🔓Security

We take security seriously at Slick Swap 👮

Your wallet created during signup is in fact a Smart Contract, not a regular address. This smart contract has a minimal set of functions available: it can trade on DEXs (with our server's authorization), receive deposits, perform withdrawals (with your authorization) and migrate to a newer version (with your authorization). It is not possible to do anything else – that is guaranteed by the Ethereum network.

Furthermore, we do not store your password or keys anywhere (and we delete the password from the chat as soon as you send it), meaning that even if our server gets hacked, it will not be possible to withdraw the funds without knowing your password. This is what sets us aside from many other products, which claim "to take extraordinary measures", "use highly secure cloud stack" and so on to avoid keys being stolen; we deliberately chose a trustless setup, where there is nothing to be stolen in the first place. That is why we do have to ask you for the password for every withdrawal, and we do appreciate it could be a bit annoying, but this allows us to protect your funds in the best possible way.

The smart contract is also fully autonomous: for example, if you choose to protect your wallet with your own address, you can withdraw funds at any time without interacting with the bot.

We anticipate that we may periodically upgrade the smart contract to add new features, but rest assured that every upgrade will be run by you and will also require your authorization (this is enforced by the contract's code too, of course).

Should you have any deep technical questions, or have a simple spark of curiosity regarding the logic of the smart contract, reach out to our support group on Telegram. We will be delighted to assist you!

So, let's take a look at how you can set up your account to be secure! During the onboarding process, we provide two options to secure your account.

Option 1 - Enter a password (secure)

Option 2 - provide us with your own (EOA) wallet address (even more secure)

Setting up your account

Option 1 - using a password

Here's how it works.

1. User signs up for Slick Swap on Telegram and chooses to use a password to protect their account.

2. User enters a password (passing some requirements and validation).

3. This password is then used to generate a dummy wallet address which is saved in the smart contract.

4. The password is deleted and never stored in our database.

5. At some point in the future when making a withdrawal, the user enters their password and we see whether we can generate a matching dummy wallet address that exists in the smart contract. If we do, the withdrawal can proceed with a wallet address of your choice. If not... well, try again?

Pros and cons of a password

Pros:

• Simple to use, quick

• You can choose a different wallet address for your transactions

Cons:

• If you forget your password, we can't help you - we never store your password so your funds will be locked until you remember it

Option 2 - using a wallet address

Here's how it works.

1. User sign up for Slick Swap on Telegram and chooses to use a wallet address to protect their account.

2. User enters their wallet address (passing some requirements and validation).

3. The wallet address is then stored in the Smart Contract.

4. For each withdrawal in the future, we will ask the user to verify ownership of this wallet; they will be directed to a confirmation page which will then trigger a wallet-verification process (varies per your provider).

Pros and cons of a wallet address

Pros:

• Very secure - even if your Telegram account is hacked, the perpetrator can't withdraw funds to their own wallet address

Cons:

• You need to verify ownership for each withdrawal

• You can't change this wallet address as it's part of the Smart Contract