Sally
SALLY
Security

Security model — the honest version

Trust comes from transparency — including about what is still open. Below is what is genuinely strong (and code-backed) and what the internal audit flags as not yet hardened. We do not claim Sally is unconditionally secure.

What is strong (code-backed)verified in source
Key custody (Vault / KEK)
  • Master password → Argon2id wrapping key → a random 32-byte KEK (AES-256-GCM).
  • Private keys & mnemonics live only KEK-encrypted in the DB — never in .env, never in plaintext.
  • The master password is never persisted; a password change only re-wraps the KEK.
Login & transport
  • Transport secret: the browser sends sha256(domain|user|pw); the server never sees the raw password.
  • SIWE sign-in (ecrecover, single-use nonce) — no private key reaches the server.
  • TOTP 2FA (secret wrapped under the vault KEK); root / operator / viewer roles.
  • Boot-guard: the app refuses to start on a default or too-short SECRET_KEY.
Execution safety
  • Policy engine: auto_trade kill-switch, scan_only, per-chain / per-tx caps, allow / denylist, honeypot requirement, trading hours, slippage cap.
  • wallet_guard: external wallets can never sign; cold wallets are never an automation source; automation transfers only go to a known-destination allowlist.
  • MEV protection: private / MEV-RPC broadcast with a public fallback.
  • Emergency lock stops everything (/emergency/stop-all).
Transport hardening
  • TLS, plus CSP / HSTS / X-Frame-Options / nosniff headers.
  • Tight CORS and a LAN-exposure gate — the API is localhost-only by default.
  • DB file chmod 0600 and constant-time X-Secret comparison.
What is still open — we don't hide it

Internal multi-agent audit (AUDIT.md, 2026-06-02)

Figures as of 2026-06-02, manually updated.

0
Critical
14
High · open
20
Medium
24
Low

The high-severity findings mostly sit in fund-safety / execution paths. Representative examples:

  • #4Daily cap does not count sniper / mempool fills → the cap is bypassable.
  • #12auto_trade kill-switch is bypassable via the X-Agent-Id header.
  • #13/agent/transfer ignores the kill-switch and caps.
  • #8Stop-loss fires when price = 0.
  • #6, #7, #14Several paths run with min_out = 0 / unbounded slippage.
  • #11Blocking RPC calls can freeze the event loop.
What this means for you

Until these points are closed, treat automation with caution:

Keep positions small.
Set caps tight.
Use automated paths carefully.
Keep the vault unlocked only when you need it.
Our stance

No financial advice. High risk. The human makes the final decision. Security is presented honestly — strengths and open points. We consider that honesty a feature, not a liability. See the legal & risk disclaimer and the FAQ.

Command palette

Jump to a page or run an action