Security
TAC’s comprehensive security framework including audits, monitoring, and multi-layer protection
TAC implements a comprehensive security framework with multiple layers of protection, professional audits, and continuous monitoring to ensure the safety of hybrid dApps and user assets.
Security Audits
Halborn Audit (EVM)
EVM Client Security Comprehensive audit of TAC’s EVM implementation by Halborn, covering blockchain security and client vulnerabilities.
Trail of Bits Audit (TON Adapter)
Cross-Chain Infrastructure Professional audit of the TON Adapter system by Trail of Bits, ensuring secure cross-chain messaging and consensus.
Multi-Layer Security Architecture
TAC’s security model operates across multiple layers to provide comprehensive protection for users and applications.
EVM Layer Security
Cancun Network Foundation
Cancun Network Foundation
Modern EVM Implementation: TAC EVM is based on the Cancun upgrade, incorporating the latest Ethereum security improvements and optimizations.
Proven Technology: Built on battle-tested EVM specifications with all security features and protections of modern Ethereum networks.
Standard Compliance: Full compatibility with Ethereum security models ensures familiar security guarantees for developers.
Delegated Proof of Stake (dPoS)
Delegated Proof of Stake (dPoS)
TAC Token Security: Network consensus secured by delegated Proof of Stake using $TAC tokens as the staking mechanism.
Validator Incentives: Economic incentives align validator behavior with network security through staking rewards and slashing penalties.
Distributed Validation: Multiple independent validators secure the network through distributed consensus mechanisms.
Babylon Integration
Babylon Integration
Enhanced Economic Security: Integration with Babylon protocol adds Bitcoin’s economic security to TAC’s consensus layer.
Bitcoin Staking: Bitcoin holders can stake their BTC to provide additional economic security for TAC network operations.
Dual Security Model: Combines dPoS consensus with Bitcoin’s proven security model for enhanced protection.
TON Adapter Security
The TON Adapter implements distributed architecture with multiple validation layers:
Current Network Status: The sequencer network is currently distributed but not decentralized. Full decentralization is on the roadmap as the network matures.
Current State: TON Adapter operates with distributed sequencer groups providing redundancy and security validation.
Multiple Validators: Multiple independent sequencer groups validate cross-chain transactions through consensus mechanisms.
Future Decentralization: Architecture designed for progressive decentralization as the network matures.
Current State: TON Adapter operates with distributed sequencer groups providing redundancy and security validation.
Multiple Validators: Multiple independent sequencer groups validate cross-chain transactions through consensus mechanisms.
Future Decentralization: Architecture designed for progressive decentralization as the network matures.
Multi-Group Validation: Cross-chain messages require consensus from multiple independent sequencer groups.
Economic Stakes: Sequencers stake collateral to participate in validation, creating financial incentives for honest behavior.
Cryptographic Proofs: All cross-chain operations protected by Merkle proofs and cryptographic verification.
Professional Security Auditing
TAC undergoes comprehensive security audits by industry-leading firms to ensure the highest security standards.
Completed Audits
Halborn Audit (EVM)
EVM Client Security Comprehensive audit of TAC’s EVM implementation by Halborn, covering blockchain security and client vulnerabilities.
Trail of Bits Audit (TON Adapter)
Cross-Chain Infrastructure Professional audit of the TON Adapter system by Trail of Bits, ensuring secure cross-chain messaging and consensus.
Additional Security Reviews
Quantstamp (Proxy Apps): Smart contract audits for proxy applications ensuring secure cross-chain contract interactions and asset management.
Ongoing Reviews: Regular security assessments and code reviews as the protocol evolves and new features are added.
Continuous Security Monitoring
TAC implements 24/7 security monitoring and incident response capabilities to detect and respond to potential threats.
Real-Time Threat Detection
Hypernative Monitoring
Hypernative Monitoring
24/7 Security Monitoring: Hypernative provides continuous monitoring of TAC networks, detecting potential exploits and anomalous behavior.
Mempool-Level Detection: Advanced monitoring capabilities detect suspicious transactions at the mempool level before they’re executed.
Real-Time Alerts: Immediate notifications for potential security threats enable rapid response and mitigation.
Dedicated SOC Team
Dedicated SOC Team
24/7 Security Operations: Fully dedicated Security Operations Center (SOC) team monitoring TAC infrastructure around the clock.
Incident Response: Trained security professionals ready to respond to any security incidents or threats.
Proactive Monitoring: Continuous analysis of network activity and security metrics to identify potential issues before they become problems.
Security Certifications
Industry Standards: TAC maintains compliance with industry security standards and best practices for blockchain networks.
Regular Assessments: Ongoing security assessments ensure continued compliance with evolving security requirements.
Documentation: Comprehensive security documentation and incident response procedures maintain operational readiness.
Future Security Enhancements
TAC has planned significant security upgrades that will provide additional layers of protection and decentralization.
Babylon Bitcoin Restaking Integration
TAC plans integration with Babylon’s Bitcoin restaking protocol to add massive economic security:
Bitcoin as External Security Layer
Bitcoin as External Security Layer
Leveraging Bitcoin’s Economic Strength:
- Bitcoin holders delegate BTC stakes to Babylon validators
- Validators cryptographically verify TAC EVM blocks and Merkle roots
- Self-custodial delegation maintains decentralization without custody risk
- Exponentially increases attack costs through Bitcoin’s security budget
Slashing for Equivocation
Slashing for Equivocation
Economic Penalties for Malicious Behavior:
- Validators providing conflicting signatures face automatic slashing
- Double-signing detection through Babylon protocol mechanisms
- Direct economic penalties via Bitcoin blockchain enforcement
- Makes attacks economically irrational at Bitcoin-scale security
FROST Consensus Upgrade
Planned migration to FROST-Ed25519 threshold signatures with Distributed Key Generation (DKG):
Enhanced Cryptographic Security:
- Threshold signature creation requires t+1 out of n participants
- Attackers controlling up to t participants cannot forge signatures
- Ed25519 compatibility with existing verification systems
- Round-optimized design minimizes communication overhead
Enhanced Cryptographic Security:
- Threshold signature creation requires t+1 out of n participants
- Attackers controlling up to t participants cannot forge signatures
- Ed25519 compatibility with existing verification systems
- Round-optimized design minimizes communication overhead
Decentralized Key Management:
- Dealerless key generation - no single party knows complete secret
- High threshold support (k > n/2) for enhanced security
- Feldman VSS with verifiable encrypted shares
- Complaint handling without secret disclosure
Long-term Security Maintenance:
- Share refreshing capabilities for proactive security
- Dynamic committee composition changes
- Threshold value adaptation to security requirements
- Protection against gradual node compromise
Community Security Programs
TAC will launch comprehensive community-driven security programs following mainnet deployment.
Upcoming Programs
Reward Security Research: Comprehensive bug bounty program rewarding security researchers for discovering vulnerabilities.
Tiered Rewards: Structured reward system based on severity and impact of discovered issues.
Responsible Disclosure: Clear processes for responsible vulnerability disclosure and coordinated fixes.
Reward Security Research: Comprehensive bug bounty program rewarding security researchers for discovering vulnerabilities.
Tiered Rewards: Structured reward system based on severity and impact of discovered issues.
Responsible Disclosure: Clear processes for responsible vulnerability disclosure and coordinated fixes.
Community Auditing: Open audit competitions allowing the broader security community to review TAC’s codebase.
Competitive Analysis: Multiple teams competing to find security issues provides comprehensive coverage.
Transparency: Public audit processes and results increase confidence in TAC’s security posture.
Launch Timeline: Both bug bounty programs and audit competitions will begin shortly after mainnet launch, providing ongoing community-driven security validation.
Security Best Practices
For developers building on TAC, following security best practices ensures application and user safety:
Development Guidelines
Smart Contract Security: Follow established smart contract security patterns and undergo professional audits for production applications.
Cross-Chain Considerations: Understand the unique security considerations of cross-chain operations and implement appropriate safeguards.
Testing Requirements: Comprehensive testing including security-focused test scenarios and edge case validation.
Operational Security
Key Management: Implement secure key management practices for production deployments and user funds.
Monitoring Integration: Integrate with TAC’s monitoring systems and implement application-specific security monitoring.
Incident Response: Develop incident response procedures for potential security issues in your applications.
Transparency and Communication
TAC maintains transparency in security matters while protecting sensitive operational details:
Public Audits: Audit reports are made publicly available for community review and verification.
Security Updates: Regular communication about security improvements, patches, and best practices.
Community Engagement: Active engagement with the security community for ongoing feedback and improvement.