# Security Blazing App is a secure trading suite for the on-chain trading community, addressing both on-chain and off-chain vulnerabilities to protect user funds. ## **On-Chain Security** ### **Permit2** Blazing App utilizes Permit2 to address vulnerabilities in the ERC20 token approval process. Traditional ERC20 contracts can grant continuous access to user tokens, risking assets like USDT and USDC if a **How Permit2 Works** * **Single-trade access**. Each transaction requires specific authorization for only the exact amount being traded. * **Automatic revocation**. Approval is revoked immediately after each trade, eliminating any continuous connection to tokens. * **Protection**. Even if a router contract is compromised, Permit2 keeps funds secure from unauthorized actions. ## **Off-Chain Security** Blazing’s off-chain security focuses on private key protection, encompassing both infrastructure and platform security. ### **Infrastructure Security** * **Zero-knowledge framework**. Each user’s private key is encrypted separately, ensuring that we do not use a universal master key to prevent any single point of failure. * **Unique master password**. Every user has their master password, which isn’t stored in any database. Instead, we use a separate, secure mechanism. * **Secure enclave**. An isolated environment manages encryption keys, with access restricted to authenticated code only. During transactions, the private key is loaded into memory for a brief period and is immediately erased, thereby eliminating exposure risks. ### **Platform Security** * **Two-Factor Authentication (2FA)**. Adds an extra layer of protection, requiring a second method to access accounts. * **Lock Account**. This feature entirely disconnects access to private keys until reactivated by the user. When Lock Account is enabled, we can’t even sign any transactions on behalf of the user, as we’ve physically removed access to their private keys. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blazingapp.gitbook.io/tutorials/features/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.