# Security

DeFi wallets are the gateway to decentralized finance. They are essential tools to access DeFi platforms directly, while maintaining your privacy and avoiding intermediaries.

In a nutshell, crypto DeFi wallets are primarily intended to be used as a way to store cryptocurrencies.

It is the same principle as the physical wallets we are used to, except that you can use it to store your digital assets. Notably, DeFi wallets have a higher level of security than physical wallets. In fact, they can only be accessed with a password as well as a key phrase — or seed phrase, usually made up of 12 random words, that helps you to recover access to your wallet.

# Secret key compromise

If your secret key is compromised it was likely done through social engineering. In simple terms, someone tricks you into giving up your password or seed phrase. Typically, someone on Discord will DM you impersonating support or an admin for a well-known collection. For example, (Fake) Gordon at BAYC will ask you to screen share your Metamask and attempt to snap your recovery phrase.

# Fraudulent contracts or marketplace incompetence

This one is often prevented by simply taking a break, grabbing a coffee and verifying what you are signing before just blindly signing every transaction that happens on Metamask.

Always check the transactions, confirming the wrong transaction can drain your wallet

# How did we improve our security?

Most cryptocurrency users are only familiar with single key wallets, often known as externally owned accounts (EOAs). Such accounts include MetaMask, Exodus, Trust Wallet, etc. EOAs are protected by 12 or 24-word “seed phrases,” also known as private keys. If your private key is lost or stolen, you may lose total access to your funds.

As such, single key wallets are not ideal for crypto projects with multiple owners – if the employee trusted with the private key goes rogue or is careless, the funds may be lost forever. Even if a project has a single owner, it’s still ill-advised to manage your funds alone, as there is the possibility of being the single point of failure. The best solution is using a multi-sig wallet, like Safe.

We have three different development teams with different responsibilities. Safe allows us to create wallet that require approval from multiple team members before transaction are executed. We use Gnosis for every team wallet; deployment wallets, treasuries, partnership wallets and so on.

# Wallets and contracts we use

# Team wallets

• Mint Treasury: 0x426B539Ca7F3050438843E51dBc5E2b0faCA3ea2 (2/2 signs)
• Team Wallet: 0xD07CBc187bF453B696864576A7EBe15FE45053Cb (2/2 signs)
• Deployer wallet: cepheusdeployer.eth (0x1D2F71714D19e6298F599ff28109084088CFe547)

# Liquidity and DEX

• Token contract address: not deployed yet
• Liquidity pool contract address: not deployed yet

# NFT collections

• Astrolist DNFT collection: 0x5e1BE81F76e0cfdbBc500cA1c62Cb24b6201B40C

What can we do with them?

These wallets are flexible, we can use them to:

• Manage funds safely – the majority give their consent to move funds around; hence, no single individual can run away with funds.

• Perform sensitive transactions – serious business deals are authenticated by the majority.

• Achieve redundancy – You can still access the wallet via the remaining keys if you lose one key.

The following picture demonstrates the differences between personal, hardware and Safe wallets: