Transfer Lock Mechanism

Overview

The Transfer Lock Mechanism is a critical security component of Curvance's protection system, allowing users to control the transferability of their tokens. Operating as an optional "2FA" layer, this mechanism helps defend against phishing attempts by giving users the ability to temporarily or indefinitely disable token transfers until explicitly re-enabled.

The transfer lock system introduces a security cooldown period when transitioning from a locked to an unlocked state, adding an important time buffer that can prevent attackers from quickly gaining control of assets after compromising an account.

Core Functions

setCooldown()

Description: Sets the duration that transfers will remain restricted after a user disables their transfer lock. This forms the core of the time-delay protection mechanism.

If a user decreases their cooldown, the previous (longer) cooldown will be automatically applied to any pending transfer unlock to prevent a phishing attack where an attacker forces a cooldown reduction.

Contract: CentralRegistry

Function signature:

function setCooldown(uint256 cooldown) external
Type
Name
Description

uint256

cooldown

The length of time (in seconds) that transferability should remain restricted after a lock is disabled. Max value is 52 weeks.

Events:

// Defined in ActionRegistry.sol
event CooldownSet(address indexed user, uint256 userLockCooldown);

checkTransfersDisabled()

Description: Determines whether a specific user has transfers enabled or disabled. This can be called by any contract or external account to verify a user's transfer permission status.

Contract: CentralRegistry

Function signature:

function checkTransfersDisabled(address user) external view returns (bool)
Type
Name
Description

address

user

The address to check transfer status for.

Return data:

Type
Description

bool

Returns true if the user has transfers disabled or if their cooldown period has not yet expired.


setTransferLockStatus()

Description: Enables or disables token transferability for the caller. When disabling the lock (enabling transfers), the caller's configured cooldown period will be applied.

  • A user must explicitly flip their transfer lock status (can't set to the same value it already has).

  • When enabling transfers, the cooldown period starts immediately.

Contract: CentralRegistry

Function signature:

function setTransferLockStatus(bool transferDisabled) external
Type
Name
Description

bool

transferDisabled

true to lock transfers (disable transferability), false to unlock transfers (enable transferability after cooldown).

Events:

// Defined in ActionRegistry.sol
event LockStatusChanged(
    address indexed user,
    bool isLocked,
    uint256 transferEnabledTimestamp
);

Last updated