CryptoLegacy: Security-first Approach to Recovery and Inheritance

CryptoLegacy was developed with a security-first approach from day one.

CryptoLegacy Smart Contracts Security

• CryptoLegacy has successfully passed three independent security audits(currently undergoing).

• The DAO will soon provide a bug bounty program on Immunefi.

• You are the sole Owner of your personal CryptoLegacy contract and fully control all admin functions, such as ownership transfer, pause/unpause, and token approvals. Even if other contracts or their multisig owners are compromised (which is highly unlikely), your assets and the distribution or recovery process will remain completely safe because your contract does not rely on external calls.

• Your personal smart contract does not store assets - they remain safely in your wallet, only approved for transfer. Assets can only be transferred by Beneficiaries after a designated timeout and challenge expiration, or by trusted Guardians upon reaching the multisig threshold (also with optional challenge timeouts).

• Your personal smart contract follows the Diamond Standard (EIP-2535), meaning only you can add, remove, replace, or update its Plugins (facets). All Plugins are pre-approved through the Plugin Registry by the DAO multisig, supported by onboarded security firms and partner protocols.

• You interact exclusively with the Build Manager (to create new contracts), the Fee Registry (to lock NFTs), and your personal CryptoLegacy contract. Always verify addresses to stay protected from phishing attacks.

• A dedicated transaction-checking application hosted on GitHub Pages and Tenderly transaction simulations are currently being developed for additional security.

• All smart contracts, except the Fee Registry, are non-proxied for enhanced security.

• All external calls from the CryptoLegacy contract during normal period and distribution use a try/catch pattern and a gas limit. This guarantees that funds won’t get locked if an external contract is compromised and modified with malicious code designed to increase gas consumption.

• Asset claims by Beneficiaries are protected from attacks involving malicious code replacements designed to increase fees. During distribution, the fee amount is set in the UI and provided as a function argument.

CryptoLegacy UI Security

CryptoLegacy's interface is secured using Cloudflare, offering robust protection against DNS spoofing, cache poisoning, and MitM attacks. For maximum security, you can easily run CryptoLegacy self-hosted, with clear step-by-step instructions provided.

CryptoLegacy Infrastructure Dependencies

CryptoLegacy uses project RPCs, SubQuery indexers, and APIs, but these can be overridden anytime through the settings. This ensures that dApp operates smoothly under any circumstances. Additionally, CryptoLegacy will be hosted on decentralized platforms like IPFS and Arweave.