Orderbook security features
By Oleh Vasylenko
updated about 1 month ago
Orderbook security features
Written by Polina Aladyina
Updated over a week ago
Security of our platform is a key priority for us. That’s why we decided to make it decentralized. How does this affect the safety? Here is an explanation of important features that are provided to users to get an advantage in safety of storing and operating their funds.
Centralized platforms have a central control point to hack.
In opposite, Orderbook is built decentralized. The platform is just an interface that allows the user to operate with their smart contract. Every password action is browser-based and encrypted. It means that user's private key is decrypted only in the browser and is never transferred to Orderbook’s server unencrypted. None of the exchange operators have any access to users’ keys or funds or passwords.
The conclusion is obvious: using a decentralized platform will make the probability of losing the user's money much less, thus increasing the safety of using the platform.
When a centralized platform goes down, there is a high chance of losing everything stored on it.
When the platform goes offline and the private key for your address hasn’t been provided, there is no possibility to access funds stored on the address.
In case of Orderbook, each user account is implemented as a smart contract. It has a unique function of reassigning ownership of user account’s contract to Ethereum address outside of Orderbook. This functionality could be used to return access to all funds stored on user contract.
Orderbook, as part of the signup process, sends an email to the user with his private key backup. If user follows the instructions in the email, they get the Address of the Ethereum account and Public and Private keys of the account. This address will be used in case of Orderbook going down to transfer funds from user’s contract.
The backup address changes with the password change.
Taking access to user’s private key allows a hacker to do any operation with funds
Each transaction on Orderbook has to be signed by two keys — one is owned by users themselves, and the other one is owned by the platform. That makes hacking our platform or your computer pretty much useless as a mean to steal lots of money. Only hacking both of them will do, but if you can pull this off then you should also be able to earn way more on hacking banks.
Orderbook doesn’t transmit user’s private keys unencrypted.
Recovery of the password is not possible if it's not backed by blockchain
Multisignature for all transactions will save users from hackers but not from faulty hard drives or theft of their laptop or forgetting the password. To tackle this tricky problem we used third-party authentication service SecondFactor.
SecondFactor stores the third key and will use it to restore your access if you lose your private key which is accessible by user's password. After meticulously verifying that this is really you. So two out of three of these keys are needed to perform any transactions. And just to wrap it up Orderbook will send an instruction for restoring funds to each user in case things go dire for the platform itself.
Internal operations in user’s account aren’t always detectable by the user
In opposite to centralized platforms, all changes on Orderbook related to tokens and coins happen on-chain.
All token trades, order placings and order matchings are transparent. Every operation is publically accessible by any blockchain explorer.
By that, any user can be sure that no action from Orderbook's side contradicts their own rights. Such architecture ensures that Orderbook doesn’t just add ones and zeros in its database to affect user’s balance. Also, this makes our platform unsuitable for pump and dump manipulations.