A fully realized implementation of the SFT protocol involves many interconnected contracts maintained by different entities. As such, it is important to anticipate and know how to deal with events where another party is compromised or found to be acting in bad faith.
We have compiled a list of possible scenarios and solutions below. If you can imagine an issue that is not mentioned here, please contact us so we can discuss it and add it to the list.
In this section we provide technical solutions to problems, however many of these situations will also have a legal component. The nature of security tokens means that every involved entity is easily identified, so when someone is acting in bad faith it is possible that resolution will be the result of a court order. Issuers must keep in mind that although technically they can transfer any investor’s tokens without approval, this does not mean that legally they are always allowed to.
Investor Changes Country¶
An investor who changes their legal country of residence will necessarily alter their ID hash. In this case the investor should resubmit their KYC/AML to an registrar active within the new country, receive a new ID hash attached to a new address, and transfer their tokens from their old address to the new one. Their old ID may then be restricted.
Investor is Sanctioned¶
If an investor is sanctioned or otherwise has their assets legally frozen, a registrar can use
KYCRegistrar.setInvestorRestriction to block them from transferring any of their tokens.
Court Ordered Transfer of Assets¶
In cases such as a lawsuit or the execution of a will, an issuer may be legally required to perform a token transfer. This is possible using
Lost Investor Private Key¶
An investor who has lost a private key should contact the registry authority and verify their identity off-chain. The authority can restrict the address of the lost key with
KYCRegistrar.restrictAddresses, then add one or more new addresses with
KYCRegistrar.registerAddresses. The investor may retrieve tokens from the lost address either with assistance from the issuer, or by using the
Compromised Investor Private Key¶
If an investor’s private key is hacked, they should contract the registrar immediately to have the hacked address restricted. If tokens were transferred from the restricted address before it was blocked, the response will depend on the nature of the transfers:
- If tokens were sent directly to another investor, the issuer can use
IssuingEntity.setInvestorRestrictionto restrict the recipient until a legal resolution is reached. They can then use
SecurityToken.transferFromto return the tokens to the original address.
- If tokens were sent directly into a centralized exchange, the exchange must be notified immediately. Whether the exchange can help will depend on if the tokens were sold or not, and if yes, whether the funds from the sale were withdrawn and where they were sent.
In a case where a registrar contract is so thoroughly compromised that an issuer deems it can no longer be trusted, the issuer can remove the registrar by calling
IssuingEntity.setRegistrar. This will also restrict every investor that was approved by this registry. These investors will have to KYC via a different registrar in order to be able to transfer their tokens.
If a custodian is hacked or found to be acting in bad faith, an issuer may block them with
IssuingEntity.setInvestorRestriction. They may then use
IssuingEntity.setBeneficialOwners to remove the custodian from the list of beneficial owners, and
SecurityToken.transferFrom to seize any tokens held by the custodian.
A list of beneficial owners can be obtained by filtering for the
As the issuer is the highest authority over their own tokens, a fully compromised issuer presents a challenging situation to overcome. Issuers should always follow strict security practices including keeping the original owner private keys in cold storage, isolating function authority via permissioning, and using strict multi-sig requirements.
If an IssuingEntity contract is compromised the best course of action will be to immediately notify all investors and custodians and halt secondary trading. The issuer will have to deploy new contracts and reissue tokens based on a determined historic state of the blockchain.