Skip to main content

VolatiCloud Threat Model

This page is the security claim we are willing to defend in public. It's intentionally specific about what we protect and about what we don't yet, so you can make an informed decision about what to entrust to the platform.

The structure: what's worth protecting, who we model as a threat, what we defend against today, what we're honest about not yet defending, and the wave-by-wave roadmap to close the remaining gaps. If you only read one section, read What we are honest about not yet defending.

Assets We Protect

AssetWhat it isWhy it matters
Exchange API keysCredentials that let runner pods place trades on your behalfA compromised key can place adverse trades; with withdrawal disabled it cannot drain the account directly
Strategy codeYour trading logic — the alpha you've spent time developingTheft of a profitable strategy is theft of recurring revenue
Bot configurationRisk parameters, pair lists, timeframes, leverage settingsReveals strategy structure and trade size
Trade history & monitoring dataWhat your bot actually didReveals strategy in retrospect and exposes P&L
Account credentialsVolatiCloud login + session tokensAccount takeover lets an attacker reach all of the above

Threat Actors We Model

  • External attacker, no credentials. Casual scanner, opportunistic exploit, credential stuffing.
  • External attacker with one user's credentials. Leaked password, phishing, session hijack.
  • External attacker with elevated cloud access. Runtime exploit, container escape, supply-chain compromise of a runtime dependency.
  • Insider with legitimate access. A VolatiCloud employee, contractor, or operator who can see sensitive resources in the course of their duties.
  • Supply-chain attacker. A compromised dependency, container image, or infrastructure provider.

What We Defend Against Today

External Attacker, No Credentials

External Attacker with One User's Credentials

  • UMA 2.0 resource-level authorization (per ADR-0008) — leaked credentials only access what that one user could access
  • Session re-auth on the most sensitive operations
  • Audit logs of every sensitive-resource read, visible to organization admins (Encryption — Audit Logs)

External Attacker with Elevated Cloud Access

  • AES-256-GCM at-rest encryption for sensitive config fields (per ADR-0026) — full database exfiltration yields ciphertext, not plaintext keys
  • Withdrawal-disabled enforcement as a hard floor — even exfiltrated keys cannot drain customer accounts
  • Egress-IP allowlisting so even a stolen key only works from our runner pods (when you've configured it on the exchange side)
  • mTLS on internal service-to-service traffic managed by the service mesh

Insider with Legitimate Access

  • Audit logs of every sensitive-resource read, surfaced to organization admins and exportable to CSV
  • Operational controls and segregation of duties for production-data access
  • Background checks and signed confidentiality agreements for personnel who can reach production
  • Withdrawal-disabled rule as a hard floor — even hostile insiders cannot move customer funds off-exchange

Supply-Chain Attacker

  • Pinned dependency versions in go.sum and package-lock.json — no floating tags, no latest
  • Advisory monitoring on key dependencies (Go runtime, gqlgen, ENT, React, Docusaurus, Freqtrade)
  • Container image hygiene — base images pinned by digest where supported

What We Are Honest About Not Yet Defending

These are real gaps. They're intentional in the sense that closing them requires infrastructure that ships in later trust-ladder increments — not because we don't take them seriously.

GapToday's mitigationCloses in
Strategy code is plaintext in our database. An insider with database access can read your strategy.Audit logs + operational controlsTier 1 (passphrase encryption) and Tier 2 (passkey-bound E2EE)
Strategy code is plaintext in runner memory at execution time.Inherent — Freqtrade needs the code to run it.Tier 5 (hardware-attested confidential VMs)
Encryption keys live on our infrastructure.Backend-controlled key, audit logs, restricted accessTier 3 (Bring Your Own Key — BYOK)
Bot monitoring telemetry is plaintext on our side so we can compute alerts and platform-wide insights.By-design todayTier 4 (strict mode) for orgs that want to opt out of server-side processing of monitoring data

Roadmap

We're shipping a phased plan to close the gaps above without breaking the platform you already use. Detailed plan: Trust Feature Ladder spec. The short version:

Wave 1 (in progress)

  • Withdrawal-disabled enforcement (shipped — see API Keys)
  • Audit log export
  • Published runner egress IPs
  • Public bug bounty
  • Tier 1 customer-supplied passphrase encryption (Argon2id verifier already shipped — see api/internal/passphrase/)
  • Tier 3.A BYOK Lite

Wave 2

  • Tier 2 passkey-backed E2EE for strategies and exchange keys
  • Tier 3.B BYOK Standard with federation into your KMS

Wave 3

  • Cosign-signed reproducible runner builds
  • Open-source dashboard subtree under FSL-1.1-MIT

Wave 4

  • Tier 5 hardware-attested confidential VM execution
  • Tier 3.C BYOK Advanced with HSM-backed policy

Wave 5

  • Tier 6 Bring Your Own Cloud (BYOC)
  • Tier 4.D Full air-gapped mode for institutional customers

Each wave ships with a marketing claim we are willing to defend in public. We'll update this page as each wave lands so this document stays the canonical source of truth for the platform's current security posture.

Out of Scope (for This Threat Model)

  • Quantum resistance. We use industry-standard symmetric ciphers (AES-256-GCM) and asymmetric primitives (P-256 for WebAuthn, RSA-2048 for Keycloak). We will revisit when post-quantum standards are widely deployed.
  • Physical compromise of an end-user device. If your laptop is stolen with an active session, we cannot help. Lock your screen.
  • Phishing of your VolatiCloud password. Use a strong password, enable MFA in Keycloak, and consider a password manager.

Found a Hole?

Report a vulnerability. We acknowledge in-scope reports within 48 hours.