computations to store and verify data. So in summaries, I think with Zkstack, we can minimize the role of trust in our system and rely on the power of cryptography to view what I think is a scalable, fast, and secure system. Yeah.

Phishing Threats

Okay, thank you. Min, do you want to add something more on the main answer about the question about how gravity uses ZK technology or ZK slarks for gravity's privacy or efficiency? Yeah, sure. So I think one important thing to note is that in this day and age, one of the biggest attack vectors is phishing. That's something that's getting like, the majority of compromises these days are based on that. And in the web three landscape, phishing is extremely prevalent because in Webtree, you don't have regulators taking care of people, and attackers can get away pretty much gut free if they're smart about it.

Privacy Measures Against Phishing

So one unique application that we had of using privacy on validium is that by limiting the data that the attacker can get access to, it would naturally make phishing a lot harder. For instance, if you wanted to create a phishing website to steal money from a certain user, but you do not know the user's main account id or the sub account id. Without that, you actually cannot attack the user by virtue of keeping the data private. On layer two, we actually protect users quite a lot more than a typical Defi application.

Signature Compromise Protection

On top of that, even if the signature was successfully compromised, because we do have a web to login as well, if the attacker manages to get the right signature. Even so, if they do not have the login cookie or the password, they aren't able to submit that signature. Right. So those are some very interesting applications we've seen with using, like the zksack or maybe just validiums in general, to prevent sorts of like, attacks vectors. Right.

Layer Two Transaction Security

And yeah, so another thing is that, you know, with like, our layer two, right. What we can do as a validium on layer two is that one thing is we do not allow users direct ability to make transactions against our layer two blockchain, right? Because that layer two blockchain is private by default. So to protect self custody, what we do is that users can force a transaction on layer one to a layer two using force transactions, it protects users self custody, although a little bit slow.

Backend Validation Mechanism

However, one thing it does for us is that what we do is when comes from layer one, or when any transaction comes through our backend, we actually do a round of backend validation before it hits the chain. One interesting thing is with our backend engine shielding the chain, you'll find that even if there were vulnerabilities on the smart contract, it might not be as easily exploited. Because even if someone wanted to exploit it, if it runs through our backend and our backend blocks it because it knows something's wrong, then the exploit pretty much like can't happen, right.

Probability of Exploits

So if you consider the odds that like, you know, getting an exploit on layer three is like, on web, on the, layer two is like 1% and on a backend is 1%, you apply that multiplicative effect. Right. And it quickly becomes a very rock solid security platform because users can't actually, I mean, attackers can't actually attack us as easily as they could on a standard l one or on the public l two. Those are some of the more interesting applications of zks that we've seen that we use in order to enhance the security that we offer to our users.

Web Two and Web Three Integration

Understood. Great details. Thank you, Aaron. Chris, what about you? Do you want to add more details on this question? Yes, certainly. So, to extend on what Aaron Amin has said, essentially, with our private layer two, it offers a layer of security. However, with regards to things like web three technologies, it's essentially an overlay technology when compared to web two. So effectively, your nodes have to run on somewhere, it has to be built on something, and as such, it can actually pose a number of security challenges and able to get right.

Scalable Security Approach

So one of the things we're trying to address here at gravity is trying to have a blend where we try to make the security scalable. And so Ara mentioned that we have kind of like validation before things hit the chain. However, there's a number of other security aspects that tend to happen as well. So we tend, we are trying to merge both web two and web three security into one cohesive unit. So example being with our exchange, when you tend to create an account, you have to use web tool based credentials such as username, password, your multi factor authentication.

Utilizing Web Two for Security

But then at the same time we're leveraging the web three components such as arm your wallets. So at any one point in time you have to be logged in as you want a typical web two application. But then once you perform any privileged function like buy, sell, or even change some profile settings or add roles, it requires additional layers of security such as your signature, in order to validate. And one of the things which is somewhat severely lacking in this space is the lack of compliance and regulations which actually enforce organizations such as ourselves to implement security in a proactive manner.

Proactive Security Measures

However, this is something that we are doing as a matter of principle. So we don't just perform off chain validation, we actually perform security checks throughout the entire stack, where if were to use an example of taking our key custodial, when we deploy a smart contract, obviously you have a deployer key and things along with that to use the web two and web three merging. As analogy, we leverage MPC external providers. Well those MPC providers are built on web two based technology.

MPC Providers and Security

So they have servers running, they have the nodes running. However, then the web three side of things is the nodes are distributed using consensus mechanisms that allow us to have securely generate key material, but at the same time they provide governance. So similar to like Multisig, like two or three Multisig, but then that is provided by elegant API and it's the same with our exchange. So most of the users who would use our exchange are generally presented with web two based infrastructure.

Web Application Interaction

So you've got a simple, you've got a web application and it interacts with a series of web tool based APIs. So as I mentioned, you can't actually access our private layer two chain. And as such that allows us to actually integrate all these good web two based security concepts. And at the same time we can then look to leverage known industry standards and frameworks to ensure that the hosting environment and everything supporting it remains secure.

Industry Security Standards

So to give an example of some of these standards that we are currently leveraging would be like NIST 853 and also 250. But then we're also gearing up and targeting regulatory requirements. So as people are probably aware, like the continents such as like Europe are introducing Mika, which essentially outlines a number of security requirements and processes that must be implemented, we're taking a proactive approach into trying to implement those controls.

Integrating Security Practices

And not just at like the web two layer. So, like, also with the web three side of things. So the smart contract development, we're integrating secure development practices, unit testing and continuous monitoring and things like that to essentially ensure that our product is as secure as possible and as safe as possible for our users to use. Oh, thank you. Thank you, Chris. So, as Aaron and Minh said, the gravity is focusing on ZK technology to forward the privacy and efficiency, and not only those, but also the scalability to give users a more secure exchange experiences and more fast and accurate experiences.

Web Two and Web Three Coexistence

And as Chris mentioned, we are not only focusing on the ZK things, but also we make some kind of web two and web three security layers to coexist in the gravity. Chris, you explain a lot about the web two and web three layers, but I think I want to give a more deep dive into these layers. So can you please explain more specific things like how gravity integrate web two security layer and web three security layer to make to give user more secure experience in exchange? Certainly, as I mentioned, web three is essentially an overlay technology where it's built on top of web two.

Security Vulnerabilities in Applications

So if we take a typical application, web application as an example, so say you go to something like Uniswap or any other web three based application, if there's a web two based vulnerability, such as cross site scripting, where an attacker essentially injects malicious code into the browser, well, from a web two perspective, inside the browser is this global object called Window Ethereum, which is EIP 1193. Now, there are no access controls based around this object, meaning that any code injection will result in an attacker being able to query this.

Enhanced Security Controls

And so if you say metamask wallets unlocked, it will, you'll be able to query the wallet, obtain a list of assets, and actually start generating transactions. So as most people have seen, with things like the approval hacks and things like that, especially with phishing, you've visited a legitimate site and it pops up to send this transaction. Well, in this instance, we are leveraging both web two and web three base security, whereas if that was to happen with us, then the web three side of things is somewhat protected because the user would still have to acquire a cookie or they couldn't steal the user's sessions because of all the security controls such as like secure cookie flags, secure HTTP headers such as cross origin, resource sharing and content security policies and things like that, which essentially provide additional layers of control.

Defense in Depth Approach

There's a well known saying in the security field such as defense in depth, and this is where we try to instill security at many different layers.

Control of Funds and Account Creation

And again, one of the key features of gravity is users have complete control of their funds. So when you go to create an account, you have multiple options where you could use your existing metamask wallet, or at the same time you could possibly leverage one of our external custodial providers, dfns. And these allow you to actually generate a, a secure key within enclave within the browser. However, gravity itself does not actually, we're not able, even though it's within our web application, we are not actually able to see or read your private key. We only capture your public key.

Smart Contracts and Security Validation

And as such, that anything that we try to perform, if I was to say, try to impersonate a user within gravity, due to our smart contracts and the roles based access, I would be required to provide a signature associated with that account. So that would mean I would need the private key associated with that account. And so these additional provide, and we don't have that. So that essentially means that even if were to have a compromise, an attacker does not have access to your private key and as such would not actually be able to transfer funds or make actions based on yourselves. Because the smart contract, both acts are back end validation before even hits the chain. And also at the smart contract layer, the user signature is checked to determine whether that signature is valid.

Blending Web Two and Web Three Security

And if you don't have that private key, then obviously it's going to be denied. So that's a perfect example where we're trying to blend both web two and web three security together. Oh, great. Yeah, cool. Oh, okay. So thanks for the, all the details and the like, specific things going on for the web two and web three layers. Oh, how about Min, do you want to add another thing in this question? Yeah, I think, like Chris, I pretty much cover it. Yeah, yeah. I have nothing else to add. Well, yeah, maybe I can share something. So I think one thing on my end is I've been seeing a lot of people in the web three industry conflate the two concepts, self custody and security.

Understanding Self Custody and Web Three Security

Right. So I think one thing that's important to note is that they're not one in the same. Having your own wallets, your own private key, does not by default make think safe. I think it's quite clear by now if you look at the overwhelming amount of evidence, like security compromises are probably more rampant in web three compared to web two. And why is that the case? I think one thing is that in web three, all of your smart contract code is given out for the world. Two, c, someone can behind closed doors, behind their own private chain. They run ethereum node themselves, not connected to main node but a test node themselves. And they can try out different ways to break your product.

Challenges of Security in Web Three

Also, I think one thing you see in web two very much is security patches. You have the ability to push out security patches pretty quickly, but in web three, it's typically quite static. In fact, even some contracts don't have the ability to upgrade. So when you consider an environment like an interesting environment like Webtree, where all the code is public and the ability to apply patches is actually a little bit more limited, typically with a time lock, it is actually a little bit harder to keep secure. I think the benefit of Webtree avoids in its simplicity. A lot of Webtree code and solidity is like a lot simpler than most things you see in web two, right?

Simplicity and Security in Web Three

So therefore, by simplicity equals less chance of making mistakes in general for engineering. Right? So yeah, I think I've seen many people on web three conflate the two, but recognize that I think typically security becomes a concern when you want to add more features or add more value at a services. One trend I've seen is that a lot of web three projects, they cut down their services, they cut down their feature set to a bare minimum, and that's the way that they provide security. So I mean, if you build a to do list app, you'll probably never get hacked. There's very little things you can do to get hacked on a to do list level.

Balancing Value and Security in Web Three

But if you want to provide value added services, you want to get a deeper and harder about what you want to provide to your clients, you necessarily have to open some security doors to do business. Fundamentally, I think that web three has a lot to learn from web two in terms of security. Web two has already about how you balance your features, the value that you provide to your users, in addition to, I mean, in opposition to the security levels that you must uphold, whereas Webtree typically takes a very bare minimum perspective to just make security simple by default.

The Growth of Web Three Security

So yeah, that's what I would like to challenge most of the listeners here today. Web 300 has a lot of space to grow in trying to advance to web two levels, in my opinion, and self custody is a very strong aspect of security. In fact, one of the biggest, I'll say, but like it is not the be all and all that. Yeah. Typically has been advocated in the web three space. Oh, thanks, Aaron. It's really great point. Oh, Chris, do you want to add something more on this? Yeah, certainly. So one of the problems with Web three is the lack of a middleman.

Middleman and User Security in Web Three

Well, it's been touted as one of the advantages where it's distributed in nature. However, one of its disadvantages is the lack of middleman. So say you have a credit card and you have credit card fraud, generally you can contact the bank and have some sort of recourse, that is, they'll refund the transaction to yourselves. But however we're in web three, obviously anything committed to the chain pending our fork or road back, then obviously it's final, right, it's gone. You, you've got no way to respond. And as such, the onus for security is actually shifting between not just to the, from the middleman, it's shifting to both the company, such as ourselves, and also the end user.

User Responsibility in Web Three Security

So this actually makes it much more paramount. And the problem, provided that with Web three, within the web three space is one of the favorite things I like to say, is there's no legal patch for human stupidity, meaning users can generally tend to be the weak link. And as such, this is one of the things that is actually largely misunderstood within the space. If I went to most people and said, what would you associate with web three security? Everyone, most people would actually go straight to smart contracts and smart contract security, which yes, that is one critical aspect. However, that's just one side of the coin.

Risk Awareness in Web Three Development

And as such, people need to be aware of the security risks posed by the web two infrastructure at the same time. So the hosting web servers, the underlying environments and the development process, if any of those get compromised, they could have malicious code injected into them. Orlando. In some instances where like the DNS servers have been hijacked and redirected to malicious sites to facilitate social engineering ambition attacks, well, users will fall for that because there's no recourse. This is then what essentially causes problems within the space.

The Understanding of Web Two Elements

And this is actually largely misunderstood, especially with the majority of projects and organizations out there, to the point that if you were to go and look at what to say, the smart contract auditing companies, even things like Halburn and trailer bits, it's only within the last six months they've actually started picking up the web. Two aspect of things where they start to offer things like virtual cisos and things like that. However, it's still very much not well understood or investigated. Something that's solely lacking within our space, which is something that we are going to try to change in the future.

Gravity's Focus on Web Three and Security

Oh, thanks. I think it's a great point. Like not only what gravity focusing on like for kind of like features and technology, but I think you, both of you guys, what both of you guys told us is quite covering much about the web three security issues and like pain points, what the web three projects are struggling about and what gravity is, thinking of as a vision of the security itself. So I think we are, besides all these kind of like things, mean, is there anything like more technology thing you want to make emphasis on like besides the CK sync or like the web three or web three secure layer in gravity?

Seamless User Experience

sorry, what was the question again? I can catch that. So, is there any like anything other than the ZK start or web two and web three security layers is gravity. So any kind of like other technology you want to make emphasis on? Right, okay, yeah, so, yeah, I think, like, so one of the things when we are building the product is like we want all this like, securities, all these guarantees and conveniences of web two and web three combined. But we also want to have like a top notch ux.

Integrating Web Two and Web Three UX

In fact, we want user experience so familiar with most users that you shouldn't even realize that you are using like web three underneath. Essentially, when you go to our products, it should be pretty much identical to any other web two, any other exchange, like traditional exchange, like finance, for example. So the onboarding, the loading curves, we are trying to aim to be have like a very, you know, like very small learning curbs, I would say. And you'll be like familiar with your, like with all the other retail flows.

User-Friendly Account Access

For example, like just sign up and log in, you're still using a password and there's just like one extra step for you to buy a wallet of to your account so that you can authorize connections on the account.

User Management Features

And everything's like, you know, recover password or managing accounts or, you know, adding it to Fa's are pretty much like, you don't have to learn a new concept to on both our platforms. Also, we also have like a promote where, you know, like we also cater to the more like, more savvy users, so that we built in a lot of like, features, that caters, for example, like to like institution professional traders who want to have like more controls over how they can trade or how they can manage risk on the system. Yeah.

Institutional Clients and Trading Volume

Okay, thank you, Min. So I think we can move on to the next part. So besides these ZK and user experiences in web two and web three layers, the other thing. So I think one of the main key factors of gravity as in BT's perspective is we can attract not only the retail users but also institution clients. So we already secure like 3.3 billion monthly trading volume commitment from major trading companies and trading institutions. So I think there will be. So what I guess was there will be more key security features for institutional clients in gravity other than those we already discussed about. So, Aaron, can you explain if there is more like, key features for this kind of specific institution clients?

Multi-Signature Features

Yeah, sure. I'm happy to go through them. I think one of the most common use cases you see institution clients, one is multisig. Right? So in, like, for instance, gnosis safe is extremely popular on layer one. A lot of institutions use it. And what we do in gravity is that for the main account, you can set several admins, right? And you can set a multi sig threshold, right? So you like, basically you can have like seven admins and two threshold. You could have like five admins and three threshold. We allow each, like, institutional account to apply their own multi sig threshold in terms of, like, very sensitive operations, like onboarding a new withdrawal wallet or like onboarding a new administrator, things like that. Right.

Security and Control in Institutional Operations

So this has been quite popular with the institutional space because I think what they have been lacking is a DeFi platform that actually respects the organizational. Because in most DeFI applications, what you see is that, for instance, in a trading team, if one person runs away with the private key, it's gone. It's gone. Or as an organization, you have to rotate and switch your private keys whenever anyone leaves the team. Because in a lot of like, layer twos, derivative keys are used and sometimes they are stored. The session keys are stored in the browser and they are permanent access session keys. So, yeah, one thing we take very seriously is giving people the same level of control as they would have on, for instance, Gmail. You want to revoke an email, it's gone. So institutions really buy into that.

Withdrawal Whitelisting and Session Keys

And I think, yeah, not just multi sig, but it would allow this or whitelist specific institutional wallets for withdrawal. So not anyone can bridge out. Or even if you want to bridge out, you have to bridge out to only. So that's very akin to banking systems where they actually require you to set up a new withdrawal address or transfer account address. We do the same at gravity. Another thing is we offer session keys, because I think, alluding to what min mentioned earlier, it's always very important to balance out usability, user experience with security, and important to also balance out security with the functionality and features that you offer to users. Right.

Introducing Session Keys for User Flexibility

So one of the things that we did is we created something called session keys. So session keys are completely impermanent and completely. We call that they're impermanent and they can also be revoked and they're optional. So you can create a session key, use it for a couple hours, and then after that you can revoke it. And that way you can use the gravity UI without having to sign every single transaction all the time. Yeah. So, yeah, those are some of the features that we have.

Addressing Security Needs for Institutional Clients

Okay, thank you, Chris. Or mine having anything to add on the Aaron's answer on this question? Certainly. So, one of the key requirements of institutional clients is obviously, security is paramount. So if you were to use, look at banking, there's a whole slew of regulations and compliance requirements that must be followed, however, in the defined crypto space, that is somewhat lacking. And this is something we're aiming to address. This is why gravity has a dedicated security team where we have over 35 years of experience as penetration testers, in order to ensure that, like, every single aspect of our technology stack is as secure as possible.

Compliance and Regulatory Measures

And at the same time, we are obtaining compliance, regulatory compliance with things like the Bermuda Monetary Authority, which gives us a license to operate as a kind of financial institution, as well as trying to leverage other industry known industry standard certifications in order to demonstrate that our minimum security baseline is above par or above approach. And this is something which institutional investors would actually look to acquire and something that every in the space, every project in space should aspire to. Oh, thank you, Chris.

Additional Security Features and Functionality

Min, do you have anything to add? All right, so I think, like, one of the, I think, features that I find very helpful personally, is that when, for example, let's say, because everything in gravity needs to be authorized by your private key. So. But, like, what if you lose your private keys, right? Is this the end of the world? Then we thought very hard about these problems, and we came up, like, with features called secondary wallets, where essentially you can just, you know, use your own private keys to add another.

Ensuring Recovery Access for Organizations

Add a recovery wallet that can be used to get you back into this system when you lost the main private keys. So especially, let's say you can have, like, an institution where you have multiple users, and it can be paramount for them to know that there's always a way back into the account. And you can always balance this, like, with like, you know, adding month to admin so that even though, like, another person who has been removed, they can recover their private keys, they can actually do anything harmful to their accounts. So I think that's very cool features that we've been working on.

Conclusion of Discussion on Gravity Security

Oh, thank you, Min. So I think we have talked pretty much about the gravity security for today. So I think we can wrap up our Twitter space for now. But before that, if there's anything you want to add on more on the gravity security things, please share. Error Chris or Main. So if there's not, I think we can just wrap up our space today and, like, we can introduce our next space. Do you guys have anything to add on more?

Final Thoughts and Acknowledgments

Not in particular. I believe we've covered quite a lot of space. Yeah, yeah, yeah, I think. Yeah, I think we covered pretty much about the gravity security. So we talked about how, like, gravity vision and how gravity think about the web security in electric spaces and I how it shapes everything from our product development to our like, blockchain technologies. And also we explore the role of Zksync in the gravitas, privacy and efficiency and scalability. And we also discussed the coextensive web two and web three security layers and even some like, highlighted security features for our institution clients.

Gratitude and Invitation for Future Engagement

So I think with that, we can just, like, we cover like, almost all about the gravity security vision and features, and we can bring, I think that can bring us to the end of our discussion today. So I think I want to once again thank Aaron, Chris and me for sharing your insights and your knowledge and gravity. And a special thank you to all of you who joined us today and your time and engagement and a lot to us. So, yeah, I think it's all for today. And thank you again to everyone who tuned in today, and I appreciate your time.

Contact Information and Closing

So if you have any further questions or want to stay updated on gravity, please feel free to contact us through like emails or teacher groups or other kinds of things you can do. And we are still live our testnet and also KyC viewer. So if you guys didn't have tried Kyc yet, please try it. And if you guys have any like, problems or issues, please just contact us through however you are, you feel convenient. So thank you everyone, and have a great day. Thank you. Thanks, everyone. Bye bye.