Core Concepts
The core design philosophy of Chain Wallet is:
Execution is governed by risk control, and governance is handled by multisignature.
This philosophy is mainly reflected in two aspects:
- Permission Management Model: Separating execution and governance through role-based permissions
- Risk Control System Design: Ensuring secure execution boundaries through rule-based constraints
I. Permission Management
In Chain Wallet, wallet roles are mainly divided into two categories:
-
Executor
-
Manager
-
Executor transactions:
Are validated by the risk control system and do not go through multisignature, ensuring execution efficiency. -
Manager operations:
Involving wallet status, role changes, and risk control rule updates must be completed through multisignature, ensuring the highest level of security.
1. Executor
Executors are responsible for daily transaction execution, such as transfers and smart contract interactions.
- Execution-only permissions
- All transactions must comply with predefined risk control rules
- Cannot directly modify wallet status or risk control policies
2. Manager
Managers are responsible for wallet governance and security configuration, including:
- Wallet status management
- Role management (Executor / Manager)
- Creation, modification, and removal of risk control rules
- Any type of transaction
Manager operations typically require a higher security level and are completed through a multisignature mechanism.
3. Why This Design
Consider a standard on-chain wallet:
- Once the private key is compromised
- All assets may be immediately drained by an attacker
Such losses are often irreversible.
3.1 Existing Solutions
Cold Wallets
Cold wallets are offline, keeping private keys out of networked environments, which can reduce the risk of key theft.
However, cold wallets are not suitable for programmatic or automated transaction execution, offering very limited automation capabilities.
Multisignature Wallets
A transaction requires approval from multiple private keys. An attacker would need to compromise multiple keys simultaneously to steal funds.
Multisignature wallets significantly improve security but also introduce new challenges.
Limitations of Cold Wallets and Multisignature Wallets
-
Not suitable for automated execution
- Multisignature requires multiple manual confirmations
- Execution flows are difficult to precisely control via code
- Cold wallets also fail to meet automation requirements
-
High operational cost and complexity
- Every transaction requires multiple participants
- Not friendly for high-frequency or business-critical wallets
4. Chain Wallet’s Approach
Chain Wallet inherits the security advantages of multisignature wallets while introducing a permission-based execution model:
- Executor: Executes transactions
- Risk Control System: Constrains executor behavior
- Manager: Can intervene quickly in abnormal situations
Executors can execute transactions, but only those that comply with risk control rules.
II. Risk Control System
The risk control system is especially important in the following scenarios:
- Executor private keys may be compromised
- Execution accounts are shared by multiple users
- There is a need to limit the operational authority of individual executors
The goals of the risk control system are:
- Limit potential losses even if a private key is leaked
- Detect abnormal behavior as early as possible
- Buy time for managers to respond
- Freeze the wallet when abnormal activity occurs
Risk Control Example
For example:
- Limit the wallet to a maximum outbound transfer of 0.03 SOL per day
Under this rule:
-
An attacker cannot drain all assets in a single transaction
-
After abnormal activity is detected, managers can:
- Immediately replace the executor
- Adjust or freeze risk control rules
- Freeze the wallet entirely
Flexible Risk Control Rules
Chain Wallet supports multiple combinations of risk control rules:
- Amount limits
- Frequency limits
- Address whitelists / blacklists
- Custom strategy rules
You can choose the most suitable risk control solution based on your business needs, achieving a balance between security and flexibility.