Security¶

Using QuantFin Bot securely is critical to protect your funds. Follow these best practices when using the frontend at quantfin.dexalgo.org.

Private Key Security (End-to-End Encryption)¶

End-to-End Encryption: Your SUI private key is encrypted end-to-end and never accessible to the system in plaintext. The platform cannot view, decrypt, or access your private key at any time.
Local Device Security: Private keys remain secure on your device and are only used locally for transaction signing. The system administrators have no access to your private key.
Device Protection: Use the frontend on a trusted device. Avoid public computers or unsecured networks.
Clipboard Security: Be cautious when handling your private key. Ensure your clipboard is not compromised by malware.

Use a Secure Wallet: Ensure your SUI wallet (e.g., Sui Wallet, Martian Wallet) is secure. Enable two-factor authentication if available.
Check Token Requirements: The frontend requires 5,000,000 PUMPKIN tokens (or whitelist status) to access the bot. Verify your token balance in the top-right corner of the dashboard.
Monitor Connections: After connecting your wallet, ensure the frontend displays your correct wallet address in the top-right corner (or sidebar on mobile).

HTTPS: The frontend uses HTTPS to communicate with the bot’s API at https://quantfin.dexalgo.org/api. Ensure your browser shows a secure connection (lock icon).
Monitor Logs: In the Console Logs panel, watch for unexpected errors (e.g., ERROR: Failed to authenticate). Report issues to the DexAlgo Team.

Stop the Bot When Not in Use: In the sidebar, click Stop Bot to halt trading when you’re not actively monitoring.
Use Graceful Stop: In the sidebar, click Toggle Graceful Stop to stop the bot after closing positions, reducing exposure.
Regularly Check Status: Monitor the Bot Status panel to ensure the bot is running as expected.
Secure Your Account: If the bot supports API key authentication in the future, enable it for added security.