Security & Wallet Auth

MoonSense is built with security-first principles to ensure user trust and data safety. Authentication and session handling follow modern decentralized identity standards.

• Authentication Standard:

  • Implements EIP-4361: Sign-In with Ethereum (SIWE).

  • Users authenticate by signing a nonce-based message with their wallet (MetaMask, WalletConnect, Coinbase Wallet, etc.).

  • This ensures login is non-custodial and requires no password storage.

• Key Security Features:

  1. No Private Keys Stored: MoonSense never stores, transmits, or has access to user private keys. Only public wallet addresses are recorded for identification.

  2. Session Management: After successful login, a short-lived JWT (JSON Web Token) is generated and tied to the wallet address. This allows secure session handling without exposing sensitive keys.

  3. Replay Attack Prevention: Nonces are unique and expire after a single use, preventing signature replay attacks.

  4. Encryption: All API requests and responses use TLS 1.3 encryption to safeguard data in transit.

  5. User Data Privacy: Only essential wallet-related data (address, session tokens, and watchlists) are stored. Personal information is never required.

• Supported Wallets (Initial Phase):

  • MetaMask

  • WalletConnect (supporting multiple wallets)

  • Coinbase Wallet

Future expansion will include Phantom (for Solana) and multi-chain logins.