Product Feature

Account Management

Account Management implies the management of the account's asset private keys. Refer to Keys and Signatures for details of the asset private key principles. During the account registration, the asset private key is first derived from the Ethereum address, and the relationship between the two is tied to the registered account.

Locking and Unlocking an Account

The asset private key is temporarily stored in the local browser SessionStorage that the user used to access When the browser is closed or all browser tabs with are closed (no more active session), the generated asset private key data is automatically deleted. Hence, each time the user reopens the browser to access DeGate, they are prompted to unlock their account. This step derives the same asset private key again by using the user's wallet private key to perform an ECDSA signature where the signature content is consistent with the account registration signature.
Sign this message to access DeGate Exchange:
0xdac304791B7f53593C701980aa52087Ed7EC6649 with key nonce: 1
Users can also choose to lock their account which will delete the asset private key information in the SessionStorage immediately while not leaving the website. Only when the account is unlocked, then users will be able to access their DeGate account information such as assets, orders, and historical records.

Reset Asset Private Key

In general, it is safe to store the asset private key in the SessionStorage, but there can be accidental disclosure risk. For example, when a user mistakenly signs a signature to generate the asset private key on a phishing website. If the asset private key has been disclosed, the asset private key needs to be reset immediately.
The reset process is similar to the account registration process. The wallet's private key is used to perform two ECDSA signatures – for the first, a KeyNonce +1 signature generates a new asset private key and the second is to submit the request to send the new asset private to the DeGate node.
When the DeGate protocol is processing the request to reset, some features will be temporarily affected.
  1. 1.
    All active open orders that are resting in the order book will be canceled.
  2. 2.
    Users will not be able to perform operations such as withdrawals, transfers, trades, etc.
  3. 3.
    Users can still initiate another reset request while the current reset is in progress, this will increase the KeyNonce by 1 based on the current reset KeyNonce.
The asset private key is reset when the zkBlock containing the reset transaction is submitted on-chain and after the on-chain transaction is confirmed on the network.
As soon as a user realizes their wallet private key is compromised or disclosed, please withdraw all assets on DeGate as the attacker will have full access and control of their DeGate account.

View Asset Private Key

The viewing of the asset private key is only relevant for users that wish to use DeGate SDK. Once the account is unlocked, users will be able to view their DeGate account information such as the asset private key, assets, orders, and historical records. This can be done by using the View Asset Private Key feature. Please take the necessary precautions before using this feature.