Security

BYOB is built with ultra tight security in mind. You can use BYOB in three modes, each with their own level of security and feature set.

Zero-risk mode

Zero-risk mode means BYOB is only a web interface to compose transactions into a big atomic transaction. You can create complex workflows like flash loan interactions, instant leverage on degenbox strategies or do manual arbitrage if you like. Everything is signed by you, nothing is sent to our backend.

Self-custody mode

In self-custody mode limited information is sent to our backend in order to enable delayed execution. Suppose you want to swap 100 SOL to USDC but have complete control over when. Create a workflow that does this, then create a webhook for it. You sign the transaction (using a durable nonce) and the signed tx is stored in the backend. You get a webhook url back and can trigger it at any time, even write a Zapier workflow for it!

It is important to note that BYOB cannot do anything other than execute the signed tx. Even if one byte is changed the signed transaction cannot be used anymore, meaning the total amount of risk this has is that the tx is executed. It can also only be executed once.

Bot mode

This is the ultimate feature set of BYOB. You can create bot accounts which are basically wallets where the private key is stored securely in our backend. Interaction with these bot accounts is only possible by providing signed messages with the wallet used to create the bot account. With bot accounts you can create full automation.

Note that the bot account is yours and yours alone. You can always export the private key and import it in your wallet.

General security practices

BYOB takes security very seriously. Bot accounts can only be accessed by sending signed messages from your wallet (Ledger support is coming soon).

Other than this, we rely on AWS' security standards to protect our databases and the site is hosted behind Cloudflare. Of course we implemented the standard SSL, secured connection, etc.