If you discover a security vulnerability in GembaPay, please report it responsibly.
Contact: https://gembapay.com/contact
Guidelines:
- Do not disclose vulnerabilities publicly until they have been addressed
- Provide detailed information to help us reproduce and fix the issue
- Allow reasonable time for us to investigate and patch the vulnerability
Slither Static Analysis
- Tool: Slither v0.10.x
- Result: Zero high-severity findings
- Full report: docs/security-audit.md
Reentrancy Protection
- OpenZeppelin ReentrancyGuard implementation
- All external calls follow checks-effects-interactions pattern
Access Control
- Ownable pattern for administrative functions
- Merchant whitelist system
- Function-level access restrictions
Oracle Security
- Dual-oracle price validation
- Staleness threshold: 3600 seconds (1 hour)
- Price deviation check: 5% maximum between oracles
- Fallback mechanisms for oracle failures
Payment Security
- Quote expiration enforcement (5 minutes)
- Minimum payment thresholds
- Amount validation before processing
- Quote-based locking for native token payments
Emergency Controls
- Pause functionality for emergency situations
- Owner-only pause/unpause capability
- Graceful handling of paused state
Authentication
- JWT tokens for session management
- API key authentication for merchant requests
- Separate authentication for admin functions
- Optional two-factor authentication (2FA) for merchant dashboard login — authenticator app (TOTP) or 6-digit email code, with one-time backup codes; TOTP secrets are encrypted at rest
Data Protection
- TLS/HTTPS encryption for all traffic
- Password hashing using bcrypt
- Sensitive data encryption at rest
Request Security
- Rate limiting on all endpoints
- CORS policy enforcement
- Input validation and sanitization
- SQL injection prevention (Prisma ORM)
Webhook Security
- Signature verification for incoming webhooks
- Replay attack prevention
- Timeout handling
Payment Link Integrity
- Single-use links are atomically reserved for one payer while a checkout is in progress, so they cannot be paid twice — a concurrent checkout is rejected until the short reservation expires (it expires automatically if the payer does not complete)
- Duplicate-payment detection: the first completed payment claims a single-use link; any later payment (e.g. a late, irreversible on-chain transaction) is flagged as a refundable overpayment, excluded from the link's usage total, and the merchant is notified
- Multi-use links enforce their usage-count and total-amount limits
Server Security
- Regular security updates
- Firewall configuration
- DDoS protection (Cloudflare)
- Access logging and monitoring
Database Security
- Encrypted connections
- Regular backups
- Access control lists
- Query parameterization
Blockchain Risks
- Transaction finality depends on network confirmation times
- Gas price fluctuations may affect transaction costs
- Network congestion may delay transactions
Oracle Risks
- Price feed delays in extreme market conditions
- Potential for oracle manipulation (mitigated by dual-oracle validation)
Payment Risks
- On-chain crypto payments are irreversible; a rare duplicate payment on a single-use link cannot be auto-reversed — it is detected, excluded from the link's total, and flagged to the merchant for a manual refund
Smart Contract Risks
- Immutable code after deployment
- Upgrade path requires contract migration
Account Security
- Enable two-factor authentication (2FA) on your dashboard account — authenticator app or email code
- Store your 2FA backup codes somewhere safe (each can be used once)
- Use a strong, unique password for your dashboard login
API Key Management
- Store API keys securely (environment variables, secrets manager)
- Rotate API keys periodically
- Use separate keys for development and production
Webhook Verification
- Always verify webhook signatures
- Implement idempotency for webhook handlers
- Log all webhook events
Transaction Verification
- Verify transaction status via API before fulfilling orders
- Do not rely solely on webhook notifications
- Implement timeout handling for pending transactions
Data Protection
- GDPR compliant data handling
- 5-year data retention for AML compliance
- User data deletion upon request (where legally permitted)
KYC/AML
- Mandatory KYC verification for all merchants
- Transaction monitoring for suspicious activity
- Sanctions screening
- README - Project overview
- Security Audit - Detailed audit report
- Smart Contracts - Contract documentation