Security Enhancements
Additional protection and recovery options for your funds.
Current Security
LazaiTrader already provides strong security:
| Feature | Status |
|---|---|
| Non-custodial SCW | ✅ Active |
| Owner-only withdrawals | ✅ Active |
| DEX whitelist | ✅ Active |
| Deterministic addresses | ✅ Active |
Planned Enhancement: Backup Recovery Platform
The Challenge
While your SCW is secure, accessing it depends on:
- Your Telegram account
- LazaiTrader bot availability
What if:
- Telegram is unavailable?
- Your Telegram account is locked?
- LazaiTrader services are down?
The Solution
A backup recovery platform that lets you access your funds independent of Telegram.
How Backup Recovery Works
The Security Guarantee
Your SCW smart contract has a fundamental property:
address public immutable owner; // Your EOA
function withdrawAllTokens(address _token) external {
// Funds ONLY go to owner
IERC20(_token).safeTransfer(owner, balance);
}
This means only your registered wallet can receive funds - regardless of who initiates the withdrawal.
Backup Platform Concept
┌─────────────────────────────────────────────────────────────┐
│ Backup Recovery Platform │
├─────────────────────────────────────────────────────────────┤
│ │
│ 1. Connect with your registered EOA │
│ 2. Prove ownership via signature │
│ 3. View all your SCW balances │
│ 4. Initiate withdrawal to YOUR wallet │
│ │
│ Works even if Telegram is unavailable │
│ Works even if LazaiTrader bot is down │
│ │
└─────────────────────────────────────────────────────────────┘
Why This Works
Smart Contract Guarantees
The withdrawal destination is immutable:
| Scenario | Withdrawal Goes To |
|---|---|
| Via Telegram bot | Your EOA ✅ |
| Via backup platform | Your EOA ✅ |
| Via direct contract call | Your EOA ✅ |
| Any other method | Your EOA ✅ |
There is no way to change where funds go.
No Trust Required
The backup platform:
- Cannot redirect your funds
- Cannot access your private keys
- Only facilitates a withdrawal you could do directly
Backup Platform Features
Planned Capabilities
| Feature | Description |
|---|---|
| Wallet connect | Connect any Web3 wallet |
| Balance view | See all SCW holdings |
| Withdrawal | Send funds to your EOA |
| Cross-chain | Works on all deployed chains |
| No account needed | Just connect and prove ownership |
How to Use (Planned)
1. Go to backup.lazaitrader.com (example)
2. Click "Connect Wallet"
3. Connect your registered EOA
4. Sign message to prove ownership
5. View your SCW balances
6. Click "Withdraw All" or select specific tokens
7. Confirm transaction
8. Funds arrive in your connected wallet
Alternative Recovery Methods
Even without a dedicated backup platform, you can always recover funds directly:
Direct Contract Interaction
Using any block explorer:
- Go to Metis Explorer
- Find your SCW address
- Go to "Write Contract" tab
- Connect your registered wallet
- Call
withdrawAllTokens(tokenAddress) - Confirm transaction
Using Ethers.js/Web3
// Connect with your EOA
const wallet = new ethers.Wallet(privateKey, provider);
// SCW contract interface
const scw = new ethers.Contract(scwAddress, SCW_ABI, wallet);
// Withdraw tokens
await scw.withdrawAllTokens(tokenAddress);
Additional Security Features
Planned Enhancements
| Feature | Description |
|---|---|
| Activity alerts | Email/push for unusual activity |
| Rate limiting | Prevent rapid successive trades |
| Emergency pause | Halt trading if issues detected |
| Multi-sig option | Multiple signatures for large withdrawals |
Activity Monitoring
🔔 Alert: Unusual Activity Detected
Your SCW executed 5 trades in 10 minutes.
This is higher than typical activity.
Recent trades:
• SELL 0.5 ETH @ 10:01
• SELL 0.3 ETH @ 10:03
• SELL 0.4 ETH @ 10:05
...
[View Details] [Pause Trading] [Withdraw All]
Trust Model Enhancement
Current Trust
| Component | Trust Level |
|---|---|
| Smart contract | High (code is law) |
| Bot availability | Medium |
| Telegram | Medium |
With Backup Platform
| Component | Trust Level |
|---|---|
| Smart contract | High (unchanged) |
| Bot availability | Low (backup exists) |
| Telegram | Low (backup exists) |
Emergency Procedures
If Telegram Is Unavailable
- Don't panic - your funds are safe
- Use backup platform or direct contract call
- Withdraw to your EOA
- Wait for services to restore
If LazaiTrader Is Down
- Trading stops (no new trades)
- Existing funds are safe in SCW
- Use backup recovery to withdraw
- Await service restoration
If You Lose Telegram Access
- Recover Telegram account if possible
- Use backup platform with your EOA
- Withdraw funds
- Re-register with new Telegram if needed
FAQs
Do I need to set up backup recovery?
No setup needed. Your registered EOA already has withdrawal permission. The backup platform just makes it easier.
What if I lose access to my EOA?
This is critical - your EOA is the only withdrawal destination. Always backup your seed phrase securely.
Can hackers use the backup platform?
Only if they have your EOA private key. The platform doesn't add any new access - it just provides a convenient interface for existing permissions.
Is this live yet?
The backup platform is planned. However, you can always recover via direct contract interaction today.
Your Responsibility
Even with all these safeguards, you must:
| Action | Why |
|---|---|
| Backup seed phrase | Only way to recover EOA |
| Secure your devices | Protect wallet access |
| Monitor activity | Catch issues early |
| Understand the system | Know how to recover |
Further Reading
- How Funds Are Protected - Current security
- Non-Custodial Wallets - Custody model
- Current Features - What's available now