Security

Non-custodial
by design.

Security is not a feature added on top of Eraivo — it is the foundational constraint every other decision is made against.

Key Management

Hardware Security Module

All private keys are generated and stored inside a hardware security module. Key material never leaves the HSM boundary — signing happens inside the enclave and only the signature is returned to the application layer.

No Shared Custody

Eraivo does not hold, escrow, or co-sign user assets. The platform facilitates execution; it does not take custody at any point in the intent lifecycle. This is enforced architecturally, not by policy.

Key Rotation

Relayer signing keys are rotated on a configurable schedule without service interruption. Rotation events are written to the audit log and visible in the dashboard.

Authentication

Sign-In With Ethereum

The control-plane uses SIWE for identity. No passwords, no email accounts, no OAuth third parties. Authentication is a signed message verified on-chain.

Session Security

Sessions are issued as httpOnly, secure, sameSite=lax cookies. TTL defaults to 24 hours. Sessions are invalidated on upstream 401/403 responses.

Service Token Fallback

Service-to-service authentication via bearer tokens is supported for operator tooling. This fallback is disabled by default and not available to browser clients.

API Key Scoping

API keys carry explicit permission scopes. A key cannot be used for operations outside the scope it was issued with.

Network Security

Encrypted Transit

All traffic between services is encrypted with TLS 1.3. Internal service communication uses mutual TLS where supported.

API Gateway Hardening

Rate limiting, request size limits, and header sanitisation are enforced at the API gateway before requests reach any internal service.

Intent Simulation

Every intent is simulated in a forked state before being signed and dispatched. Simulations that revert or produce unexpected state changes are rejected.

Atomic Rollback

Multi-leg intent execution produces no partial states. If any leg fails, the operation rolls back and funds remain with the originator.

Audit & Disclosure

Every action on the platform is written to an append-only audit log — timestamped, attributable, and retained for a minimum of 90 days.

Third-party security audits are conducted prior to each major release. Reports are published publicly.

Report a vulnerability

Questions about
security?

Contact Security Team Platform Features

Non-custodialby design.