A list of code references that are involved in securing your wallet and signing transactions via the web wallet
The web wallet makes use of Zen.JS for doing sensitive actions which interact with the Zen Protocol, such as: creating, encrypting and decrypting a mnemonic phrase, signing transactions and running smart contracts.
Wallet.js - is the Class for managing the wallet object instance in the browser. When the user logs out or refreshes the page, the local Wallet instance is destroyed and only through the loading page using the correct password to decrypt the wallet is it possible to create a new Wallet instance.
Destroy instance - the destroy function is used to wipe clean the instance of the wallet from the browser session. This happens when logging out of the wallet via the settings page.
Encrypt seed - The user then chooses a password with which the mnemonic phrase is encrypted using the zenjs SecurePhrase.encrypt function, and the encrypted mnemonic phrase is stored in localstorage.
Decrypt seed - If the encrypted mnemonic phrase is present, a user can re-instantiate a wallet instance by providing a correct password and decrypting the seed using the zenjs SecurePhrase.decrypt function.
Send Tx - The zenjs Wallet.send function is used to construct a new transaction.
Execute Contract - zenjs Wallet.executeContract function is used to construct a new contract execution.
secretPhraseStore: used to importWallet and encrypt the mnemonicPhrase so that only the password is the key to unlock the mnemonicPhrase,
unlockWallet: Check password to unlock the wallet we check if the password is the correct key to unlock the mnemonic phrase.
sendTxStore: store the information of the send page and collect the relevant information to send asset to an address, it uses zenjs Wallet.send function
executeContractStore: store the information of the execute contract page and uses this data to uses the zenjs Wallet.executeContract
In localStorage we store the encrypted mnemonic phrase, and never is it stored in plain text.
Only using the correct password is possible to unlock the wallet, when the user logs out or refreshes the page, the local wallet instance is destroyed and only through the loading page is it possible to create a new wallet instance with the seed.