Skip to main content

Key Management

Never Expose Private Keys

Never commit private keys or mnemonics to version control, logs, or client-side code.
Bad: 
const mnemonic = "my twelve word mnemonic..."; // ❌ Hardcoded
Good: 
const mnemonic = process.env.MNEMONIC; // ✅ Environment variable

Use Environment Variables

.env
MNEMONIC=your twelve word mnemonic here
PRIVATE_KEY=0x...
MAIN_WALLET_ADDRESS=lfg1...

import "dotenv/config";

const wallet = await LocalWallet.fromMnemonic(process.env.MNEMONIC!, "lfg");

Separate API Keys

Create different API keys for different purposes:
  • Trading: Limited to order placement
  • Withdrawals: Separate key for withdrawals
  • Read-only: For monitoring only

Operational Security

Validate Inputs

function validateOrderSize(size: number, maxSize: number): void {
  if (size <= 0) throw new Error("Size must be positive");
  if (size > maxSize) throw new Error("Size exceeds maximum");
}

Implement Rate Limiting

class RateLimiter {
  private requests: number[] = [];

  async checkLimit(maxRequests: number, windowMs: number): Promise<void> {
    const now = Date.now();
    this.requests = this.requests.filter((t) => t > now - windowMs);

    if (this.requests.length >= maxRequests) {
      throw new Error("Rate limit exceeded");
    }

    this.requests.push(now);
  }
}

Monitor Margin Health

async function checkMarginHealth(client: CompositeClient, address: string) {
  const account = await client.indexerClient.account.getParentSubaccount(
    address,
    0
  );
  const equity = parseFloat(account.subaccount.equity);
  const freeCollateral = parseFloat(account.subaccount.freeCollateral);
  const marginRatio = (freeCollateral / equity) * 100;

  if (marginRatio < 10) {
    // Alert: High liquidation risk
    console.error("⚠️ HIGH LIQUIDATION RISK");
  }
}

Network Security

Use HTTPS Endpoints

Always use HTTPS for API endpoints: 
const indexerConfig = new IndexerConfig(
  "https://indexer.lfg.land/v4", // ✅ HTTPS
  "wss://indexer.lfg.land/v4/ws" // ✅ WSS
);

Verify TLS Certificates

Ensure your environment verifies TLS certificates (enabled by default in Node.js).

Error Handling

Handle errors gracefully

Wallets Guide

Secure wallet management