Security
Last updated
Last updated
Blazing App is a secure trading suite designed for the on-chain trading community. Built with security as a foundation, Blazing App addresses both on-chain and off-chain vulnerabilities to ensure user funds are protected.
Blazing App uses Permit2 to fix vulnerabilities in the standard ERC20 token approval process. With the typical ERC20 setup, smart contracts get ongoing access to user tokens, which exposes assets like USDT and USDC if a router contract is compromised.
How Permit2 Works
Single-trade access. Each transaction requires specific authorization for only the exact amount being traded.
Automatic revocation. Approval is revoked immediately after each trade, eliminating any continuous connection to tokens.
Protection. Even if a router contract is compromised, Permit2 keeps funds secure from unauthorized actions.
Nearly 98% of competitor breaches have resulted from vulnerabilities in this approval process. Permit2 solves this problem by making each transaction secure.
Blazing’s off-chain security focuses on private key protection. This includes both infrastructure and platform security.
Zero-knowledge framework. Each user’s private key is encrypted separately. We do not use a universal master key to prevent any single point of failure.
Unique master password. Every user has their own master password, which isn’t stored in any database. Instead, we use a separate, secure mechanism.
Secure enclave. An isolated environment manages encryption keys, with access restricted to authenticated code only. During transactions, the private key is loaded into memory for nanoseconds and is immediately erased, eliminating exposure risks.
Two-Factor Authentication (2FA). Adds an extra layer of protection, requiring a second method to access accounts.
Lock Account. Fully disconnects access to private keys until reactivated by the user. When Lock Account is enabled, even we can’t sign any transactions on behalf of the user, as we’ve physically removed access to their private keys.
