Liquidus Finance
  • Liquidus Finance
  • Overview
    • 💡The Vision
    • ✨Our Features
    • 📜Litepaper
  • Liquidus Wallet App
    • 📲Download Now
    • 🔒Create & Import A Wallet or Account
      • How to create a wallet in Liquidus
      • Import an existing wallet with Liquidus
      • Adding a new account, importing or switching accounts
      • Change the account name or color
    • 👣Wallet Basics
      • Receive tokens or find out your address
      • Send Tokens
      • Check your transaction history
      • The side menu and what to do there
        • Import a custom network
        • Import a custom token
    • 📈Track Your Holdings & Pools
      • Track the value of your crypto portfolio
      • Farm and pool details
    • 🔄Swap Tokens
      • Swapping tokens using the best exchange rates
      • Swap Settings
    • 🌊Manage Pools & Farms
      • Top Up a Farm or Pool
      • Check out the Liquidus Security Rating
      • Withdraw tokens from a farm or pool
      • Harvesting farms
    • 💰Find the highest interest-paying farms
    • ⁉️Have problems or need to get help?
  • Liquidus Farm
    • 👨‍🌾LIQ Yield Farming
    • 💰How To Start Farming
    • ➡️Harvest & Withdraw
  • Technical Details
    • ℹ️Wallet and Infrastructure Security Features
    • 🔐Wallet App Encryption & Security
    • ⛓️Smart Contracts
      • LIQ Token Contracts
      • Wallet App Contracts
        • KyberSwapLIQ.sol
        • LiquidusAutoLP.sol
        • LiquidusBoost.sol
        • LiquidusFeeEstimation.sol
      • Single Token Farm Contracts
      • Liquidity Pool Farm Contracts
      • Liquidus NFT Contracts
    • 🛡️Audits
    • 🐞Bug Bounty
  • LIQ TOKEN
    • 💧The Liquidus LIQ Token
    • 🔥Buyback & Burning Mechanism
    • 🥇Premium Tiers
  • About Liquidus
    • 🧑‍🤝‍🧑Community
    • 🏢The Liquidus Company
    • 📩Liquidus Insider
    • 🏛️Legal
Powered by GitBook
On this page
  1. Technical Details

Wallet App Encryption & Security

The technology that makes the Liquidus wallet so secure.

PreviousWallet and Infrastructure Security FeaturesNextSmart Contracts

Last updated 2 years ago

Since there have been a couple of questions about the wallet encryption functionality of the Liquidus app, we want to give a quick overview of how we make sure that the user’s funds are safe:

The seed phrase and subsequently derived private keys are generated on the device only (not in the backend). The private key never leaves the device and is totally controlled by the user. Of course, you can export the seed phrase or private key and import it into another wallet if you like — the Liquidus app is essentially a fully non-custodial wallet, meaning you have full custody of your private keys and seed phrase.

Liquidus uses the Advanced Encryption Standard (AES) algorithm to protect your wallet

After the generation (or import) of an account, the seed phrase and associated private keys are directly encrypted. We use the state-of-the-art Advanced Encryption Standard (AES) algorithm in counter mode to encrypt confidential wallet data. The encryption blob is saved in the private storage of the application (so-called application sandbox). This ensures that other apps cannot access the encrypted wallet data.

The encryption key for the wallet itself is composed of the user-defined pin code plus a randomly generated number (so-called salt value). These two components are used as input for a password-based key derivation function (PBKDF). The PBKDF outputs a cryptographically secure key for the AES encryption function. The AES key is not stored in memory but generated on-the-fly after the user entered his or her pin code following industry best practices for handling encryption keys.

When biometrics has been enabled, the pin code is stored in the secure storage of the device (iOS Keychain or Android Keystore). Both are backed by dedicated security hardware modules. The secure storage is only accessible after successful authentication with either fingerprint or face ID and is supposed to be the most secure way to store sensitive data on a mobile device (such as the app’s pin code).

Log-out manager: You may already have noticed that the app is locked automatically after two minutes of inactivity (time can be changed in user settings). Basically, after this period the wallet’s internal memory is wiped and it must be decrypted again before you can use it. That’s why you must re-enter the pin or authenticate via biometrics when you have not used the app for a couple of minutes. This ensures that the wallet is kept in memory in unencrypted format only for a limited amount of time, limiting the attack surface dramatically.

In general, we are following the OWASP Mobile Application Security guidelines as much as possible during implementation to ensure a very high level of security for the Liquidus app. Nevertheless, we plan to let the wallet be audited by an external consultancy for two reasons: First to make sure we have implemented all the mentioned security features correctly, and secondly, to get a certificate of the wallet’s integrity which states that there is no backdoor or similar that could lead to a loss of user funds.

Written by our software architect.

🔐
Liquidus Wallet Security Features