Security Best Practices

Transaction Security

Key Management

• Store private keys securely: Never store private keys in plaintext or in code

• Use hardware wallets for signing transactions involving significant amounts

• Implement multi-signature requirements for high-value transactions

• Rotate signing keys periodically for ongoing operations

Transaction Creation

• Verify payment addresses: Always obtain Shield payment addresses from the /info endpoint, never hardcode them.

• Double-check transaction outputs: Before signing, verify recipient addresses and amounts

• Implement output address validation: Check for typos or errors in Bitcoin addresses

• Keep software updated: Use up-to-date Bitcoin libraries with the latest security patches

API Integration Security

Request Security

• Use HTTPS only: Never make API calls over unencrypted HTTP. Shield does not support HTTP requests.

• Verify SSL certificates: Implement certificate pinning for production applications

• Set reasonable timeouts: Implement timeouts for all API requests

• Validate all responses: Never assume response data is well-formed

Error Handling

• Implement proper error handling: Log errors but don't expose sensitive details

• Add retry logic with backoff: Use exponential backoff for retries to avoid overwhelming the API

• Handle rate limiting gracefully: Respect 429 responses and adjust your request rate

• Monitor for unexpected errors: Set up alerts for unusual error patterns

Operational Security

Monitoring and Logging

• Log all transactions: Maintain detailed logs of all transactions submitted

• Monitor confirmation status: Actively check if transactions are confirmed

• Set up alerts: Create alerts for failed transactions or unusual patterns

• Implement audit trails: Record who initiated transactions and when

Testing

• Use low fees for development: Shield will accept transactions with fees below the minimum rate acceptable by mining pools. These should only be relayed if a mining pool lowers the fee rate floor below the amount specified.

• Simulate failure scenarios: Test how your system handles API errors or timeouts

• Perform regular security reviews: Schedule reviews of your Shield integration

Protecting Against MEV Attacks

While Shield already provides protection by bypassing the public mempool, consider these additional measures:

• Avoid predictable transaction patterns: Randomize transaction timing when possible

• Consider transaction batching: Batch multiple payments into a single transaction

• Use fixed outputs: For token transactions, consider using fixed output amounts to reduce fingerprinting

• Implement output mixing: Vary the output structure of related transactions

Production Deployment

Application Security

• Segment environments: Maintain strict separation between development and production

• Limit API access: Restrict which systems can make API calls to Shield

• Implement IP restrictions: If possible, whitelist specific IP addresses for API access

• Use access controls: Require authorization for transaction submission in your application

Incident Response

• Create a response plan: Document steps to take if security is compromised

• Establish communication channels: Know who to contact in case of emergency

• Prepare fund recovery procedures: Document how to recover or secure funds if needed

• Have backup RPC options: Maintain alternative transaction submission methods

Shield-Specific Considerations

• Double-check fee calculations: Errors in fee calculation can result in transaction rejection

• Never expose transaction hex: Treat signed transaction hex as sensitive data

• Verify Shield fee output: Always validate that the Shield fee output is correctly included

• Monitor for Shield API changes: Subscribe to updates about Shield service changes