Wallet integration safety checklist
Foundational · 6 min read
Guardrails for wallet integrations with no custody, no keys, and strict prompt hygiene.
No-key policy
Never ask users for seed phrases, private keys, or keystore files. Never store signing material on your servers. If a flow needs a signature, use a standard wallet connect pattern where the user signs in their own wallet.
Prefer read-only public identifiers when a wallet is only used as an account handle.
Permission scopes
Request the minimum capability: message sign for login, not unlimited spend. Document exactly what the dApp can and cannot do. Timeout sessions and re-prompt on sensitive actions.
Prompt sanitization (agents)
Treat wallet addresses, tx hex, and user paste as untrusted text. Do not let model output invoke tools with raw user strings without validation. Separate system instructions from user content.
Consent record
Log what the user agreed to (purpose, network, visibility) and when. Keep logs free of secrets. Offer a revoke / disconnect path.
Checklist
- No private key collection anywhere in UI or API
- Least-privilege wallet permissions
- Agent tools validate addresses and networks
- Consent timestamp stored without secrets