Security Best Practices
Ensuring security when using Shield is critical for protecting your transactions and funds. Follow these best practices to maintain security when integrating with and using Shield.
Transaction Security
Key Management�
- Store private keys securely: Never store private keys in plaintext or in code
- Use hardware wallets for signing transactions involving significant amounts
- Implement multi-signature requirements for high-value transactions
- Rotate signing keys periodically for ongoing operations
Transaction Creation
- Verify payment addresses: Always obtain Shield payment addresses from the /info endpoint, never hardcode them.
- Double-check transaction outputs: Before signing, verify recipient addresses and amounts
- Implement output address validation: Check for typos or errors in Bitcoin addresses
- Keep software updated: Use up-to-date Bitcoin libraries with the latest security patches
API Integration Security
Request Security
- Use HTTPS only: Never make API calls over unencrypted HTTP. Shield does not support HTTP requests.
- Verify SSL certificates: Implement certificate pinning for production applications
- Set reasonable timeouts: Implement timeouts for all API requests
- Validate all responses: Never assume response data is well-formed
Error Handling
- Implement proper error handling: Log errors but don't expose sensitive details
- Add retry logic with backoff: Use exponential backoff for retries to avoid overwhelming the API
- Handle rate limiting gracefully: Respect 429 responses and adjust your request rate
- Monitor for unexpected errors: Set up alerts for unusual error patterns
Operational Security
Monitoring and Logging
- Log all transactions: Maintain detailed logs of all transactions submitted
- Monitor confirmation status: Actively check if transactions are confirmed
- Set up alerts: Create alerts for failed transactions or unusual patterns
- Implement audit trails: Record who initiated transactions and when
Testing
- Use low fees for development: Shield will accept transactions with fees below the minimum rate acceptable by mining pools. These should only be relayed if a mining pool lowers the fee rate floor below the amount specified.
- Simulate failure scenarios: Test how your system handles API errors or timeouts
- Perform regular security reviews: Schedule reviews of your Shield integration
Protecting Against MEV Attacks
While Shield already provides protection by bypassing the public mempool, consider these additional measures:
- Avoid predictable transaction patterns: Randomize transaction timing when possible
- Consider transaction batching: Batch multiple payments into a single transaction
- Use fixed outputs: For token transactions, consider using fixed output amounts to reduce fingerprinting
- Implement output mixing: Vary the output structure of related transactions
Production Deployment
Application Security
- Segment environments: Maintain strict separation between development and production
- Limit API access: Restrict which systems can make API calls to Shield
- Implement IP restrictions: If possible, whitelist specific IP addresses for API access
- Use access controls: Require authorization for transaction submission in your application
Incident Response
- Create a response plan: Document steps to take if security is compromised
- Establish communication channels: Know who to contact in case of emergency
- Prepare fund recovery procedures: Document how to recover or secure funds if needed
- Have backup RPC options: Maintain alternative transaction submission methods
Shield-Specific Considerations
- Double-check fee calculations: Errors in fee calculation can result in transaction rejection
- Never expose transaction hex: Treat signed transaction hex as sensitive data
- Verify Shield fee output: Always validate that the Shield fee output is correctly included
- Monitor for Shield API changes: Subscribe to updates about Shield service changes