Copy link
Release 4.4
What’s new:
Added functionality for working with auto-signing to improve wallet security
Auto-signing is enabled by default. The user sees the auto-signing status and the wallet password status (now each wallet must have its own password if the user disables auto-signing):
If auto-signing is enabled, no additional actions are required from the user.
The user can enable and disable auto-signing:
The user can download the right part of the private key:
- case 1: if the user has auto-signing enabled and a wallet password set, then it should be possible to download the right part of the private key;
- case 2: if the user has auto-signing enabled, but the password for the right part of the private key is not set, then when trying to download the right part of the private key, a form for setting a password for the right part of the private key should open, and after the form for downloading the right part of the private key;
- case 3: if the user has auto-signing disabled, but a password for the right part of the private key is set, then when trying to download the right part of the private key, a form for enabling auto-signing should open, and after the form for downloading the right part of the private key.
To download the right part of the private key, turn off/on auto-signing, you need to set a password for the wallet:
You also can set password for the wallet, by creating:
If auto-signing is disabled, the following will not be available:
- Checkouts(Donation, Sale, Cart)" - you will only be able to top up the main currency, since to replenish the token, the merchant wallet must send funds to the client wallet to pay for the Miner Fee, it will not do this without auto-signing.
- Checkouts(Sale token)" - will not work, since at present the system itself creates a transaction for withdrawing the currency or token being sold, this cannot be done without auto-signing.
- Client wallets replenishment - a scenario similar to Checkouts(Donation, Sale, Cart). If you replenish a client wallet with auto-signing disabled, a transaction with an error will be created, after auto-signing is enabled, the transaction will be completed.
- Swap - will not work, since at present the system itself creates a transaction for withdrawing the exchanged currency, this cannot be done without auto-signing.
- Auto-swap - will not work, since at the moment the system itself creates a transaction for withdrawing the exchanged currency after the currency specified in the auto-swap rule has arrived at the merchant's wallet address.
When auto-signing is disabled on the merchant wallet, the user must "attach" the right part of the private key in encrypted form as a txt file, enter the password for it and successfully pass all activated authentication methods (E-mail 2FA, Two-factor authentication, Phone 2FA) for the following functions:
- Withdraw:
- Send form:
- NFT withdraw:
- Multisend:
- Swap and swap for stable:
If the right part of the private key is incorrect, the system notifies the user by email and blocks the withdrawal of funds:
- for 5 minutes (first incorrect attempt)
- for 15 minutes (second consecutive incorrect attempt)
- for 60 minutes (third consecutive incorrect attempt)
- for 24 hours (fourth and subsequent consecutive incorrect attempts)