Security

Security considerations, access control model, and current audit status of the UGTP protocol.

No Audit Completed

The UGTP smart contracts have not yet undergone a formal security audit. This is beta software (v0.1.0). Do not use UGTP with significant funds or in production environments that require audited security guarantees. A professional audit is planned before the v1.0 release.

Role-Based Access Control

UGTP contracts implement a role-based access control system with two primary roles. All administrative and operational functions are gated by role checks.

Admin

  • Deploy and upgrade contracts
  • Configure protocol parameters
  • Grant and revoke roles
  • Set fee structures
  • Pause and unpause the protocol
  • Register and deregister adapters

Operator

  • Execute protocol operations
  • Process intent submissions
  • Manage adapter configurations
  • Update chain-specific parameters
  • Monitor system health

Separation of Concerns

The Admin role controls protocol governance and configuration, while the Operator role handles day-to-day protocol operations. This separation ensures that routine operations do not require elevated privileges, reducing the blast radius of a compromised operator key.

PolicyHook Validation

The PolicyHook contract provides a configurable policy enforcement layer that validates operations before they are executed.

Intent Validation

Every intent submission is validated against policy rules before being accepted into the IntentRegistry. Invalid or non-compliant intents are rejected at the contract level.

Account Operation Checks

UCI registration, UCA creation, and account linking operations pass through PolicyHook validation to enforce protocol-level constraints.

Fee Enforcement

PolicyHook ensures that required fees are attached to transactions where applicable. During the beta period, all fees are set to zero.

Adapter Whitelisting

Only adapters registered in the AdapterRegistry and approved through PolicyHook can process intents. Unregistered adapters are blocked.

Pausability

All UGTP protocol contracts implement an emergency pause mechanism that allows administrators to halt protocol operations in case of a detected vulnerability or ongoing exploit.

FeatureDetails
Pause AuthorityAdmin role only
ScopePer-contract granularity. Individual contracts can be paused without affecting others.
EffectAll state-changing functions are blocked. Read-only queries continue to function.
ResumeAdmin can unpause contracts after the issue is resolved.

Development Practices

While the contracts have not been audited, the following practices are observed during development:

  • Access control on all state-changing functions

    No public write function is unprotected. Every state mutation requires either Admin or Operator role.

  • Input validation

    Function parameters are validated for zero-address checks, bounds, and format compliance before execution.

  • Event emission

    All significant state changes emit events for off-chain monitoring and indexing.

  • Minimal external dependencies

    Contracts minimize reliance on external libraries to reduce supply-chain attack surface.

  • Solidity compiler version pinning

    Contracts use a pinned Solidity version to avoid unexpected behavior from compiler updates.

Reporting Vulnerabilities

If you discover a security vulnerability in UGTP contracts or infrastructure, please report it responsibly. Contact the team through the ugtp.net website. Do not disclose vulnerabilities publicly before they have been addressed. We are committed to acknowledging and resolving reported issues promptly.