Skip to main content
This guide covers essential security considerations when building MPC applications with the Stoffel Solidity SDK.

Overview

MPC applications have unique security requirements beyond typical smart contracts. The security of the entire system depends on:
  1. Access control - Who can trigger state transitions
  2. Input integrity - Ensuring inputs are properly masked and validated
  3. Round sequencing - Maintaining correct state machine flow
  4. Threshold configuration - Proper n/t settings for Byzantine fault tolerance

Access Control

Why onlyDesignatedParty Matters

The designated party role controls the MPC lifecycle. Unauthorized access could:
  • Skip preprocessing, causing computation failures
  • Prematurely end input collection, excluding legitimate clients
  • Trigger computation with insufficient inputs
  • Publish invalid outputs
Never remove the onlyDesignatedParty modifier from lifecycle methods. This is the primary defense against unauthorized state manipulation.

Party Role Management

Designated Party Security

RiskMitigation
Private key compromiseUse hardware wallet or multi-sig
Single point of failureConsider time-locked transfers
Malicious designated partyImplement governance controls

Threshold Configuration

The n >= 3t + 1 Rule

HoneyBadger MPC requires n >= 3t + 1 for Byzantine fault tolerance:
n (parties)t (threshold)ToleratesValid?
411 faultyYes (4 >= 4)
511 faultyYes (5 >= 4)
722 faultyYes (7 >= 7)
1033 faultyYes (10 >= 10)
52-No (5 < 7)
A threshold of t means the system tolerates up to t malicious or faulty parties. Higher thresholds require more parties but provide stronger security guarantees.

Production Recommendations

EnvironmentRecommended ConfigReasoning
Developmentn=4, t=1Minimum viable for testing
Stagingn=5, t=1Allows for node failures
Productionn=7+, t=2+Higher fault tolerance

Input Handling

Why Input Masking is Required

Raw inputs on-chain would be visible to everyone. Masking ensures privacy:

Input Count Validation

Always validate sufficient inputs before computation:

Replay Attack Prevention

Each input mask can only be used once:
Failing to invalidate used indices allows mask reuse attacks, which can leak information about client inputs.

Round State Machine

Why Rounds Must Be Sequential

The round state machine ensures:
  1. Preprocessing completes before inputs are collected
  2. All inputs are gathered before computation
  3. Computation finishes before outputs are published

The atRound Modifier

Always use atRound to enforce correct sequencing:

Common Round Pitfalls

PitfallConsequencePrevention
Skipping roundsMissing preprocessing dataAlways use atRound modifier
Re-entering roundsState corruptionUse _nextRound() only once per function
Stuck in roundComputation blockedImplement timeout mechanisms

Timeout Handling

For production systems, implement timeouts to handle stuck states:

Common Vulnerabilities

1. Insufficient Input Validation

2. Missing Round Checks

3. Incorrect Threshold Configuration

4. Reentrancy in Input Submission

5. Missing Events for Critical Actions

Security Checklist

Before deploying your MPC contract, verify:

Access Control

  • All lifecycle methods have onlyDesignatedParty modifier
  • Party management functions validate threshold constraints
  • Designated party key is secured (hardware wallet/multi-sig)

Input Handling

  • Input masks are initialized in preprocessing
  • Index reservations are validated before submission
  • Used indices are invalidated after submission
  • Minimum input count is enforced before computation

Round Management

  • All state-changing functions use atRound modifier
  • _nextRound() is called exactly once per lifecycle method
  • Timeout mechanisms exist for stuck states

General

  • Threshold configuration satisfies n >= 3t + 1
  • Critical events are emitted for monitoring
  • Checks-Effects-Interactions pattern is followed
  • Contract has been tested with edge cases

Next Steps