πŸ”’Vault

Non-Custodial

When you sign up as an ether.fi Member, a Turnkey signer is automatically created for your account. This Turnkey signer serves as the owner of your Vault and can only be accessed by you β€” never by ether.fi nor TurnKey.

We work with Turnkey to provide secure, non-custodial key management. It removes the need to rely on phishable seed phrases, employ familiar authentication methods, and are more deeply embedded into our application for a seamless user experience. Signing onchain transactions with your in-app wallets requires explicit, cryptographic authentication using your {passkey, email address, or social login}.

Turnkey uses AWS Nitro secure enclaves, a type of tamper-proof Trusted Execution Environment (TEE), for all sensitive operations. Private keys are never decrypted outside these enclaves, and only you can authorize key usage with your credentials. It has also implemented stringent protocols to prevent individual engineers from altering enclave code, ensuring a secure end-to-end deployment process.

For more details, see Turnkey’s security documentation here.

Security Architecture

Multisig Protection

ether.fi's Vault implements a multisignature (multisig) security model:

  • Your Vault could have multiple owners, each with their own unique signature

  • You've established a signature thresholdβ€”the minimum number of required owner signatures to authorize any transaction

  • For example, if your Vault has 3 owners with a threshold of 2, any transaction on the Vault requires approval from at least 2 of these 3 owners

  • The owners could also authorize some users as admins to the Vault who could carry out certain operations on their own.

  • Each owner is by default an admin

Managing Your Vault's Ownership Structure

As a Vault owner, you can:

  • Add new owners to your Vault

  • Remove existing owners from your Vault

  • Adjust your signature threshold to increase or decrease security requirements

  • View the current ownership structure and signature requirements

Any changes to your Vault's ownership or threshold settings require transaction approval according to your current threshold requirements.

Modularity

Your Vault can connect with modulesβ€”specialized smart contracts that extend your Vault's functionality while maintaining its security.

Your Module Options

Your Vault comes with several pre-configured modules:

  1. Default Modules (automatically available):

    • EtherFi Cash Module: Core neo-bank functionalities

    • EtherFi Stake Module: Participate in EtherFi Stake and let your funds work for you

    • EtherFi Liquid Module: Put your funds to autopilot using EtherFi Liquid vaults

    • OpenOcean Swap Module: Integration for token swapping

  2. Additional Whitelisted Modules:

    • Additional modules reviewed and whitelisted by EtherFi

    • You must explicitly authorize these modules with owners threshold signature before they can interact with your Vault

Module Security Protocols

To protect your assets:

  • EtherFi maintains a strict module whitelisting process

  • Only modules that have passed security reviews can be added to the whitelist

  • You maintain full control over which whitelisted modules can interact with your Vault

  • Only EtherFi can designate default modules that are available to all users

Configuring Your Vault's Modules

To add a whitelisted module to your Vault:

  1. Confirm the module appears on EtherFi's official whitelist

  2. Initiate a module authorization transaction

  3. Collect the required number of owner signatures according to your threshold

  4. Once authorized, the module can interact with your Vault according to its defined permissions

Recovery

Your Vault includes a sophisticated recovery system that balances security with practical recovery options.

Your Default Recovery Configuration

Your Vault is initially configured with:

  • Two designated recovery signers:

    1. An EtherFi corporate signer

    2. A trusted third-party signer selected by EtherFi

  • A recovery threshold requiring approval from both signers

Customizing Your Recovery Settings

As a Vault owner, you have complete control over your recovery system:

  • Replace Recovery Signers: Designate your own trusted contacts as recovery signers

  • Adjust Recovery Threshold: Set how many recovery signatures are required to initiate recovery

  • Expand Your Recovery Network: Add additional recovery signers for enhanced security

  • Disable Recovery: You can disable the recovery feature entirely if you prefer

All recovery setting changes require approval according to your Vault's current owner threshold.

The Recovery Process Timeline

If you need to recover your Vault:

  1. Your designated recovery signers must approve the recovery action according to your recovery threshold

  2. Upon approval, a mandatory 3-day timelock period begins

  3. During this timelock period, any of your Vault's original owners can cancel the recovery process

  4. If the recovery isn't cancelled, the new ownership configuration takes effect after the timelock expires

The Importance of Your Timelock Period

The 3-day timelock provides critical protection:

  • Gives you time to respond if unauthorized recovery is attempted

  • Allows cancellation of mistaken or malicious recovery attempts

  • Provides necessary notice to all stakeholders before ownership changes

Managing or Disabling Recovery

While recovery provides important security benefits, you may modify or disable it:

  1. Initiate a transaction to update recovery settings or disable the feature

  2. Gather the required signatures from Vault owners according to your threshold

  3. If you disable recovery, consider implementing alternative backup access methods

PreviousTechnical DocumentationNextCash Modules

Last updated