Wallet Security

Introduction

One major advantage of Minara is that she creates a custodial smart wallet for each user. Users can effortlessly explore any blockchains without gas tokens(like $ETH or $SOL) or learning crypto wallets.

Unlike traditional centralized exchanges, this custodial smart wallet is not stored in Minara's internal database, but is an on-chain smart contract wallet. Minara can manage the funds in this wallet but cannot hide, delete or blacklist it. In the future, users will have the ability to customize how Minara utilizes their funds.

To elaborate, Minara's wallet system involves two types of wallets:

• Funding Wallet: An automatically generated smart contract wallet for each user, storing the funds they deposit. It makes fund flows transparent, auditable, and verifiable, which is different from CEXs.

• Controller Wallet: A wallet controlled by Minara that can manage the Funding Wallet and its funds, conducting transactions, staking, and other on-chain operations. This wallet uses advanced cryptography technology such as key sharding, multi-signature, and TEE to ensure security while maximizing signature efficiency.

Funding Wallet

Funding wallet is based on Universal Account by Particle Network. It's a kind of smart contract wallet built on the ERC-4337 standard and compatible with existing EOA wallets.

User deposits are stored in this smart contract wallet, with every transaction publicly recorded and verifiable on-chain. This ensures funds cannot be misused in private and allows for full auditing.

Controller Wallet

Minara's Controller Wallet leverages Privy, TEE (Trusted Execution Environment) and a multi-party authorization signing mechanism. Its core features include:

• Sharded Key Management & TEE Custody: Keys are encrypted and stored in shards across different security boundaries. They are encapsulated and retrieved within the TEE, ensuring they always remain in a trusted environment.

• M-of-N Authorized Signatures: Multi-party authorization enhances transaction security. Independent services like business, risk control, and strategy services contribute to signature verification, minimizing single points of failure.

• Service Signature Key Protection: AWS KMS provides independent protection for key signatures.

• Account Policy Control: Supports customizable permission policies based on account types and user dimensions, dictating transfer permissions, contract types, transaction limits, and more.

Technical References

• Privy & TEE Custody + Sharded Key Management

• Intel SGX Developer Guide

• AWS KMS (Envelope Encryption, IAM Policy)