PIPELINK LogoDocs
Back to Documentation

Security

Best practices and security guidelines for building secure applications with PIPELINK.

Security Overview

PIPELINK is built with security as a core principle. However, developers must follow best practices when integrating PIPELINK into their applications to ensure maximum safety.

Critical Security Practices

Never Share Private Keys

Private keys are the root of all security. Never expose them in logs, frontend code, environment variables, or transmit them over insecure connections.

// ❌ DO NOT DO THIS
const privateKey = process.env.PRIVATE_KEY; // Exposed in logs
localStorage.setItem('key', privateKey); // Client-side storage

// ✅ DO THIS INSTEAD
const keypair = Keypair.fromSecretKey(secretKeyBytes);
// Store secrets only in secure backend systems

Always Verify Wallet Ownership

Before executing any transaction or sensitive operation, verify that the user owns the wallet they claim to own.

import nacl from 'tweetnacl';

function verifySignature(message, signature, publicKey) {
  try {
    const messageBytes = new TextEncoder().encode(message);
    const signatureBytes = Buffer.from(signature, 'hex');
    const pubKeyBytes = Buffer.from(publicKey, 'base58');
    
    return nacl.sign.detached.verify(
      messageBytes,
      signatureBytes,
      pubKeyBytes
    );
  } catch (error) {
    return false;
  }
}

Validate All Accounts and Programs

Before including accounts in a pipeline step, verify they are the correct accounts and belong to the expected programs.

// ✅ Validate program ownership and account addresses
const expectedProgramId = new PublicKey('TokenkegQfeZyiNwAJsyFbPVwwQQfփ');
const userProvidedProgram = new PublicKey(userInput.programId);

if (!userProvidedProgram.equals(expectedProgramId)) {
  throw new Error('Invalid program address');
}

// Verify account ownership
if (!account.owner.equals(expectedProgramId)) {
  throw new Error('Account owned by wrong program');
}

Signature Verification

PIPELINK uses Ed25519 signature verification for wallet authentication. Understand how signatures work to implement proper verification.

How Signatures Work

1. Message Creation: The user creates a message they want to sign.
2. Signing: The wallet signs the message using the user's private key.
3. Verification: The server verifies the signature using the public key.
4. Authentication: If valid, the user is authenticated.
// Client-side: Sign a message with Phantom
const message = new TextEncoder().encode('Sign in to PIPELINK');
const { signature } = await window.solana.signMessage(message);

// Server-side: Verify the signature
import nacl from 'tweetnacl';

function verifyMessage(message, signature, publicKeyBase58) {
  const messageBytes = new TextEncoder().encode(message);
  const signatureBytes = new Uint8Array(signature);
  const publicKeyBytes = bs58.decode(publicKeyBase58);
  
  return nacl.sign.detached.verify(
    messageBytes,
    signatureBytes,
    publicKeyBytes
  );
}

Backend Security

Rate Limiting

Implement rate limiting on all API endpoints to prevent abuse and DDoS attacks.

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per windowMs
  message: 'Too many requests, please try again later'
});

app.post('/api/pipeline/create', limiter, async (req, res) => {
  // Your handler code
});

Input Validation

Always validate and sanitize user input before processing.

import { z } from 'zod';

const PipelineSchema = z.object({
  name: z.string().min(1).max(100),
  owner: z.string().regex(/^[1-9A-HJ-NP-Z]{32,34}$/), // Solana address
  steps: z.array(z.object({
    name: z.string(),
    amount: z.number().positive()
  }))
});

// Validate incoming request
const result = PipelineSchema.safeParse(req.body);
if (!result.success) {
  return res.status(400).json({ error: result.error });
}

HTTPS Only

Always use HTTPS for all API communication. Never transmit sensitive data over HTTP.

// ✅ HTTPS endpoints only
const apiUrl = 'https://api.yourapp.com';

// ❌ NEVER use HTTP for sensitive operations
const apiUrl = 'http://api.yourapp.com'; // Insecure!

Common Vulnerabilities to Avoid

Replay Attacks

Include a nonce or timestamp in signed messages to prevent replay attacks.

Front-Running

Use Solana's recent blockhash and transaction priority to mitigate front-running risks.

Account Takeover

Implement multi-signature requirements for critical operations and use hardware wallets for key storage.

Insufficient Authorization

Always verify that the user has permission to execute requested operations before processing.

Pre-Mainnet Audit Checklist

All private keys are stored securely server-side
Signature verification is implemented correctly
All user inputs are validated and sanitized
Rate limiting is implemented on all endpoints
HTTPS is enforced for all connections
Error messages don't expose sensitive information
Smart contracts have been audited by professionals
Logging and monitoring are in place for suspicious activities
Back to Docs