Skip to content

Security: Subho4531/eventhorizon

Security

SECURITY.md

Horizon Security Checklist

As a privacy-first prediction market utilizing Soroban smart contracts, Zero-Knowledge Proofs, and an autonomous Agentic Engine, security is our top priority. Below is the comprehensive security checklist that has been reviewed and implemented for the Horizon platform.

1. Smart Contract Security (Soroban/Rust)

  • Access Control: Critical administrative functions (like pausing the contract or emergency withdrawals) are strictly protected by admin-only auth checks (require_auth).
  • Reentrancy Protection: State changes are made before external calls to prevent reentrancy attacks, though Soroban's single-threaded nature natively mitigates this.
  • Integer Overflow/Underflow: Handled natively by Rust/Soroban's safe math operations.
  • Unit Testing: Comprehensive test coverage for all edge cases (early resolution, incorrect ZK proofs, zero-balance claims).

2. Zero-Knowledge (ZK) Circuit Integrity

  • Nullifier Verification: The smart contract meticulously tracks nullifier hashes to ensure a ZK proof cannot be reused to double-claim a reward.
  • Secure Parameter Generation: The circuit proving and verifying keys were generated securely to prevent forged proofs.
  • Input Sanitization: Both the frontend and backend validate the structural integrity of the ZK proof payload before submitting it to the Stellar RPC.

3. Backend & API Security

  • Relayer Rate Limiting: The fee-sponsorship API (/api/relay) is rate-limited using Redis (Upstash) to prevent malicious actors from draining the platform's gas reserves.
  • Environment Variables: All sensitive keys (PostgreSQL URI, Redis URL, Gemini AI API keys, Stellar Secret Keys) are securely injected via Vercel secrets and never committed to version control.
  • CORS & CSRF Protection: API routes are protected against Cross-Site Request Forgery, and CORS is tightly configured to only accept requests from the official Horizon domain.

4. Agentic AI Pipeline Security

  • Resolution Consensus: The autonomous market resolver cross-references multiple high-authority sources via SerpAPI before finalizing a market. It does not rely on a single point of failure.
  • Prompt Injection Mitigation: Strict system prompts and rigid JSON-schema outputs are enforced on the Gemini AI to prevent malicious news headlines from hijacking the agent's logic.
  • Manual Override Switch: An admin fail-safe is built into the smart contract to manually halt or override agent resolutions in the event of AI hallucination or API failure.

There aren't any published security advisories