Matador Docs
Protocol Security

Defense-in-Depth Layers

Layering security controls for maximum resilience.

Defense-in-Depth Layers

Security is not binary. It is a stack of defenses. Matador fits into the "Runtime Verification" layer.

graph TD
    A[User Transaction] --> B{Smart Contract Logic}
    B -- "Logic Bug?" --> C{Matador Policy}
    C -- "Invariant Violated?" --> D[Revert]
    C -- "Safe" --> E[State Change]
    
    subgraph "Core Protocol"
    B
    end
    
    subgraph "Safety Layer"
    C
    end

The Layers

Code Layer: Solidity require() statements and access controls.

  • Weakness: Vulnerable to logic bugs and complexity.

Policy Layer (Matador): High-level invariants enforced on every transaction.

  • Strength: Simple, declarative rules that catch the outcome of complex bugs.

Monitoring Layer: Off-chain bots watching for events.

  • Weakness: Reactive (too late to stop the tx).

Governance Layer: Humans fixing things.

  • Weakness: Slow.

Runtime checks complement audits

Audits catch bugs at a point in time; policy checks keep enforcing invariants after deployment.

Example: The Infinite Mint Bug

Imagine your protocol has a bug that allows a user to mint infinite tokens.

  1. Code Layer: Fails. The bug allows the mint.
  2. Policy Layer: You have a policy: TotalSupply cannot increase by more than 1% per day.
    • Result: The attacker tries to mint 1M tokens. Matador calculates the increase. Blocked. The bug exists, but it cannot be exploited.

Protocol & Intra-Contract Security

Protecting internal invariants. Defense-in-depth for protocol developers.

Recipe - Invariants & Guards

Enforcing protocol safety rules.

On this page

Defense-in-Depth LayersThe LayersExample: The Infinite Mint Bug