Transfer Lock Mechanism
Overview
The Transfer Lock Mechanism is a critical security component of Curvance's protection system, allowing users to control the transferability of their tokens. Operating as an optional "2FA" layer, this mechanism helps defend against phishing attempts by giving users the ability to temporarily or indefinitely disable token transfers until explicitly re-enabled.
The transfer lock system introduces a security cooldown period when transitioning from a locked to an unlocked state, adding an important time buffer that can prevent attackers from quickly gaining control of assets after compromising an account.
Core Functions
setCooldown()
Description: Sets the duration that transfers will remain restricted after a user disables their transfer lock. This forms the core of the time-delay protection mechanism.
If a user decreases their cooldown, the previous (longer) cooldown will be automatically applied to any pending transfer unlock to prevent a phishing attack where an attacker forces a cooldown reduction.
Contract: CentralRegistry
Function signature:
function setCooldown(uint256 cooldown) externaluint256
cooldown
The length of time (in seconds) that transferability should remain restricted after a lock is disabled. Max value is 52 weeks.
Events:
// Defined in ActionRegistry.sol
event CooldownSet(address indexed user, uint256 userLockCooldown);checkTransfersDisabled()
Description: Determines whether a specific user has transfers enabled or disabled. This can be called by any contract or external account to verify a user's transfer permission status.
Contract: CentralRegistry
Function signature:
function checkTransfersDisabled(address user) external view returns (bool)address
user
The address to check transfer status for.
Return data:
bool
Returns true if the user has transfers disabled or if their cooldown period has not yet expired.
setTransferLockStatus()
Description: Enables or disables token transferability for the caller. When disabling the lock (enabling transfers), the caller's configured cooldown period will be applied.
A user must explicitly flip their transfer lock status (can't set to the same value it already has).
When enabling transfers, the cooldown period starts immediately.
Contract: CentralRegistry
Function signature:
function setTransferLockStatus(bool transferDisabled) externalbool
transferDisabled
true to lock transfers (disable transferability), false to unlock transfers (enable transferability after cooldown).
Events:
// Defined in ActionRegistry.sol
event LockStatusChanged(
address indexed user,
bool isLocked,
uint256 transferEnabledTimestamp
);Last updated